Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Infecté par win32/heur

Dernière réponse le 7 jun 2009 à 11:43:20 volavoil, le 31 mai 2009 à 17:41:49

Signaler ce message aux modérateurs

Bonjour,
depuis hier, avg m indique que je suis infecté par win32/heur. Je n arrive pas à virer ce virus et je ne sais pas si il y a un lien de cause a effet, nero ne reconnait plus mon graveur, et chose etrange quand je met un dvd vierge dans celui ci, je ne peux plus ouvrir le tiroir car il m est indiqué que mon lecteur est en cours d utilisation...
Comment me debarrasser de win32/heur ?
Merci:

Ps: c est mon premier cas d infection donc n hesitez pas a m indiquer les logiciels a utiliser et quel rapport vous envoyer!

Configuration: Windows Vista
Firefox 3.0.10

Meilleures réponses pour « infecté par win32/heur » dans :

Virus infection WIN 32 trojan-gen (Résolu) Voir

Virus win 32 (Résolu) Voir

Infecté par Win 32:Rjump[wrm] (Résolu) Voir

Infecté par WIN 32/Agent.BCK cheval de troie (Résolu) Voir

Infecté par Win 32 Agent-ANR (Résolu) Voir

Infectée par win 32 Troja (Résolu) Voir

Posez votre question Répondre

Destrio5, le 31 mai 2009 à 17:43:56

Bonjour,

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

jacques.gache, le 31 mai 2009 à 17:45:16

Bonjour, je retire mon intervention et te laisses avec destrio5, @+
Attention !! la surmultiplication de logiciels de sécurité ne
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

Répondre à jacques.gache

volavoil, le 31 mai 2009 à 18:00:49

Voici le rapport log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-31 17:58:50
Microsoft® Windows Vista™ Édition Intégrale Service Pack 2
System drive C: has 7 GB (24%) free of 30 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:03, on 31/05/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
D:\programme\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\programme\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrateur\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://unattendshare.free.fr/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\programme\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: RocketDock -.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Look 'n' Stop Service (lnssvcVista) - Unknown owner - C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe
End of file - 8219 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-18 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-30 7289376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-18 1947928]
"Look 'n' Stop"=C:\Program Files\Soft4Ever\looknstop\looknstop.exe [2009-05-17 557056]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=D:\programme\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-03 1233920]
"DAEMON Tools Lite"=D:\programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-04-14 135680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
RocketDock -.lnk - C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2009-04-12 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableInstallerDetection"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-31 17:58:51 ----D---- C:\Program Files\trend micro
2009-05-31 17:58:50 ----D---- C:\rsit
2009-05-31 17:13:38 ----D---- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
2009-05-31 17:13:32 ----D---- C:\ProgramData\Malwarebytes
2009-05-31 16:50:46 ----D---- C:\Windows\Minidump
2009-05-31 16:49:33 ----D---- C:\Windows\ERDNT
2009-05-31 16:49:32 ----SD---- C:\ComboFix
2009-05-31 16:49:32 ----A---- C:\Windows\system32\CF7470.exe
2009-05-31 16:49:27 ----A---- C:\Windows\system32\swsc.exe
2009-05-31 16:49:23 ----D---- C:\Qoobox
2009-05-31 16:49:20 ----A---- C:\Bug.txt
2009-05-31 16:49:18 ----A---- C:\Windows\system32\cmd.execf
2009-05-30 14:05:41 ----HD---- C:\$AVG8.VAULT$
2009-05-30 03:46:54 ----A---- C:\Iexplor179.exe
2009-05-28 22:47:50 ----A---- C:\Iexplor171.exe
2009-05-28 20:17:15 ----D---- C:\Program Files\Microsoft Works
2009-05-28 20:16:37 ----D---- C:\Program Files\Microsoft Visual Studio
2009-05-28 20:16:37 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-28 20:16:06 ----D---- C:\Windows\PCHEALTH
2009-05-28 20:16:06 ----D---- C:\Program Files\Microsoft.NET
2009-05-28 20:14:10 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-05-28 20:13:27 ----D---- C:\Program Files\Microsoft Office
2009-05-28 20:13:26 ----D---- C:\ProgramData\Microsoft Help
2009-05-28 20:10:50 ----RHD---- C:\MSOCache
2009-05-21 18:45:50 ----D---- C:\Users\Administrateur\AppData\Roaming\Nero
2009-05-21 18:32:30 ----D---- C:\ProgramData\SlySoft
2009-05-21 18:29:10 ----D---- C:\ProgramData\DVD Shrink
2009-05-18 22:31:29 ----D---- C:\Users\Administrateur\AppData\Roaming\Yahoo!
2009-05-18 22:31:29 ----D---- C:\ProgramData\Yahoo! Companion
2009-05-18 21:39:32 ----D---- C:\Users\Administrateur\AppData\Roaming\uTorrent
2009-05-18 19:28:48 ----D---- C:\Program Files\Microsoft WSE
2009-05-18 19:23:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-18 19:17:45 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-05-18 19:17:40 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-05-18 19:14:05 ----D---- C:\Users\Administrateur\AppData\Roaming\DAEMON Tools Lite
2009-05-17 17:12:49 ----D---- C:\ProgramData\WindowsSearch
2009-05-17 17:08:20 ----D---- C:\Users\Administrateur\AppData\Roaming\Media Player Classic
2009-05-17 15:28:09 ----D---- C:\Users\Administrateur\AppData\Roaming\Apple Computer
2009-05-17 15:28:02 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-17 15:28:02 ----A---- C:\Windows\system32\GEARAspi.dll
2009-05-17 15:27:51 ----D---- C:\Program Files\iPod
2009-05-17 15:27:50 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-17 15:26:47 ----D---- C:\Program Files\Common Files\Apple
2009-05-17 15:23:16 ----D---- C:\Program Files\Bonjour
2009-05-17 15:22:51 ----D---- C:\ProgramData\Apple Computer
2009-05-17 15:22:51 ----D---- C:\Program Files\QuickTime
2009-05-17 15:22:40 ----D---- C:\ProgramData\Apple
2009-05-17 15:22:40 ----D---- C:\Program Files\Apple Software Update
2009-05-17 15:04:58 ----D---- C:\ProgramData\FLEXnet
2009-05-17 14:43:26 ----D---- C:\Windows\system32\appmgmt
2009-05-17 13:56:20 ----D---- C:\ProgramData\ALM
2009-05-17 13:41:37 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-05-17 13:16:01 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-05-17 13:07:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-17 13:04:08 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-17 12:54:50 ----A---- C:\Windows\system32\fwapi.dll
2009-05-17 12:53:30 ----D---- C:\Program Files\Soft4Ever
2009-05-17 12:37:29 ----D---- C:\Program Files\NewsBin
2009-05-17 12:28:29 ----D---- C:\Users\Administrateur\AppData\Roaming\NewsBin
2009-05-17 12:28:29 ----D---- C:\ProgramData\NewsBin
2009-05-17 12:19:45 ----D---- C:\Users\Administrateur\AppData\Roaming\GrabIt
2009-05-17 12:12:00 ----D---- C:\Program Files\GrabIt
2009-05-17 12:07:21 ----D---- C:\Users\Administrateur\AppData\Roaming\Adobe
2009-05-16 23:43:28 ----D---- C:\Users\Administrateur\AppData\Roaming\WinRAR
2009-05-16 23:31:28 ----D---- C:\Program Files\Sunbelt Software
2009-05-16 23:19:15 ----D---- C:\Users\Administrateur\AppData\Roaming\Thunderbird
2009-05-16 22:52:12 ----D---- C:\Users\Administrateur\AppData\Roaming\ATI
2009-05-16 22:52:12 ----D---- C:\ProgramData\ATI
2009-05-16 22:41:27 ----D---- C:\Program Files\Mozilla Thunderbird
2009-05-16 22:34:35 ----A---- C:\Windows\system32\avgrsstx.dll
2009-05-16 22:34:25 ----D---- C:\ProgramData\avg8
2009-05-16 22:34:25 ----D---- C:\Program Files\AVG
2009-05-16 22:29:34 ----D---- C:\Users\Administrateur\AppData\Roaming\Macromedia
2009-05-16 22:27:21 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-05-16 22:26:16 ----D---- C:\Program Files\ATI
2009-05-16 22:26:10 ----D---- C:\Program Files\ATI Technologies
2009-05-16 22:26:03 ----A---- C:\Windows\system32\Oemdspif.dll
2009-05-16 22:26:03 ----A---- C:\Windows\system32\atiumdva.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atiumdag.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atitmmxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atipdlxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atioglxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\Ati2evxx.exe
2009-05-16 22:26:02 ----A---- C:\Windows\system32\Ati2evxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\ati2edxx.dll
2009-05-16 22:19:52 ----D---- C:\WPI
2009-05-16 22:19:48 ----A---- C:\Windows\RtlUpd.exe
2009-05-16 22:19:48 ----A---- C:\Windows\RtHDVCpl.exe
2009-05-16 22:19:47 ----D---- C:\drivers
2009-05-16 22:14:40 ----A---- C:\Windows\ntbtlog.txt
2009-05-16 22:12:55 ----A---- C:\Windows\system32\notepad.original.exe
2009-05-16 22:12:55 ----A---- C:\Windows\notepad.original.exe
2009-05-16 22:12:54 ----D---- C:\Users\Administrateur\AppData\Roaming\Notepad++
2009-05-16 22:12:54 ----D---- C:\Program Files\Notepad++
2009-05-16 22:12:48 ----D---- C:\Users\Administrateur\AppData\Roaming\Mozilla
2009-05-16 22:12:38 ----A---- C:\Windows\system32\javaws.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\javaw.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\java.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\deploytk.dll
2009-05-16 22:12:29 ----D---- C:\Program Files\Java
2009-05-16 22:12:20 ----D---- C:\Program Files\HashTab Shell Extension
2009-05-16 22:12:19 ----D---- C:\Program Files\FileZilla
2009-05-16 22:12:18 ----D---- C:\Program Files\PowerISO
2009-05-16 22:12:03 ----D---- C:\ProgramData\Adobe
2009-05-16 22:12:00 ----D---- C:\Program Files\Common Files\Adobe
2009-05-16 22:12:00 ----D---- C:\Program Files\Adobe
2009-05-16 22:11:34 ----D---- C:\Program Files\Xtremsplit
2009-05-16 22:11:33 ----D---- C:\Program Files\WinRAR
2009-05-16 22:11:31 ----D---- C:\Program Files\Messenger Plus! Live
2009-05-16 22:11:09 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 22:11:06 ----D---- C:\Program Files\Microsoft
2009-05-16 22:10:45 ----D---- C:\Program Files\Windows Live
2009-05-16 22:10:37 ----D---- C:\Program Files\Resource Hacker
2009-05-16 22:10:37 ----A---- C:\Windows\unvise32.exe
2009-05-16 22:10:34 ----D---- C:\Program Files\QuickPar
2009-05-16 22:10:29 ----A---- C:\Windows\system32\unrar.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\rmoc3260.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pndx5032.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pndx5016.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pncrt.dll
2009-05-16 22:10:29 ----A---- C:\Windows\avisplitter.ini
2009-05-16 22:10:26 ----A---- C:\Windows\system32\yv12vfw.dll
2009-05-16 22:10:26 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\xvidvfw.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\qt-dx331.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\dpl100.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\divx.dll
2009-05-16 22:10:24 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-05-16 22:10:24 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-16 22:10:23 ----D---- C:\Users\Administrateur\AppData\Roaming\Real
2009-05-16 22:10:23 ----D---- C:\ProgramData\Real
2009-05-16 22:10:23 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-16 22:10:23 ----A---- C:\Windows\system32\msvcr71.dll
2009-05-16 22:10:23 ----A---- C:\Windows\system32\msvcp71.dll
2009-05-16 22:10:17 ----D---- C:\Program Files\Yahoo!
2009-05-16 22:10:12 ----D---- C:\ProgramData\ACD Systems
2009-05-16 22:10:10 ----D---- C:\Program Files\Common Files\ACD Systems
2009-05-16 22:10:10 ----D---- C:\Program Files\ACD Systems
2009-05-16 22:09:50 ----AD---- C:\WPI_Audio
2009-05-16 22:09:49 ----A---- C:\WPI_Log_2009.05.16_22.09.49.txt
2009-05-16 22:09:49 ----A---- C:\rb_config.js
2009-05-16 22:09:49 ----A---- C:\history.js
2009-05-16 22:06:34 ----D---- C:\Program Files\System
2009-05-16 22:06:11 ----A---- C:\Windows\Wordpad_2009.exe
2009-05-16 22:06:11 ----A---- C:\Windows\Windows 7_Calculator.exe
2009-05-16 22:05:54 ----D---- C:\ProgramData\Nero
2009-05-16 22:05:54 ----D---- C:\Program Files\Nero
2009-05-16 22:05:54 ----D---- C:\Program Files\Common Files\Nero
2009-05-16 22:05:30 ----D---- C:\Program Files\7-Zip
2009-05-16 22:05:29 ----D---- C:\Windows\system32\Macromed
2009-05-16 22:05:28 ----D---- C:\Program Files\Mozilla Firefox
2009-05-16 21:43:24 ----SD---- C:\Users\Administrateur\AppData\Roaming\Microsoft
2009-05-16 21:43:24 ----D---- C:\Users\Administrateur\AppData\Roaming\Media Center Programs
2009-05-16 21:42:55 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-16 21:42:50 ----SHD---- C:\Windows\Installer
2009-05-16 21:42:32 ----D---- C:\Program Files\Notepad2
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Modèles
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Menu Démarrer
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Favoris
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Documents
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Bureau
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Application Data
2009-05-16 21:40:43 ----SHD---- C:\Program Files\Fichiers communs
2009-05-16 21:40:43 ----SHD---- C:\Documents and Settings
2009-05-16 21:33:10 ----D---- C:\Windows\system32\RTCOM
2009-05-16 21:33:10 ----D---- C:\Program Files\Realtek
2009-05-16 21:25:35 ----D---- C:\Windows\SoftwareDistribution
2009-05-16 21:23:32 ----SHD---- C:\System Volume Information
2009-05-16 21:23:28 ----D---- C:\Windows\CSC

======List of files/folders modified in the last 1 months======

2009-05-31 17:58:53 ----D---- C:\Windows\Temp
2009-05-31 17:58:51 ----RD---- C:\Program Files
2009-05-31 17:57:02 ----D---- C:\Windows\System32
2009-05-31 17:33:12 ----D---- C:\Windows\inf
2009-05-31 17:33:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-31 17:25:48 ----D---- C:\Windows\system32\WDI
2009-05-31 17:23:42 ----D---- C:\Windows
2009-05-31 17:13:35 ----D---- C:\Windows\Prefetch
2009-05-31 17:13:34 ----D---- C:\Windows\system32\drivers
2009-05-31 17:13:32 ----HD---- C:\ProgramData
2009-05-31 17:02:07 ----D---- C:\Windows\Microsoft.NET
2009-05-31 16:57:54 ----D---- C:\Program Files\Common Files
2009-05-31 16:49:32 ----D---- C:\Windows\system32\fr-FR
2009-05-31 16:25:46 ----D---- C:\Windows\winsxs
2009-05-28 20:18:19 ----RSD---- C:\Windows\assembly
2009-05-28 20:17:06 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-28 20:16:52 ----D---- C:\Program Files\MSBuild
2009-05-28 20:16:32 ----D---- C:\Windows\ShellNew
2009-05-28 20:16:13 ----RSD---- C:\Windows\Fonts
2009-05-28 20:16:06 ----SD---- C:\ProgramData\Microsoft
2009-05-28 20:13:53 ----A---- C:\Windows\win.ini
2009-05-28 20:13:50 ----D---- C:\Program Files\Common Files\System
2009-05-26 06:47:40 ----D---- C:\Windows\system32\catroot2
2009-05-25 21:28:26 ----SD---- C:\Windows\Downloaded Program Files
2009-05-23 11:05:42 ----D---- C:\Windows\system32\NDF
2009-05-17 20:10:12 ----D---- C:\Windows\Logs
2009-05-17 15:28:02 ----D---- C:\Windows\system32\catroot
2009-05-17 15:23:10 ----D---- C:\Program Files\Internet Explorer
2009-05-17 15:22:42 ----D---- C:\Windows\system32\Tasks
2009-05-16 22:07:53 ----SHD---- C:\$Recycle.Bin
2009-05-16 22:06:34 ----D---- C:\Windows\Help
2009-05-16 21:43:24 ----RD---- C:\Users
2009-05-16 21:42:32 ----D---- C:\Windows\system32\restore
2009-05-16 21:42:31 ----D---- C:\Windows\system32\ShellExt
2009-05-16 21:42:30 ----D---- C:\Windows\system32\en-US
2009-05-16 21:42:28 ----RSD---- C:\Windows\Media
2009-05-16 21:42:28 ----D---- C:\Windows\system32\zh-TW
2009-05-16 21:42:28 ----D---- C:\Windows\system32\zh-CN
2009-05-16 21:42:28 ----D---- C:\Windows\system32\uk-UA
2009-05-16 21:42:28 ----D---- C:\Windows\system32\tr-TR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\th-TH
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sv-SE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sl-SI
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sk-SK
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ru-RU
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ro-RO
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pt-PT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pt-BR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pl-PL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\nl-NL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\nb-NO
2009-05-16 21:42:28 ----D---- C:\Windows\system32\lv-LV
2009-05-16 21:42:28 ----D---- C:\Windows\system32\lt-LT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ko-KR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ja-JP
2009-05-16 21:42:28 ----D---- C:\Windows\system32\it-IT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\hu-HU
2009-05-16 21:42:28 ----D---- C:\Windows\system32\hr-HR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\he-IL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\fi-FI
2009-05-16 21:42:28 ----D---- C:\Windows\system32\et-EE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\es-ES
2009-05-16 21:42:28 ----D---- C:\Windows\system32\el-GR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\de-DE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\da-DK
2009-05-16 21:42:28 ----D---- C:\Windows\system32\cs-CZ
2009-05-16 21:42:28 ----D---- C:\Windows\system32\bg-BG
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ar-SA
2009-05-16 21:40:57 ----D---- C:\Windows\rescache
2009-05-16 21:40:43 ----D---- C:\Program Files\Windows NT
2009-05-16 21:40:42 ----D---- C:\Windows\Debug
2009-05-16 21:37:30 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-18 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-18 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-18 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-03 351744]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 lnsfw1;lnsfw1; C:\Windows\system32\drivers\lnsfw1.sys [2009-05-17 79232]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-05-10 103872]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608]
R3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-30 2350624]
R3 SFilter;Look 'n' Stop Driver; C:\Windows\system32\DRIVERS\lnsfw.sys [2009-05-17 58232]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 az98u5nq;az98u5nq; C:\Windows\system32\drivers\az98u5nq.sys []
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-03 22528]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-03 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-03 29696]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-03 236544]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-05-26 40160]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PROCEXP90;PROCEXP90; \??\C:\Windows\system32\Drivers\PROCEXP90.SYS []
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-03 148992]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 btwrchid;btwrchid; C:\Windows\system32\drivers\btwrchid.sys [2007-07-16 16168]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-03 89088]
S4 USB_FPRd;FingerPrinterReader; C:\Windows\system32\drivers\ut_fprd.sys [2007-02-13 16128]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-14 610304]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-18 908568]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-18 298776]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 lnssvcVista;Look 'n' Stop Service; C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe [2009-05-17 14848]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-17 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-03 918528]

-----------------EOF-----------------

et le rapport info

info.txt logfile of random's system information tool 1.06 2009-05-31 17:59:05

======Uninstall list======

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}
Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AnyDVD-->"D:\programme\AnyDVD\AnyDVD-uninst.exe" /D="D:\programme\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DVD Decrypter (Remove Only)-->"D:\programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"D:\programme\DVD Shrink\unins000.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
HashCheck Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\Windows\system32\ShellExt\HashCheck.dll"
HashTab 1.14 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
iGnuteel 0.8.0-->"D:\programme\iGnuteel\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Kels' Vista CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
K-Lite Mega Codec Pack 4.3.1-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x040c -removeonly
Look 'n' Stop 2.06p3-->"C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -uninst
Malwarebytes' Anti-Malware-->"D:\programme\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Modèles de sons Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsBin Pro-->C:\Program Files\NewsBin\uninst.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Notepad2 (modified)-->rundll32.exe advpack.dll,LaunchINFSectionEx "C:\Program Files\Notepad2\Uninstall.inf",DefaultUninstall,,8,N
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickPar 0.9-->D:\programme\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RAR Password Cracker 4.12-->D:\programme\RAR Password Cracker\uninstall.exe
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Resource Hacker-->C:\Windows\unvise32.exe C:\Program Files\Resource Hacker\uninstal.log
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

FW: Look 'n' Stop 2.06p3 (Soft4Ever)
AS: Windows Defender

======System event log======

Computer Name: WIN-CNDC1JUX9KC
Event Code: 134
Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x9 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
Record Number: 2795
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090516192333.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 134
Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x9 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
Record Number: 2794
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090516192333.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 263
Message: Le service ‘ShellHWDetection’ n'a peut-être pas annulé son inscription aux notifications d’événements de périphériques avant d’être arrêté.
Record Number: 2792
Source Name: PlugPlayManager
Time Written: 20090516192330.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 10010
Message: Le serveur {9E175B6D-F52A-11D8-B9A5-505054503030} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 2707
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090412164330.000000-000
Event Type: Erreur
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 10010
Message: Le serveur {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 2705
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090412163930.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: DINOZZO-I7VATLD
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {ec28a611-a83e-4f7e-a737-b08cf5d3550d}
Record Number: 171
Source Name: VSS
Time Written: 20090516194233.000000-000
Event Type: Erreur
User:

Computer Name: DINOZZO-I7VATLD
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 170
Source Name: Microsoft-Windows-WMI
Time Written: 20090516194152.000000-000
Event Type: Erreur
User:

Computer Name: DINOZZO-I7VATLD
Event Code: 1054
Message: Erreur de composant. hr=0x80049E00, [4, 3]

Record Number: 161
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090516194026.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 153
Source Name: Microsoft-Windows-Search
Time Written: 20090516193733.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 142
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090516192531.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: WIN-CNDC1JUX9KC
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-CNDC1JUX9KC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x260
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 1766
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412163721.842511-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1765
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412163721.717711-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-CNDC1JUX9KC
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-CNDC1JUX9KC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x260
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 1764
Source Name: Microsoft-Wi

Répondre à volavoil

Destrio5, le 31 mai 2009 à 18:04:38

Peux-tu poster le dernier rapport de MBAM ?

Répondre à Destrio5

volavoil, le 31 mai 2009 à 18:13:21

Je viens de lancer l analyse.
J ai lance l analyse profonde... la rapide aurait elle été suffisante ?

Répondre à volavoil

Destrio5, le 31 mai 2009 à 18:14:59

Tu n'avais pas déjà fait un scan ?

Répondre à Destrio5

volavoil, le 31 mai 2009 à 18:23:09

Non, je n avais fait que le scan RSIT
le scan de malware est en cours

Répondre à volavoil

Destrio5, le 31 mai 2009 à 18:23:36

Ok, tu me posteras le rapport.

Répondre à Destrio5

volavoil, le 31 mai 2009 à 18:38:24

Aie
soucis: le scan bugge au bout d une vingtaine de minute (j avais essayé en scan rapide, mais bug aussi)

Répondre à volavoil

Destrio5, le 31 mai 2009 à 18:40:20

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

volavoil, le 31 mai 2009 à 18:55:03

Voici le rapport de combofix
ComboFix 09-05-30.06 - Administrateur 31/05/2009 18:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.2046.1031 [GMT 2:00]
Lancé depuis: d:\téléchargement\ComboFix.exe
FW: Look 'n' Stop 2.06p3 (Soft4Ever) *enabled* {2A530F53-4A99-4EE0-8471-4A00BA4A47B0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\kungsfdnbwecsp.sys
c:\windows\system32\drivers\kungsfdnbwecsp.sys.rmv
c:\windows\system32\kungsfawlxdyoc.dat
c:\windows\system32\kungsfawlxdyoc.dat.rmv
c:\windows\system32\kungsfepvtemes.dat
c:\windows\system32\kungsfkimgdxpx.dll
c:\windows\system32\kungsfkimgdxpx.dll.rmv
c:\windows\system32\kungsftvybitop.dll
c:\windows\system32\kungsftvybitop.dll.rmv

----- BITS: Il y a peut-être des sites infectés -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfiuhcrrrj

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-31 16:50 . 2009-05-31 16:50 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2009-05-31 15:58 . 2009-05-31 15:59 -------- d-----w- c:\program files\trend micro
2009-05-31 15:58 . 2009-05-31 15:59 -------- d-----w- C:\rsit
2009-05-31 15:13 . 2009-05-31 15:13 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes
2009-05-31 15:13 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 15:13 . 2009-05-31 15:13 -------- d-----w- c:\programdata\Malwarebytes
2009-05-31 15:13 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 12:05 . 2009-05-31 16:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-30 01:46 . 2009-05-30 01:46 48640 ----a-w- C:\Iexplor179.exe
2009-05-28 20:47 . 2009-05-28 20:47 25600 ----a-w- C:\Iexplor171.exe
2009-05-28 18:17 . 2009-05-28 18:17 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 18:16 . 2009-05-28 18:16 -------- d-----w- c:\windows\PCHEALTH
2009-05-28 18:16 . 2009-05-28 18:16 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 18:14 . 2009-05-28 18:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-28 18:13 . 2009-05-28 18:13 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Help
2009-05-28 18:13 . 2009-05-28 18:18 -------- d-----w- c:\programdata\Microsoft Help
2009-05-28 18:10 . 2009-05-28 18:10 -------- d--h--r- C:\MSOCache
2009-05-28 17:46 . 2009-05-31 15:49 -------- d-----w- c:\users\Administrateur\AppData\Local\QuickPar
2009-05-27 04:57 . 2009-05-31 16:35 -------- d-----r- c:\users\Public\Recorded TV
2009-05-21 16:45 . 2009-05-21 16:45 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nero
2009-05-21 16:32 . 2009-05-21 16:32 -------- d-----w- c:\programdata\SlySoft
2009-05-21 16:29 . 2009-05-21 16:38 -------- d-----w- c:\programdata\DVD Shrink
2009-05-18 20:31 . 2009-05-18 20:31 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Yahoo!
2009-05-18 20:31 . 2009-05-18 20:31 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-18 19:39 . 2009-05-21 13:59 -------- d-----w- c:\users\Administrateur\AppData\Roaming\uTorrent
2009-05-18 17:28 . 2009-05-18 17:28 10134 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-18 17:28 . 2009-05-18 17:28 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 17:23 . 2009-05-18 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-18 17:14 . 2009-05-18 17:19 -------- d-----w- c:\users\Administrateur\AppData\Roaming\DAEMON Tools Lite
2009-05-18 15:13 . 2009-05-16 20:34 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-05-18 15:13 . 2009-05-16 20:34 12552 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-05-18 15:13 . 2009-05-16 20:34 107912 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-05-18 15:13 . 2009-05-16 20:34 325640 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-05-18 15:13 . 2009-05-16 20:34 485144 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-18 15:13 . 2009-05-16 20:34 27656 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-05-18 15:10 . 2009-05-16 20:34 1057024 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-05-18 15:10 . 2009-05-16 20:34 745240 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-05-18 15:10 . 2009-05-16 20:34 578840 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-05-18 15:10 . 2009-05-16 20:34 1424152 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-05-17 15:12 . 2009-05-17 15:12 -------- d-----w- c:\programdata\WindowsSearch
2009-05-17 15:08 . 2009-05-17 15:08 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Media Player Classic
2009-05-17 13:28 . 2009-05-17 14:33 -------- d-----w- c:\users\Administrateur\AppData\Local\Apple Computer
2009-05-17 13:28 . 2009-05-17 13:34 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Apple Computer
2009-05-17 13:28 . 2009-05-17 13:28 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-17 13:28 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-17 13:28 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-17 13:27 . 2009-05-17 13:27 -------- d-----w- c:\program files\iPod
2009-05-17 13:27 . 2009-05-17 13:28 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-17 13:26 . 2009-05-17 13:27 -------- d-----w- c:\program files\Common Files\Apple
2009-05-17 13:23 . 2009-05-17 13:23 -------- d-----w- c:\program files\Bonjour
2009-05-17 13:22 . 2009-05-17 13:27 -------- d-----w- c:\programdata\Apple Computer
2009-05-17 13:22 . 2009-05-17 13:23 -------- d-----w- c:\program files\QuickTime
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\users\Administrateur\AppData\Local\Apple
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\program files\Apple Software Update
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\programdata\Apple
2009-05-17 13:04 . 2009-05-17 13:04 -------- d-----w- c:\programdata\FLEXnet
2009-05-17 12:38 . 2009-05-17 12:41 -------- d-----w- c:\users\Administrateur\AppData\Local\looknstop
2009-05-17 11:56 . 2009-05-17 11:56 -------- d-----w- c:\programdata\ALM
2009-05-17 11:41 . 2009-05-17 11:41 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-17 11:16 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-05-17 11:07 . 2009-05-17 11:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-17 11:04 . 2009-05-17 11:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-17 10:54 . 2009-05-17 10:54 79232 ----a-w- c:\windows\system32\drivers\lnsfw1.sys
2009-05-17 10:54 . 2009-05-17 10:54 58232 ----a-w- c:\windows\system32\drivers\lnsfw.sys
2009-05-17 10:54 . 2009-05-17 10:54 36864 ----a-w- c:\windows\system32\fwapi.dll
2009-05-17 10:53 . 2009-05-17 10:55 -------- d-----w- c:\program files\Soft4Ever
2009-05-17 10:37 . 2009-05-17 10:38 -------- d-----w- c:\program files\NewsBin
2009-05-17 10:28 . 2009-05-31 15:49 -------- d-----w- c:\users\Administrateur\AppData\Roaming\NewsBin
2009-05-17 10:28 . 2009-05-17 10:28 -------- d-----w- c:\programdata\NewsBin
2009-05-17 10:19 . 2009-05-17 10:26 -------- d-----w- c:\users\Administrateur\AppData\Roaming\GrabIt
2009-05-17 10:12 . 2009-05-17 10:12 -------- d-----w- c:\program files\GrabIt
2009-05-16 21:31 . 2009-05-16 21:31 -------- d-----w- c:\program files\Sunbelt Software
2009-05-16 21:19 . 2009-05-16 21:19 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 21:19 . 2009-05-16 21:35 -------- d-----w- c:\users\Administrateur\AppData\Local\Thunderbird
2009-05-16 21:19 . 2009-05-16 21:19 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Thunderbird
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ATI
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\users\Administrateur\AppData\Local\ATI
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\programdata\ATI
2009-05-16 20:41 . 2009-05-16 20:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-16 20:34 . 2009-05-18 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-16 20:34 . 2009-05-18 15:12 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-16 20:34 . 2009-05-18 15:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-16 20:34 . 2009-05-18 15:12 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-16 20:34 . 2009-05-31 09:47 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-16 20:34 . 2009-05-18 15:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-16 20:34 . 2009-05-31 13:11 -------- d-----w- c:\programdata\avg8
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w- c:\program files\AVG
2009-05-16 20:27 . 2009-05-16 20:27 9158 ----a-w- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-05-16 20:27 . 2009-05-16 20:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w- C:\WPI
2009-05-16 20:19 . 2007-03-01 13:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2009-05-16 20:19 . 2007-01-16 08:39 1191936 ----a-w- c:\windows\RtlUpd.exe
2009-05-16 20:19 . 2009-05-16 20:25 -------- d-----w- C:\drivers
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\users\Administrateur\AppData\Local\Cooliris
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\users\Administrateur\AppData\Local\Mozilla
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Xtremsplit
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Microsoft
2009-05-16 20:09 . 2009-05-31 14:42 -------- d-----w- c:\users\Administrateur\AppData\Local\Downloaded Installations
2009-05-16 20:09 . 2009-05-16 20:09 -------- d---a-w- C:\WPI_Audio
2009-05-16 20:06 . 2009-05-28 19:25 78736 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-16 20:06 . 2009-05-16 20:06 -------- d-----w- c:\program files\System
2009-05-16 20:06 . 2009-03-31 14:21 345670 ----a-w- c:\windows\Windows 7_Calculator.exe
2009-05-16 20:06 . 2009-03-31 02:39 412813 ----a-w- c:\windows\Wordpad_2009.exe
2009-05-16 20:05 . 2008-03-21 23:16 1347584 ----a-w- c:\programdata\Nero\DrWeb\DRWEB32.DLL
2009-05-16 20:05 . 2009-05-31 14:36 -------- d-----w- c:\program files\Common Files\Nero
2009-05-16 20:05 . 2009-05-31 14:30 -------- d-----w- c:\programdata\Nero
2009-05-16 20:05 . 2009-05-31 14:26 -------- d-----w- c:\program files\Nero
2009-05-16 20:05 . 2009-05-16 20:05 -------- d-----w- c:\program files\7-Zip
2009-05-16 20:05 . 2009-05-26 04:46 -------- d-----w- c:\windows\system32\Macromed
2009-05-16 19:42 . 2009-05-16 19:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-16 19:42 . 2009-05-31 15:01 -------- d-sh--w- c:\windows\Installer
2009-05-16 19:42 . 2009-05-18 17:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 19:42 . 2009-05-16 19:42 -------- d-----w- c:\program files\Notepad2
2009-05-16 19:33 . 2009-05-16 21:10 -------- d-----w- c:\windows\system32\RTCOM
2009-05-16 19:33 . 2009-05-16 19:33 -------- d-----w- c:\program files\Realtek
2009-05-09 23:40 . 2009-05-09 23:40 103872 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 16:44 . 2009-04-12 15:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-31 16:44 . 2008-01-21 08:04 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-31 16:44 . 2008-01-21 08:04 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 18:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-05-17 13:31 . 2009-05-17 13:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-17 12:46 . 2009-05-16 20:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 21:42 . 2009-05-16 20:12 -------- d-----w- c:\program files\FileZilla
2009-05-16 20:36 . 2009-05-16 19:43 680 ----a-w- c:\users\Administrateur\AppData\Local\d3d9caps.dat
2009-05-16 20:27 . 2009-05-16 20:26 -------- d-----w- c:\program files\ATI Technologies
2009-05-16 20:26 . 2009-05-16 20:26 -------- d-----w- c:\program files\ATI
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\Notepad++
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Notepad++
2009-05-16 20:12 . 2009-05-16 20:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\Java
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\HashTab Shell Extension
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\PowerISO
2009-05-16 20:11 . 2009-05-16 20:10 -------- d-----w- c:\program files\Windows Live
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Resource Hacker
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\QuickPar
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Yahoo!
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\programdata\ACD Systems
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\ACD Systems
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Modèles
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Favoris
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Documents
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Bureau
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\program files\Fichiers communs
2009-05-16 19:27 . 2009-05-16 19:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-19 12:12 . 2009-04-19 12:12 -------- d-----w- c:\program files\CCleaner
2009-04-19 12:11 . 2009-04-19 12:11 -------- d-----w- c:\program files\uTorrent
2009-04-19 08:41 . 2006-11-02 07:26 30051328 ----a-w- c:\windows\system32\imageres.dll
2009-04-17 11:49 . 2009-04-17 13:09 -------- d-----w- c:\program files\IconWorkshopPortable
2009-04-17 11:49 . 2009-04-17 13:10 -------- d-----w- c:\program files\RocketDock
2009-04-17 11:49 . 2009-04-17 13:09 -------- d-----w- c:\program files\Diskeeper
2009-04-17 11:48 . 2009-04-17 13:09 -------- d-----w- c:\program files\PhotoshopPortable
2009-04-17 11:47 . 2009-04-17 13:09 -------- d-----w- c:\program files\NeroPortable
2009-04-14 18:21 . 2009-04-14 18:21 705024 ----a-w- c:\windows\system32\sbe.dll
2009-04-14 18:19 . 2009-04-14 18:19 604672 ----a-w- c:\windows\system32\CPFilters.dll
2009-04-14 18:19 . 2009-04-14 18:19 450048 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-14 18:19 . 2009-04-14 18:19 153088 ----a-w- c:\windows\system32\sbeio.dll
2009-04-14 18:05 . 2009-04-14 18:05 -------- d-----w- c:\program files\Hyper-V
2009-04-14 18:05 . 2009-04-14 18:05 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-04-14 18:05 . 2009-04-14 18:05 43544 ----a-w- c:\windows\system32\wups2.dll
2009-04-14 18:05 . 2009-04-14 18:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-04-14 18:05 . 2009-04-14 18:05 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-04-14 18:05 . 2009-04-14 18:05 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-04-14 18:05 . 2009-04-14 18:05 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-04-14 18:05 . 2009-04-14 18:05 34328 ----a-w- c:\windows\system32\wups.dll
2009-04-14 18:05 . 2009-04-14 18:05 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-04-14 18:05 . 2009-04-14 18:05 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-04-14 18:04 . 2009-04-14 18:04 762880 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2009-04-14 18:00 . 2009-04-14 18:00 2198528 ----a-w- c:\windows\system32\MSVidCtl.dll
2009-04-14 18:00 . 2009-04-14 18:00 53248 ----a-w- c:\windows\system32\Mcx2Svc.dll
2009-04-14 18:00 . 2009-04-14 18:00 140288 ----a-w- c:\windows\system32\iTVData.dll
2009-04-14 18:00 . 2009-04-14 18:00 65024 ----a-w- c:\windows\system32\cca.dll
2009-04-14 18:00 . 2009-04-14 18:00 65536 ----a-w- c:\windows\system32\sberes.dll
2009-04-14 18:00 . 2009-04-14 18:00 357376 ----a-w- c:\windows\system32\msdri.dll
2009-04-14 18:00 . 2009-04-14 18:00 27136 ----a-w- c:\windows\system32\tvratings.dll
2009-04-14 18:00 . 2009-04-14 18:00 657408 ----a-w- c:\windows\system32\MSDTVADEC.DLL
2009-04-14 18:00 . 2009-04-14 18:00 413208 ----a-w- c:\windows\system32\MCEWMDRMNDBootstrap.dll
2009-04-14 18:00 . 2009-04-14 18:00 86016 ----a-w- c:\windows\system32\mcsrchPH.dll
2009-04-14 17:55 . 2009-04-14 17:55 44032 ----a-w- c:\windows\system32\vmclusex.dll
2009-04-14 17:55 . 2009-04-14 17:55 140288 ----a-w- c:\windows\system32\RemoteFileBrowse.dll
2009-04-14 17:54 . 2009-04-14 17:54 12288 ----a-w- c:\windows\system32\rsatclient.dll
2009-04-14 17:52 . 2009-04-14 17:52 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2009-04-14 17:52 . 2009-04-14 17:52 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2009-04-14 17:52 . 2009-04-14 17:52 296960 ----a-w- c:\windows\winhlp32.exe
2009-04-14 17:52 . 2009-04-14 17:52 194560 ----a-w- c:\windows\system32\ftsrch.dll
2009-04-12 19:22 . 2009-04-12 19:22 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-04-12 19:22 . 2009-04-12 19:22 -------- d-----w- c:\program files\BitLocker
2009-04-12 19:22 . 2009-04-12 19:22 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-04-12 16:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-03 20:25 . 2009-04-12 16:07 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-03 20:24 . 2009-04-12 16:07 73216 ----a-w- c:\windows\system32\msiexec.exe
2009-04-03 20:18 . 2009-04-12 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-03 19:40 . 2009-04-12 16:08 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-03 18:54 . 2009-04-12 16:07 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-03 18:52 . 2009-04-12 16:07 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-03 18:49 . 2009-04-12 16:08 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-03 18:48 . 2009-04-12 16:08 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-03 18:44 . 2009-04-12 16:07 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-03 18:44 . 2009-04-12 16:08 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-03 18:44 . 2009-04-12 16:07 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-03 18:44 . 2009-04-12 16:08 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-03 18:43 . 2009-04-12 16:07 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-03 18:43 . 2009-04-12 16:08 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-03 18:43 . 2009-04-12 16:07 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-03 18:43 . 2009-04-12 16:07 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-03 18:43 . 2009-04-12 16:08 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-03 18:43 . 2009-04-12 16:07 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-03 18:42 . 2009-04-12 16:08 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-03 20:25 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-03 1233920]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-04-14 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe" [2009-05-17 557056]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\programme\iTunesHelper.exe" [2009-04-02 342312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock -.lnk - c:\program files\RocketDock\RocketDock.exe [2009-4-17 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,84,fc,44,8b,bb,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{511A0F25-EB6A-436E-9571-F2D36BD2DDD9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A8D388CD-32BD-4AB3-8E7B-BA3702BCF05C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{D3408CDD-83C3-442D-924F-BAC10760A7B8}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{5EEAFA7F-B134-4700-AFD4-B65D369969AD}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{32142CEF-8088-4B87-97FB-4C17ECDAE608}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{3847FD50-F7EF-4537-BDA7-FAB9394ED644}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D07568B7-4D5B-4BC5-AA1E-758E98210613}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{25DDA7D6-BD8B-4D89-A454-91AF12466375}"= UDP:5353:Adobe CSI CS4
"{63841FEB-4F1E-49BD-9AA5-E81862617A8E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{13CE020D-7895-4B8C-AA22-17A8DA9C0E72}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C1961A97-BC7A-4851-9F2C-03AD257BF8B5}"= UDP:3703:Adobe Version Cue CS4 Server
"{B847146F-6A13-4E99-8A86-3097550E39E7}"= UDP:3704:Adobe Version Cue CS4 Server
"{1D168581-D9AF-4A4E-A0CC-55DC1081CB22}"= UDP:51000:Adobe Version Cue CS4 Server
"{4C1019E6-D6A6-4763-B7B2-C7A2D4F2FC5D}"= UDP:51001:Adobe Version Cue CS4 Server
"{156B9E22-8E6E-4311-90CF-3D5534BA2795}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{6B7BCBB3-454D-479A-A2EA-1429EFC55B85}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{9FB10FB9-F95B-4992-8626-1FAC9EEE7FAA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{292EE44C-97B9-48D2-9BE8-608E635357AC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4DCC8BCA-D4C0-495D-8C6D-6097C322014E}"= UDP:d:\programme\iTunes.exe:iTunes
"{12548456-98C6-4E65-AEC5-7D8AEBC6CE42}"= TCP:d:\programme\iTunes.exe:iTunes
"{94EC5EF2-12F9-4CEE-897E-4F78058E9A47}"= UDP:d:\programme\uTorrent.exe:µTorrent (TCP-In)
"{235F28AE-2E98-4478-B693-27345D9C57D4}"= TCP:d:\programme\uTorrent.exe:µTorrent (UDP-In)
"{D69D428D-B9A1-4610-8D58-3B8865BA75F2}"= UDP:c:\program files\uTorrent\App\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{1C5C82FC-D8A6-4D2A-B25D-B836332E123D}"= TCP:c:\program files\uTorrent\App\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{297B1F05-80DB-4FB1-A030-DD7C76C47908}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [16/05/2009 22:34 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/05/2009 22:34 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/05/2009 22:34 108552]
R1 lnsfw1;lnsfw1;c:\windows\System32\drivers\lnsfw1.sys [17/05/2009 12:54 79232]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16/05/2009 22:34 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 22:34 298776]
R2 lnssvcVista;Look 'n' Stop Service;c:\program files\Soft4Ever\looknstop\LnsSvcVista.exe -r --> c:\program files\Soft4Ever\looknstop\LnsSvcVista.exe -r [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [31/05/2009 17:13 40160]
S4 USB_FPRd;FingerPrinterReader;c:\windows\System32\drivers\UT_FPRd.sys [14/04/2009 20:55 16128]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://unattendshare.free.fr/index2.html
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programme\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 18:50
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,74,05,1d,17,af,47,49,b9,a1,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,74,05,1d,17,af,47,49,b9,a1,75,\

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AcroExch.Document"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
Heure de fin: 2009-05-31 18:52
ComboFix-quarantined-files.txt 2009-05-31 16:52

Avant-CF: 7 200 116 736 octets libres
Après-CF: 8 989 401 088 octets libres

538

Répondre à volavoil

Destrio5, le 31 mai 2009 à 18:59:58

Tu vas pouvoir faire ton scan avec MBAM désormais.

Répondre à Destrio5

volavoil, le 31 mai 2009 à 19:09:42

Voici le rapport rapide de malware
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2201
Windows 6.0.6002 Service Pack 2

31/05/2009 19:07:21
mbam-log-2009-05-31 (19-07-18).txt

Type de recherche: Examen rapide
Eléments examinés: 70637
Temps écoulé: 2 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Iexplor171.exe (Trojan.Dropper) -> No action taken.

Répondre à volavoil

volavoil, le 31 mai 2009 à 19:33:44

Le rapport du scan rapide est il suffisant ?

Répondre à volavoil

Destrio5, le 31 mai 2009 à 20:28:32

Tu as bien supprimé les infections trouvées par MBAM ?

--> Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5

volavoil, le 31 mai 2009 à 20:47:21

Voici le rapport du log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-31 20:46:26
Microsoft® Windows Vista™ Édition Intégrale Service Pack 2
System drive C: has 8 GB (28%) free of 30 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:32, on 31/05/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrateur\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://unattendshare.free.fr/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\programme\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: RocketDock -.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Look 'n' Stop Service (lnssvcVista) - Unknown owner - C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe
End of file - 6906 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-18 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-30 7289376]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-18 1947928]
"Look 'n' Stop"=C:\Program Files\Soft4Ever\looknstop\looknstop.exe [2009-05-17 557056]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=D:\programme\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-03 1233920]
"DAEMON Tools Lite"=D:\programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-04-14 135680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
RocketDock -.lnk - C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2009-04-12 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableInstallerDetection"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-31 18:52:05 ----SHD---- C:\$RECYCLE.BIN
2009-05-31 18:52:04 ----A---- C:\ComboFix.txt
2009-05-31 18:42:53 ----A---- C:\Windows\zip.exe
2009-05-31 18:42:53 ----A---- C:\Windows\SWXCACLS.exe
2009-05-31 18:42:53 ----A---- C:\Windows\SWSC.exe
2009-05-31 18:42:53 ----A---- C:\Windows\SWREG.exe
2009-05-31 18:42:53 ----A---- C:\Windows\sed.exe
2009-05-31 18:42:53 ----A---- C:\Windows\PEV.exe
2009-05-31 18:42:53 ----A---- C:\Windows\NIRCMD.exe
2009-05-31 18:42:53 ----A---- C:\Windows\grep.exe
2009-05-31 18:42:33 ----SD---- C:\ComboFix
2009-05-31 17:58:51 ----D---- C:\Program Files\trend micro
2009-05-31 17:58:50 ----D---- C:\rsit
2009-05-31 17:13:38 ----D---- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
2009-05-31 17:13:32 ----D---- C:\ProgramData\Malwarebytes
2009-05-31 16:50:46 ----D---- C:\Windows\Minidump
2009-05-31 16:49:33 ----D---- C:\Windows\ERDNT
2009-05-31 16:49:23 ----D---- C:\Qoobox
2009-05-30 14:05:41 ----HD---- C:\$AVG8.VAULT$
2009-05-30 03:46:54 ----A---- C:\Iexplor179.exe
2009-05-28 22:47:50 ----A---- C:\Iexplor171.exe
2009-05-28 20:17:15 ----D---- C:\Program Files\Microsoft Works
2009-05-28 20:16:37 ----D---- C:\Program Files\Microsoft Visual Studio
2009-05-28 20:16:37 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-28 20:16:06 ----D---- C:\Windows\PCHEALTH
2009-05-28 20:16:06 ----D---- C:\Program Files\Microsoft.NET
2009-05-28 20:14:10 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-05-28 20:13:27 ----D---- C:\Program Files\Microsoft Office
2009-05-28 20:13:26 ----D---- C:\ProgramData\Microsoft Help
2009-05-28 20:10:50 ----RHD---- C:\MSOCache
2009-05-21 18:45:50 ----D---- C:\Users\Administrateur\AppData\Roaming\Nero
2009-05-21 18:32:30 ----D---- C:\ProgramData\SlySoft
2009-05-21 18:29:10 ----D---- C:\ProgramData\DVD Shrink
2009-05-18 22:31:29 ----D---- C:\Users\Administrateur\AppData\Roaming\Yahoo!
2009-05-18 22:31:29 ----D---- C:\ProgramData\Yahoo! Companion
2009-05-18 21:39:32 ----D---- C:\Users\Administrateur\AppData\Roaming\uTorrent
2009-05-18 19:28:48 ----D---- C:\Program Files\Microsoft WSE
2009-05-18 19:23:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-18 19:17:45 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-05-18 19:17:40 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-05-18 19:14:05 ----D---- C:\Users\Administrateur\AppData\Roaming\DAEMON Tools Lite
2009-05-17 17:12:49 ----D---- C:\ProgramData\WindowsSearch
2009-05-17 17:08:20 ----D---- C:\Users\Administrateur\AppData\Roaming\Media Player Classic
2009-05-17 15:28:09 ----D---- C:\Users\Administrateur\AppData\Roaming\Apple Computer
2009-05-17 15:28:02 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-17 15:28:02 ----A---- C:\Windows\system32\GEARAspi.dll
2009-05-17 15:27:51 ----D---- C:\Program Files\iPod
2009-05-17 15:27:50 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-17 15:26:47 ----D---- C:\Program Files\Common Files\Apple
2009-05-17 15:23:16 ----D---- C:\Program Files\Bonjour
2009-05-17 15:22:51 ----D---- C:\ProgramData\Apple Computer
2009-05-17 15:22:51 ----D---- C:\Program Files\QuickTime
2009-05-17 15:22:40 ----D---- C:\ProgramData\Apple
2009-05-17 15:22:40 ----D---- C:\Program Files\Apple Software Update
2009-05-17 15:04:58 ----D---- C:\ProgramData\FLEXnet
2009-05-17 14:43:26 ----D---- C:\Windows\system32\appmgmt
2009-05-17 13:56:20 ----D---- C:\ProgramData\ALM
2009-05-17 13:41:37 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-05-17 13:16:01 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-05-17 13:07:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-17 13:04:08 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-17 12:54:50 ----A---- C:\Windows\system32\fwapi.dll
2009-05-17 12:53:30 ----D---- C:\Program Files\Soft4Ever
2009-05-17 12:37:29 ----D---- C:\Program Files\NewsBin
2009-05-17 12:28:29 ----D---- C:\Users\Administrateur\AppData\Roaming\NewsBin
2009-05-17 12:28:29 ----D---- C:\ProgramData\NewsBin
2009-05-17 12:19:45 ----D---- C:\Users\Administrateur\AppData\Roaming\GrabIt
2009-05-17 12:12:00 ----D---- C:\Program Files\GrabIt
2009-05-17 12:07:21 ----D---- C:\Users\Administrateur\AppData\Roaming\Adobe
2009-05-16 23:43:28 ----D---- C:\Users\Administrateur\AppData\Roaming\WinRAR
2009-05-16 23:31:28 ----D---- C:\Program Files\Sunbelt Software
2009-05-16 23:19:15 ----D---- C:\Users\Administrateur\AppData\Roaming\Thunderbird
2009-05-16 22:52:12 ----D---- C:\Users\Administrateur\AppData\Roaming\ATI
2009-05-16 22:52:12 ----D---- C:\ProgramData\ATI
2009-05-16 22:41:27 ----D---- C:\Program Files\Mozilla Thunderbird
2009-05-16 22:34:35 ----A---- C:\Windows\system32\avgrsstx.dll
2009-05-16 22:34:25 ----D---- C:\ProgramData\avg8
2009-05-16 22:34:25 ----D---- C:\Program Files\AVG
2009-05-16 22:29:34 ----D---- C:\Users\Administrateur\AppData\Roaming\Macromedia
2009-05-16 22:27:21 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-05-16 22:26:16 ----D---- C:\Program Files\ATI
2009-05-16 22:26:10 ----D---- C:\Program Files\ATI Technologies
2009-05-16 22:26:03 ----A---- C:\Windows\system32\Oemdspif.dll
2009-05-16 22:26:03 ----A---- C:\Windows\system32\atiumdva.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atiumdag.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atitmmxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atipdlxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\atioglxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\Ati2evxx.exe
2009-05-16 22:26:02 ----A---- C:\Windows\system32\Ati2evxx.dll
2009-05-16 22:26:02 ----A---- C:\Windows\system32\ati2edxx.dll
2009-05-16 22:19:52 ----D---- C:\WPI
2009-05-16 22:19:48 ----A---- C:\Windows\RtlUpd.exe
2009-05-16 22:19:48 ----A---- C:\Windows\RtHDVCpl.exe
2009-05-16 22:19:47 ----D---- C:\drivers
2009-05-16 22:14:40 ----A---- C:\Windows\ntbtlog.txt
2009-05-16 22:12:55 ----A---- C:\Windows\system32\notepad.original.exe
2009-05-16 22:12:55 ----A---- C:\Windows\notepad.original.exe
2009-05-16 22:12:54 ----D---- C:\Users\Administrateur\AppData\Roaming\Notepad++
2009-05-16 22:12:54 ----D---- C:\Program Files\Notepad++
2009-05-16 22:12:48 ----D---- C:\Users\Administrateur\AppData\Roaming\Mozilla
2009-05-16 22:12:38 ----A---- C:\Windows\system32\javaws.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\javaw.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\java.exe
2009-05-16 22:12:38 ----A---- C:\Windows\system32\deploytk.dll
2009-05-16 22:12:29 ----D---- C:\Program Files\Java
2009-05-16 22:12:20 ----D---- C:\Program Files\HashTab Shell Extension
2009-05-16 22:12:19 ----D---- C:\Program Files\FileZilla
2009-05-16 22:12:18 ----D---- C:\Program Files\PowerISO
2009-05-16 22:12:03 ----D---- C:\ProgramData\Adobe
2009-05-16 22:12:00 ----D---- C:\Program Files\Common Files\Adobe
2009-05-16 22:12:00 ----D---- C:\Program Files\Adobe
2009-05-16 22:11:34 ----D---- C:\Program Files\Xtremsplit
2009-05-16 22:11:33 ----D---- C:\Program Files\WinRAR
2009-05-16 22:11:31 ----D---- C:\Program Files\Messenger Plus! Live
2009-05-16 22:11:09 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 22:11:06 ----D---- C:\Program Files\Microsoft
2009-05-16 22:10:45 ----D---- C:\Program Files\Windows Live
2009-05-16 22:10:37 ----D---- C:\Program Files\Resource Hacker
2009-05-16 22:10:37 ----A---- C:\Windows\unvise32.exe
2009-05-16 22:10:34 ----D---- C:\Program Files\QuickPar
2009-05-16 22:10:29 ----A---- C:\Windows\system32\unrar.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\rmoc3260.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pndx5032.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pndx5016.dll
2009-05-16 22:10:29 ----A---- C:\Windows\system32\pncrt.dll
2009-05-16 22:10:29 ----A---- C:\Windows\avisplitter.ini
2009-05-16 22:10:26 ----A---- C:\Windows\system32\yv12vfw.dll
2009-05-16 22:10:26 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\xvidvfw.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\qt-dx331.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\dpl100.dll
2009-05-16 22:10:25 ----A---- C:\Windows\system32\divx.dll
2009-05-16 22:10:24 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-05-16 22:10:24 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-16 22:10:23 ----D---- C:\Users\Administrateur\AppData\Roaming\Real
2009-05-16 22:10:23 ----D---- C:\ProgramData\Real
2009-05-16 22:10:23 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-16 22:10:23 ----A---- C:\Windows\system32\msvcr71.dll
2009-05-16 22:10:23 ----A---- C:\Windows\system32\msvcp71.dll
2009-05-16 22:10:17 ----D---- C:\Program Files\Yahoo!
2009-05-16 22:10:12 ----D---- C:\ProgramData\ACD Systems
2009-05-16 22:10:10 ----D---- C:\Program Files\Common Files\ACD Systems
2009-05-16 22:10:10 ----D---- C:\Program Files\ACD Systems
2009-05-16 22:09:50 ----AD---- C:\WPI_Audio
2009-05-16 22:09:49 ----A---- C:\WPI_Log_2009.05.16_22.09.49.txt
2009-05-16 22:09:49 ----A---- C:\rb_config.js
2009-05-16 22:09:49 ----A---- C:\history.js
2009-05-16 22:06:34 ----D---- C:\Program Files\System
2009-05-16 22:06:11 ----A---- C:\Windows\Wordpad_2009.exe
2009-05-16 22:06:11 ----A---- C:\Windows\Windows 7_Calculator.exe
2009-05-16 22:05:54 ----D---- C:\ProgramData\Nero
2009-05-16 22:05:54 ----D---- C:\Program Files\Nero
2009-05-16 22:05:54 ----D---- C:\Program Files\Common Files\Nero
2009-05-16 22:05:30 ----D---- C:\Program Files\7-Zip
2009-05-16 22:05:29 ----D---- C:\Windows\system32\Macromed
2009-05-16 22:05:28 ----D---- C:\Program Files\Mozilla Firefox
2009-05-16 21:43:24 ----SD---- C:\Users\Administrateur\AppData\Roaming\Microsoft
2009-05-16 21:43:24 ----D---- C:\Users\Administrateur\AppData\Roaming\Media Center Programs
2009-05-16 21:42:55 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-16 21:42:50 ----SHD---- C:\Windows\Installer
2009-05-16 21:42:32 ----D---- C:\Program Files\Notepad2
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Modèles
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Menu Démarrer
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Favoris
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Documents
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Bureau
2009-05-16 21:40:43 ----SHD---- C:\ProgramData\Application Data
2009-05-16 21:40:43 ----SHD---- C:\Program Files\Fichiers communs
2009-05-16 21:40:43 ----SHD---- C:\Documents and Settings
2009-05-16 21:33:10 ----D---- C:\Windows\system32\RTCOM
2009-05-16 21:33:10 ----D---- C:\Program Files\Realtek
2009-05-16 21:25:35 ----D---- C:\Windows\SoftwareDistribution
2009-05-16 21:23:32 ----SHD---- C:\System Volume Information
2009-05-16 21:23:28 ----D---- C:\Windows\CSC

======List of files/folders modified in the last 1 months======

2009-05-31 20:46:32 ----D---- C:\Windows\Prefetch
2009-05-31 20:40:12 ----D---- C:\Windows\Temp
2009-05-31 19:22:33 ----D---- C:\Windows\System32
2009-05-31 19:22:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-31 19:22:32 ----D---- C:\Windows\inf
2009-05-31 19:16:19 ----D---- C:\Windows\Microsoft.NET
2009-05-31 19:16:18 ----RSD---- C:\Windows\assembly
2009-05-31 19:03:21 ----HD---- C:\ProgramData
2009-05-31 19:03:21 ----D---- C:\Program Files\Common Files
2009-05-31 18:52:06 ----D---- C:\Windows\system32\fr-FR
2009-05-31 18:50:20 ----D---- C:\Windows
2009-05-31 18:50:20 ----A---- C:\Windows\system.ini
2009-05-31 18:49:12 ----D---- C:\Windows\system32\drivers
2009-05-31 18:49:12 ----D---- C:\Windows\AppPatch
2009-05-31 17:58:51 ----RD---- C:\Program Files
2009-05-31 17:25:48 ----D---- C:\Windows\system32\WDI
2009-05-31 16:25:46 ----D---- C:\Windows\winsxs
2009-05-28 20:17:06 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-28 20:16:52 ----D---- C:\Program Files\MSBuild
2009-05-28 20:16:32 ----D---- C:\Windows\ShellNew
2009-05-28 20:16:13 ----RSD---- C:\Windows\Fonts
2009-05-28 20:16:06 ----SD---- C:\ProgramData\Microsoft
2009-05-28 20:13:53 ----A---- C:\Windows\win.ini
2009-05-28 20:13:50 ----D---- C:\Program Files\Common Files\System
2009-05-26 06:47:40 ----D---- C:\Windows\system32\catroot2
2009-05-25 21:28:26 ----SD---- C:\Windows\Downloaded Program Files
2009-05-23 11:05:42 ----D---- C:\Windows\system32\NDF
2009-05-17 20:10:12 ----D---- C:\Windows\Logs
2009-05-17 15:28:02 ----D---- C:\Windows\system32\catroot
2009-05-17 15:23:10 ----D---- C:\Program Files\Internet Explorer
2009-05-17 15:22:42 ----D---- C:\Windows\system32\Tasks
2009-05-16 22:06:34 ----D---- C:\Windows\Help
2009-05-16 21:43:24 ----RD---- C:\Users
2009-05-16 21:42:32 ----D---- C:\Windows\system32\restore
2009-05-16 21:42:31 ----D---- C:\Windows\system32\ShellExt
2009-05-16 21:42:30 ----D---- C:\Windows\system32\en-US
2009-05-16 21:42:28 ----RSD---- C:\Windows\Media
2009-05-16 21:42:28 ----D---- C:\Windows\system32\zh-TW
2009-05-16 21:42:28 ----D---- C:\Windows\system32\zh-CN
2009-05-16 21:42:28 ----D---- C:\Windows\system32\uk-UA
2009-05-16 21:42:28 ----D---- C:\Windows\system32\tr-TR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\th-TH
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sv-SE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sl-SI
2009-05-16 21:42:28 ----D---- C:\Windows\system32\sk-SK
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ru-RU
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ro-RO
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pt-PT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pt-BR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\pl-PL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\nl-NL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\nb-NO
2009-05-16 21:42:28 ----D---- C:\Windows\system32\lv-LV
2009-05-16 21:42:28 ----D---- C:\Windows\system32\lt-LT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ko-KR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ja-JP
2009-05-16 21:42:28 ----D---- C:\Windows\system32\it-IT
2009-05-16 21:42:28 ----D---- C:\Windows\system32\hu-HU
2009-05-16 21:42:28 ----D---- C:\Windows\system32\hr-HR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\he-IL
2009-05-16 21:42:28 ----D---- C:\Windows\system32\fi-FI
2009-05-16 21:42:28 ----D---- C:\Windows\system32\et-EE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\es-ES
2009-05-16 21:42:28 ----D---- C:\Windows\system32\el-GR
2009-05-16 21:42:28 ----D---- C:\Windows\system32\de-DE
2009-05-16 21:42:28 ----D---- C:\Windows\system32\da-DK
2009-05-16 21:42:28 ----D---- C:\Windows\system32\cs-CZ
2009-05-16 21:42:28 ----D---- C:\Windows\system32\bg-BG
2009-05-16 21:42:28 ----D---- C:\Windows\system32\ar-SA
2009-05-16 21:40:57 ----D---- C:\Windows\rescache
2009-05-16 21:40:43 ----D---- C:\Program Files\Windows NT
2009-05-16 21:40:42 ----D---- C:\Windows\Debug
2009-05-16 21:37:30 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-18 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-18 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-18 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-03 351744]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 lnsfw1;lnsfw1; C:\Windows\system32\drivers\lnsfw1.sys [2009-05-17 79232]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-05-10 103872]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608]
R3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-30 2350624]
R3 SFilter;Look 'n' Stop Driver; C:\Windows\system32\DRIVERS\lnsfw.sys [2009-05-17 58232]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R4 catchme;catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys []
S3 ajpz3140;ajpz3140; C:\Windows\system32\drivers\ajpz3140.sys []
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-03 22528]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-03 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-03 29696]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-03 236544]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-03 148992]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S4 btwrchid;btwrchid; C:\Windows\system32\drivers\btwrchid.sys [2007-07-16 16168]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-03 89088]
S4 USB_FPRd;FingerPrinterReader; C:\Windows\system32\drivers\ut_fprd.sys [2007-02-13 16128]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-14 610304]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-18 908568]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-18 298776]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 lnssvcVista;Look 'n' Stop Service; C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe [2009-05-17 14848]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-17 655624]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-03 918528]

-----------------EOF-----------------

Répondre à volavoil

Destrio5, le 31 mai 2009 à 20:50:07

/!\ Seul volavoil peut suivre cette procédure. /!\

1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\Iexplor179.exe
C:\Iexplor171.exe

Folder::
C:\Program Files\DAEMON Tools Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.

2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/...

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt

Répondre à Destrio5

volavoil, le 31 mai 2009 à 21:22:30

Voila

ComboFix 09-05-31.02 - Administrateur 31/05/2009 21:13.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.2046.1322 [GMT 2:00]
Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Administrateur\Desktop\CFScript.txt
FW: Look 'n' Stop 2.06p3 (Soft4Ever) *disabled* {2A530F53-4A99-4EE0-8471-4A00BA4A47B0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\Iexplor171.exe"
"C:\Iexplor179.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Iexplor171.exe
C:\Iexplor179.exe
c:\program files\DAEMON Tools Toolbar

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-31 19:15 . 2009-05-31 19:18 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2009-05-31 15:58 . 2009-05-31 18:46 -------- d-----w- c:\program files\trend micro
2009-05-31 15:58 . 2009-05-31 15:59 -------- d-----w- C:\rsit
2009-05-31 15:13 . 2009-05-31 15:13 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes
2009-05-31 15:13 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 15:13 . 2009-05-31 15:13 -------- d-----w- c:\programdata\Malwarebytes
2009-05-31 15:13 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 12:05 . 2009-05-31 16:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-28 18:17 . 2009-05-28 18:17 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 18:16 . 2009-05-28 18:16 -------- d-----w- c:\windows\PCHEALTH
2009-05-28 18:16 . 2009-05-28 18:16 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 18:14 . 2009-05-28 18:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-28 18:13 . 2009-05-28 18:13 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Help
2009-05-28 18:13 . 2009-05-28 18:18 -------- d-----w- c:\programdata\Microsoft Help
2009-05-28 18:10 . 2009-05-28 18:10 -------- d--h--r- C:\MSOCache
2009-05-28 17:46 . 2009-05-31 15:49 -------- d-----w- c:\users\Administrateur\AppData\Local\QuickPar
2009-05-27 04:57 . 2009-05-31 19:18 -------- d-----r- c:\users\Public\Recorded TV
2009-05-21 16:45 . 2009-05-21 16:45 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nero
2009-05-21 16:32 . 2009-05-21 16:32 -------- d-----w- c:\programdata\SlySoft
2009-05-21 16:29 . 2009-05-21 16:38 -------- d-----w- c:\programdata\DVD Shrink
2009-05-18 20:31 . 2009-05-18 20:31 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Yahoo!
2009-05-18 20:31 . 2009-05-18 20:31 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-18 19:39 . 2009-05-21 13:59 -------- d-----w- c:\users\Administrateur\AppData\Roaming\uTorrent
2009-05-18 17:28 . 2009-05-18 17:28 10134 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-18 17:28 . 2009-05-18 17:28 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 17:23 . 2009-05-18 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-05-18 17:14 . 2009-05-18 17:19 -------- d-----w- c:\users\Administrateur\AppData\Roaming\DAEMON Tools Lite
2009-05-18 15:13 . 2009-05-16 20:34 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-05-18 15:13 . 2009-05-16 20:34 12552 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-05-18 15:13 . 2009-05-16 20:34 107912 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-05-18 15:13 . 2009-05-16 20:34 325640 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-05-18 15:13 . 2009-05-16 20:34 485144 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-18 15:13 . 2009-05-16 20:34 27656 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-05-18 15:10 . 2009-05-16 20:34 1057024 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-05-18 15:10 . 2009-05-16 20:34 745240 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-05-18 15:10 . 2009-05-16 20:34 578840 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-05-18 15:10 . 2009-05-16 20:34 1424152 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-05-17 15:12 . 2009-05-17 15:12 -------- d-----w- c:\programdata\WindowsSearch
2009-05-17 15:08 . 2009-05-17 15:08 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Media Player Classic
2009-05-17 13:28 . 2009-05-17 14:33 -------- d-----w- c:\users\Administrateur\AppData\Local\Apple Computer
2009-05-17 13:28 . 2009-05-17 13:34 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Apple Computer
2009-05-17 13:28 . 2009-05-17 13:28 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-17 13:28 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-17 13:28 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-17 13:27 . 2009-05-17 13:27 -------- d-----w- c:\program files\iPod
2009-05-17 13:27 . 2009-05-17 13:28 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-17 13:26 . 2009-05-17 13:27 -------- d-----w- c:\program files\Common Files\Apple
2009-05-17 13:23 . 2009-05-17 13:23 -------- d-----w- c:\program files\Bonjour
2009-05-17 13:22 . 2009-05-17 13:27 -------- d-----w- c:\programdata\Apple Computer
2009-05-17 13:22 . 2009-05-17 13:23 -------- d-----w- c:\program files\QuickTime
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\users\Administrateur\AppData\Local\Apple
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\program files\Apple Software Update
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\programdata\Apple
2009-05-17 13:04 . 2009-05-31 18:48 -------- d-----w- c:\programdata\FLEXnet
2009-05-17 12:38 . 2009-05-17 12:41 -------- d-----w- c:\users\Administrateur\AppData\Local\looknstop
2009-05-17 11:56 . 2009-05-17 11:56 -------- d-----w- c:\programdata\ALM
2009-05-17 11:41 . 2009-05-17 11:41 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-17 11:16 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-05-17 11:07 . 2009-05-17 11:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-17 11:04 . 2009-05-17 11:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-17 10:54 . 2009-05-17 10:54 79232 ----a-w- c:\windows\system32\drivers\lnsfw1.sys
2009-05-17 10:54 . 2009-05-17 10:54 58232 ----a-w- c:\windows\system32\drivers\lnsfw.sys
2009-05-17 10:54 . 2009-05-17 10:54 36864 ----a-w- c:\windows\system32\fwapi.dll
2009-05-17 10:53 . 2009-05-17 10:55 -------- d-----w- c:\program files\Soft4Ever
2009-05-17 10:37 . 2009-05-17 10:38 -------- d-----w- c:\program files\NewsBin
2009-05-17 10:28 . 2009-05-31 15:49 -------- d-----w- c:\users\Administrateur\AppData\Roaming\NewsBin
2009-05-17 10:28 . 2009-05-17 10:28 -------- d-----w- c:\programdata\NewsBin
2009-05-17 10:19 . 2009-05-17 10:26 -------- d-----w- c:\users\Administrateur\AppData\Roaming\GrabIt
2009-05-17 10:12 . 2009-05-17 10:12 -------- d-----w- c:\program files\GrabIt
2009-05-16 21:31 . 2009-05-16 21:31 -------- d-----w- c:\program files\Sunbelt Software
2009-05-16 21:19 . 2009-05-16 21:19 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 21:19 . 2009-05-16 21:35 -------- d-----w- c:\users\Administrateur\AppData\Local\Thunderbird
2009-05-16 21:19 . 2009-05-16 21:19 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Thunderbird
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ATI
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\users\Administrateur\AppData\Local\ATI
2009-05-16 20:52 . 2009-05-16 20:52 -------- d-----w- c:\programdata\ATI
2009-05-16 20:41 . 2009-05-16 20:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-16 20:34 . 2009-05-18 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-16 20:34 . 2009-05-18 15:12 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-16 20:34 . 2009-05-18 15:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-16 20:34 . 2009-05-18 15:12 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-16 20:34 . 2009-05-31 09:47 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-16 20:34 . 2009-05-18 15:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-16 20:34 . 2009-05-31 13:11 -------- d-----w- c:\programdata\avg8
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w- c:\program files\AVG
2009-05-16 20:27 . 2009-05-16 20:27 9158 ----a-w- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-05-16 20:27 . 2009-05-16 20:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w- C:\WPI
2009-05-16 20:19 . 2007-03-01 13:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2009-05-16 20:19 . 2007-01-16 08:39 1191936 ----a-w- c:\windows\RtlUpd.exe
2009-05-16 20:19 . 2009-05-16 20:25 -------- d-----w- C:\drivers
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\users\Administrateur\AppData\Local\Cooliris
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\users\Administrateur\AppData\Local\Mozilla
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Xtremsplit
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-16 20:11 . 2009-05-16 20:11 -------- d-----w- c:\program files\Microsoft
2009-05-16 20:09 . 2009-05-31 14:42 -------- d-----w- c:\users\Administrateur\AppData\Local\Downloaded Installations
2009-05-16 20:09 . 2009-05-16 20:09 -------- d---a-w- C:\WPI_Audio
2009-05-16 20:06 . 2009-05-28 19:25 78736 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-16 20:06 . 2009-05-16 20:06 -------- d-----w- c:\program files\System
2009-05-16 20:06 . 2009-03-31 14:21 345670 ----a-w- c:\windows\Windows 7_Calculator.exe
2009-05-16 20:06 . 2009-03-31 02:39 412813 ----a-w- c:\windows\Wordpad_2009.exe
2009-05-16 20:05 . 2008-03-21 23:16 1347584 ----a-w- c:\programdata\Nero\DrWeb\DRWEB32.DLL
2009-05-16 20:05 . 2009-05-31 14:36 -------- d-----w- c:\program files\Common Files\Nero
2009-05-16 20:05 . 2009-05-31 14:30 -------- d-----w- c:\programdata\Nero
2009-05-16 20:05 . 2009-05-31 14:26 -------- d-----w- c:\program files\Nero
2009-05-16 20:05 . 2009-05-16 20:05 -------- d-----w- c:\program files\7-Zip
2009-05-16 20:05 . 2009-05-26 04:46 -------- d-----w- c:\windows\system32\Macromed
2009-05-16 19:42 . 2009-05-16 19:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-16 19:42 . 2009-05-31 15:01 -------- d-sh--w- c:\windows\Installer
2009-05-16 19:42 . 2009-05-18 17:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 19:42 . 2009-05-16 19:42 -------- d-----w- c:\program files\Notepad2
2009-05-16 19:33 . 2009-05-16 21:10 -------- d-----w- c:\windows\system32\RTCOM
2009-05-16 19:33 . 2009-05-16 19:33 -------- d-----w- c:\program files\Realtek
2009-05-09 23:40 . 2009-05-09 23:40 103872 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:16 . 2009-04-12 15:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-31 17:22 . 2008-01-21 08:04 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-31 17:22 . 2008-01-21 08:04 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 18:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-05-17 13:31 . 2009-05-17 13:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-17 12:46 . 2009-05-16 20:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 21:42 . 2009-05-16 20:12 -------- d-----w- c:\program files\FileZilla
2009-05-16 20:36 . 2009-05-16 19:43 680 ----a-w- c:\users\Administrateur\AppData\Local\d3d9caps.dat
2009-05-16 20:27 . 2009-05-16 20:26 -------- d-----w- c:\program files\ATI Technologies
2009-05-16 20:26 . 2009-05-16 20:26 -------- d-----w- c:\program files\ATI
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\Notepad++
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Notepad++
2009-05-16 20:12 . 2009-05-16 20:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\Java
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\HashTab Shell Extension
2009-05-16 20:12 . 2009-05-16 20:12 -------- d-----w- c:\program files\PowerISO
2009-05-16 20:11 . 2009-05-16 20:10 -------- d-----w- c:\program files\Windows Live
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Resource Hacker
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\QuickPar
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Yahoo!
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\programdata\ACD Systems
2009-05-16 20:10 . 2009-05-16 20:10 -------- d-----w- c:\program files\ACD Systems
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Modèles
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Menu Démarrer
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Favoris
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Documents
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\programdata\Bureau
2009-05-16 19:40 . 2009-05-16 19:40 -------- d-sh--we c:\program files\Fichiers communs
2009-05-16 19:27 . 2009-05-16 19:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-19 12:12 . 2009-04-19 12:12 -------- d-----w- c:\program files\CCleaner
2009-04-19 12:11 . 2009-04-19 12:11 -------- d-----w- c:\program files\uTorrent
2009-04-19 08:41 . 2006-11-02 07:26 30051328 ----a-w- c:\windows\system32\imageres.dll
2009-04-17 11:49 . 2009-04-17 13:09 -------- d-----w- c:\program files\IconWorkshopPortable
2009-04-17 11:49 . 2009-04-17 13:10 -------- d-----w- c:\program files\RocketDock
2009-04-17 11:49 . 2009-04-17 13:09 -------- d-----w- c:\program files\Diskeeper
2009-04-17 11:48 . 2009-04-17 13:09 -------- d-----w- c:\program files\PhotoshopPortable
2009-04-17 11:47 . 2009-04-17 13:09 -------- d-----w- c:\program files\NeroPortable
2009-04-14 18:21 . 2009-04-14 18:21 705024 ----a-w- c:\windows\system32\sbe.dll
2009-04-14 18:19 . 2009-04-14 18:19 604672 ----a-w- c:\windows\system32\CPFilters.dll
2009-04-14 18:19 . 2009-04-14 18:19 450048 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-14 18:19 . 2009-04-14 18:19 153088 ----a-w- c:\windows\system32\sbeio.dll
2009-04-14 18:05 . 2009-04-14 18:05 -------- d-----w- c:\program files\Hyper-V
2009-04-14 18:05 . 2009-04-14 18:05 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-04-14 18:05 . 2009-04-14 18:05 43544 ----a-w- c:\windows\system32\wups2.dll
2009-04-14 18:05 . 2009-04-14 18:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-04-14 18:05 . 2009-04-14 18:05 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-04-14 18:05 . 2009-04-14 18:05 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-04-14 18:05 . 2009-04-14 18:05 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-04-14 18:05 . 2009-04-14 18:05 34328 ----a-w- c:\windows\system32\wups.dll
2009-04-14 18:05 . 2009-04-14 18:05 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-04-14 18:05 . 2009-04-14 18:05 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-04-14 18:04 . 2009-04-14 18:04 762880 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2009-04-14 18:00 . 2009-04-14 18:00 2198528 ----a-w- c:\windows\system32\MSVidCtl.dll
2009-04-14 18:00 . 2009-04-14 18:00 53248 ----a-w- c:\windows\system32\Mcx2Svc.dll
2009-04-14 18:00 . 2009-04-14 18:00 140288 ----a-w- c:\windows\system32\iTVData.dll
2009-04-14 18:00 . 2009-04-14 18:00 65024 ----a-w- c:\windows\system32\cca.dll
2009-04-14 18:00 . 2009-04-14 18:00 65536 ----a-w- c:\windows\system32\sberes.dll
2009-04-14 18:00 . 2009-04-14 18:00 357376 ----a-w- c:\windows\system32\msdri.dll
2009-04-14 18:00 . 2009-04-14 18:00 27136 ----a-w- c:\windows\system32\tvratings.dll
2009-04-14 18:00 . 2009-04-14 18:00 657408 ----a-w- c:\windows\system32\MSDTVADEC.DLL
2009-04-14 18:00 . 2009-04-14 18:00 413208 ----a-w- c:\windows\system32\MCEWMDRMNDBootstrap.dll
2009-04-14 18:00 . 2009-04-14 18:00 86016 ----a-w- c:\windows\system32\mcsrchPH.dll
2009-04-14 17:55 . 2009-04-14 17:55 44032 ----a-w- c:\windows\system32\vmclusex.dll
2009-04-14 17:55 . 2009-04-14 17:55 140288 ----a-w- c:\windows\system32\RemoteFileBrowse.dll
2009-04-14 17:54 . 2009-04-14 17:54 12288 ----a-w- c:\windows\system32\rsatclient.dll
2009-04-14 17:52 . 2009-04-14 17:52 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2009-04-14 17:52 . 2009-04-14 17:52 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2009-04-14 17:52 . 2009-04-14 17:52 296960 ----a-w- c:\windows\winhlp32.exe
2009-04-14 17:52 . 2009-04-14 17:52 194560 ----a-w- c:\windows\system32\ftsrch.dll
2009-04-12 19:22 . 2009-04-12 19:22 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-04-12 19:22 . 2009-04-12 19:22 -------- d-----w- c:\program files\BitLocker
2009-04-12 19:22 . 2009-04-12 19:22 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-04-12 16:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-04-12 16:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-03 20:25 . 2009-04-12 16:07 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-03 20:24 . 2009-04-12 16:07 73216 ----a-w- c:\windows\system32\msiexec.exe
2009-04-03 20:18 . 2009-04-12 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-03 19:40 . 2009-04-12 16:08 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-03 18:54 . 2009-04-12 16:07 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-03 18:52 . 2009-04-12 16:07 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-03 18:49 . 2009-04-12 16:08 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-03 18:48 . 2009-04-12 16:08 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-03 18:44 . 2009-04-12 16:07 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-03 18:44 . 2009-04-12 16:08 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-03 18:44 . 2009-04-12 16:07 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-03 18:44 . 2009-04-12 16:08 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-03 18:43 . 2009-04-12 16:07 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-03 18:43 . 2009-04-12 16:08 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-03 18:43 . 2009-04-12 16:07 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-03 18:43 . 2009-04-12 16:07 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-03 18:43 . 2009-04-12 16:08 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-03 18:43 . 2009-04-12 16:07 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-03 18:42 . 2009-04-12 16:08 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-31_16.50.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 17:15 . 2009-05-31 17:15 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\52a46f3dd36f111d1836b3097fee5a70\stdole.ni.dll
- 2009-05-17 11:40 . 2009-05-17 11:40 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\InspectVhdDialog\6213ae2ede752dde2a3be772ab2ac04c\InspectVhdDialog.ni.exe
+ 2009-05-31 17:15 . 2009-05-31 17:15 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\InspectVhdDialog\6213ae2ede752dde2a3be772ab2ac04c\InspectVhdDialog.ni.exe
+ 2009-05-31 17:15 . 2009-05-31 17:15 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiActivScp\78a2e752b27b91e1b4a78bec105d96e4\ehiActivScp.ni.dll
- 2009-05-31 16:45 . 2009-05-31 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-31 19:16 . 2009-05-31 19:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-31 16:44 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-31 17:22 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-31 17:22 101052 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-31 16:44 101052 c:\windows\System32\perfc009.dat
+ 2009-05-31 17:16 . 2009-05-31 17:16 479232 c:\windows\assembly\NativeImages_v2.0.50727_32\vmconnect\ee38c3e6b9f03692bf4ea1462c0bec6b\vmconnect.ni.exe
- 2009-05-17 11:41 . 2009-05-17 11:41 479232 c:\windows\assembly\NativeImages_v2.0.50727_32\vmconnect\ee38c3e6b9f03692bf4ea1462c0bec6b\vmconnect.ni.exe
+ 2009-05-31 17:15 . 2009-05-31 17:15 835072 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\[u]0/u28a510b64c8632110c43f056e08f45d\ehiVidCtl.ni.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-03 20:25 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-03 1233920]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-04-14 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe" [2009-05-17 557056]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\programme\iTunesHelper.exe" [2009-04-02 342312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock -.lnk - c:\program files\RocketDock\RocketDock.exe [2009-4-17 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,84,fc,44,8b,bb,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{511A0F25-EB6A-436E-9571-F2D36BD2DDD9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A8D388CD-32BD-4AB3-8E7B-BA3702BCF05C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{D3408CDD-83C3-442D-924F-BAC10760A7B8}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{5EEAFA7F-B134-4700-AFD4-B65D369969AD}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{32142CEF-8088-4B87-97FB-4C17ECDAE608}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{3847FD50-F7EF-4537-BDA7-FAB9394ED644}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D07568B7-4D5B-4BC5-AA1E-758E98210613}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{25DDA7D6-BD8B-4D89-A454-91AF12466375}"= UDP:5353:Adobe CSI CS4
"{63841FEB-4F1E-49BD-9AA5-E81862617A8E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{13CE020D-7895-4B8C-AA22-17A8DA9C0E72}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C1961A97-BC7A-4851-9F2C-03AD257BF8B5}"= UDP:3703:Adobe Version Cue CS4 Server
"{B847146F-6A13-4E99-8A86-3097550E39E7}"= UDP:3704:Adobe Version Cue CS4 Server
"{1D168581-D9AF-4A4E-A0CC-55DC1081CB22}"= UDP:51000:Adobe Version Cue CS4 Server
"{4C1019E6-D6A6-4763-B7B2-C7A2D4F2FC5D}"= UDP:51001:Adobe Version Cue CS4 Server
"{156B9E22-8E6E-4311-90CF-3D5534BA2795}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{6B7BCBB3-454D-479A-A2EA-1429EFC55B85}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{9FB10FB9-F95B-4992-8626-1FAC9EEE7FAA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{292EE44C-97B9-48D2-9BE8-608E635357AC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4DCC8BCA-D4C0-495D-8C6D-6097C322014E}"= UDP:d:\programme\iTunes.exe:iTunes
"{12548456-98C6-4E65-AEC5-7D8AEBC6CE42}"= TCP:d:\programme\iTunes.exe:iTunes
"{94EC5EF2-12F9-4CEE-897E-4F78058E9A47}"= UDP:d:\programme\uTorrent.exe:µTorrent (TCP-In)
"{235F28AE-2E98-4478-B693-27345D9C57D4}"= TCP:d:\programme\uTorrent.exe:µTorrent (UDP-In)
"{D69D428D-B9A1-4610-8D58-3B8865BA75F2}"= UDP:c:\program files\uTorrent\App\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{1C5C82FC-D8A6-4D2A-B25D-B836332E123D}"= TCP:c:\program files\uTorrent\App\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{297B1F05-80DB-4FB1-A030-DD7C76C47908}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [16/05/2009 22:34 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/05/2009 22:34 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/05/2009 22:34 108552]
R1 lnsfw1;lnsfw1;c:\windows\System32\drivers\lnsfw1.sys [17/05/2009 12:54 79232]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16/05/2009 22:34 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 22:34 298776]
R2 lnssvcVista;Look 'n' Stop Service;c:\program files\Soft4Ever\looknstop\LnsSvcVista.exe -r --> c:\program files\Soft4Ever\looknstop\LnsSvcVista.exe -r [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S4 USB_FPRd;FingerPrinterReader;c:\windows\System32\drivers\UT_FPRd.sys [14/04/2009 20:55 16128]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://unattendshare.free.fr/index2.html
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programme\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 21:17
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,74,05,1d,17,af,47,49,b9,a1,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,74,05,1d,17,af,47,49,b9,a1,75,\

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AcroExch.Document"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-1368877821-2787237830-2592894067-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5732)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Soft4Ever\looknstop\LnSSvcVista.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Heure de fin: 2009-05-31 21:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-31 19:20
ComboFix2.txt 2009-05-31 16:52

Avant-CF: 8 702 521 344 octets libres
Après-CF: 8 457 478 144 octets libres

571

Répondre à volavoil

Destrio5, le 31 mai 2009 à 23:32:33

Fais un scan complet avec AVG.

Répondre à Destrio5

26 réponses 12 Suivant

Posez votre question Répondre