Explorateur Windows a cessé de fonctionnerFermé

Question

Bonjour à toutes et à tous,

depuis quelques semaines, je ne parviens plus à ouvrir mon explorateur Windows. Dès que je tente de le faire, je reçois le message: "Windows Explorer a cessé de fonctionner" et la fenêtre se ferme ensuite. De plus j'observe certaines lenteurs sur mon PC. Quelqu'un pourrait-il m'aider à résoudre mon problème? à toute fin utile, je poste ci-dessous mon log Hijackthis. Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:58, on 20/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Nicolas\Desktop\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP - België | Computers, laptops, servers, printers en meer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP - België | Computers, laptops, servers, printers en meer
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP - België | Computers, laptops, servers, printers en meer
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(TM) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\Palm\Hotsync.exe" -AllUsers
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nicolas\Desktop\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE FR\EFUploadSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1ca2324f3892098) (gupdate1ca2324f3892098) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--

jacques.gache · Answer

bonjour, perso je vois rien de spécial côté infection sur ton hijackthis !! normal car hijackthis est un peut dépassé et perso je préfairerais un zhpdiag qui en montrera plus et si problème je pense que l'on le verra !!

Ouvre ce lien et télécharge ZHPDiag : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

cliques sur télécharger "celui de droite" 

ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html 

tu vas en bas de la page et tu télécharges le premier tu  et tu dézippes 
 

Enregistres le sur ton Bureau. 

Une fois le téléchargement achevé

pour XP, double-clique sur ZHPDiag 

pour Vista,et seven tu  fais un clic droit sur l'icône et exécute en tant qu'administrateur. 

N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau. 

/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix. 

Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !! 

Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options. 

Cliques sur la loupe pour lancer l'analyse. 

Laisses l'outil travailler, il peut être assez long. 

A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau. 


Fermes ZHPDiag en fin d'analyse. 


Pour me le transmettre clique sur ce lien : 

http://www.cijoint.fr/index.php

Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt

ou directement en choisissant bureau et  ZHPDiag.txt clique dessus 

Clique sur Ouvrir. 

Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt 

est ajouté dans la page. 

Copie ce lien dans ta réponse.

nicplet · Answer

Bonjour Jacques et merci pour ta réponse. J'ai réalisé l'analyse, mais malheureusement, vu que je en sais pas ouvrir l'explorateur, mon browser internet (Firefox) plante également lorsque je veux t'envoyer le fichier comme tu me le demandes (vu qu'il ouvre une fenêtre "explorateur" pour naviguer dans mes répertoires. 

Comment puis-je faire pour te transmettre le log?

Merci d'avance

nicplet · Answer

nicplet · Answer

Oui, Avec Internet explorer, j'ai exactement le même problème. 

Par contre, Malwarebyte, je connais et j'ai fait un scan récemment et nettoyer les erreurs qu'il y avait. Idem avec CCleaner, TuneUp Utilities et Spybot.

Je relance quand même Malwarebytes.

Le problème ne viendrait-il pas de HTC sync? Ou d'un truc du genre Telecalib?

nicplet · Answer

oui oui, je fais des mises à jours de tous ces programmes chaque fois avant de les lancer. L'analyse est en cours mais je crains que ce ne soit pas suffisant pour rédoure mon problème, vu que je l'ai déjà fait précédemment. Je patiente, néanmoins.

nicplet · Answer

Aucun élément nuisible détecté par Malwarebytes. Ci-dessous, le fichier log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4666

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

21/09/2010 23:56:39
mbam-log-2010-09-21 (23-56-39).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 398030
Temps écoulé: 1 heure(s), 25 minute(s), 13 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

nicplet · Answer

Bonsoir (et encore merci de suivre mon problème),

voici le log:

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

Updated by C_XX on 16/09/10 at 13:30
Contact: AdRemover.contact[AT]gmail.com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:00:04 on 22/09/2010, Normal boot

Microsoft® Windows Vista(TM) Édition Familiale Basique  Service Pack 2 (X86) 
Nicolas@NICOLAS-PC (HP-Pavilion NQ807AA-ABU s3811uk) 
 
============== SEARCH ==============

Service: "Application Updater" Service found 

0,File found: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
0,File found: C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
0,Folder found: C:\Program Files\Application Updater
0,Folder found: C:\Users\Nicolas\AppData\LocalLow\FunWebProducts
0,Folder found: C:\Users\Nicolas\AppData\LocalLow\MyWebSearch
0,Folder found: C:\Users\Nicolas\AppData\LocalLow\pdfforge
0,Folder found: C:\Program Files\pdfforge Toolbar
0,Folder found: C:\Users\Nicolas\AppData\LocalLow\Search Settings
3,File found: C:\Windows\Installer\138165.msi  

1,Key found: HKLM\Software\Classes\Interface\{144940B1-F191-11D0-A8E2-00A0C90F29FC}
1,Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
1,Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Key found: HKLM\Software\Application Updater
0,Key found: HKLM\Software\pdfforge
0,Key found: HKLM\Software\Search Settings
0,Key found: HKCU\Software\Search Settings
0,Key found: HKCU\Software\AppDataLow\Software\Fun Web Products
0,Key found: HKCU\Software\AppDataLow\Software\MyWebSearch
0,Key found: HKCU\Software\AppDataLow\Software\pdfforge
3,Key found: HKLM\Software\Classes\Installer\Products\3D7B197543B881247905A6E8540DDA23
3,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\3D7B197543B881247905A6E8540DDA23
0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
0,Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.10 (fr)] **

-- C:\Users\Nicolas\AppData\Roaming\Mozilla\FireFox\Profiles\ch29uqwf.default\Prefs.js --
browser.download.lastDir, C:\Users\Nicolas\Downloads
browser.search.defaultenginename, MyStart
browser.startup.homepage, hxxp://www.google.be/
browser.startup.homepage_override.mstone, rv:1.9.2.10

-- C:\Users\Guest\AppData\Roaming\Mozilla\FireFox\Profiles\czb8aoh8.default\Prefs.js --
browser.startup.homepage, www.google.be
browser.startup.homepage_override.mstone, rv:1.9.2.10

========================================

** Internet Explorer Version [8.0.6001.18943] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_be&c=92&bd=Pavilion&pf=cndt
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: about:blank
Start Page Restore: hxxp://www.mystart101.com

[HKLM\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_be&c=92&bd=Pavilion&pf=cndt
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_be&c=92&bd=Pavilion&pf=cndt

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 22/09/2010 (4623 Byte(s)) 

End at: 20:04:56, 22/09/2010 
 
============== E.O.F ==============

nicplet · Answer

Oups, désolé, erreur de ma part. C'est involontaire, je n'ai pas été attentif. Sorry. Voici donc le rapport:

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

Updated by C_XX on 16/09/10 at 13:30
Contact: AdRemover.contact[AT]gmail.com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 21:01:18 on 22/09/2010, Normal boot

Microsoft® Windows Vista(TM) Édition Familiale Basique  Service Pack 2 (X86) 
Nicolas@NICOLAS-PC (HP-Pavilion NQ807AA-ABU s3811uk) 
 
============== ACTION(S) ==============

Service: "Application Updater" Service stopped and deleted 

0,File deleted: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
0,File deleted: C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
0,Folder deleted: C:\Program Files\Application Updater
0,Folder deleted: C:\Users\Nicolas\AppData\LocalLow\FunWebProducts
0,Folder deleted: C:\Users\Nicolas\AppData\LocalLow\MyWebSearch
0,Folder deleted: C:\Users\Nicolas\AppData\LocalLow\pdfforge
0,Folder deleted: C:\Program Files\pdfforge Toolbar
0,Folder deleted: C:\Users\Nicolas\AppData\LocalLow\Search Settings
3,File deleted: C:\Windows\Installer\138165.msi  

(!) -- Temporary files deleted.


1,Key deleted: HKLM\Software\Classes\Interface\{144940B1-F191-11D0-A8E2-00A0C90F29FC}
1,Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Key deleted: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Key deleted: HKLM\Software\Application Updater
0,Key deleted: HKLM\Software\pdfforge
0,Key deleted: HKLM\Software\Search Settings
0,Key deleted: HKCU\Software\Search Settings
0,Key deleted: HKCU\Software\AppDataLow\Software\Fun Web Products
0,Key deleted: HKCU\Software\AppDataLow\Software\MyWebSearch
0,Key deleted: HKCU\Software\AppDataLow\Software\pdfforge
3,Key deleted: HKLM\Software\Classes\Installer\Products\3D7B197543B881247905A6E8540DDA23
3,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\3D7B197543B881247905A6E8540DDA23
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.10 (fr)] **

-- C:\Users\Nicolas\AppData\Roaming\Mozilla\FireFox\Profiles\ch29uqwf.default\Prefs.js --
browser.download.lastDir, C:\Users\Nicolas\Downloads
browser.search.defaultenginename, MyStart
browser.startup.homepage, hxxp://www.google.be/
browser.startup.homepage_override.mstone, rv:1.9.2.10

-- C:\Users\Guest\AppData\Roaming\Mozilla\FireFox\Profiles\czb8aoh8.default\Prefs.js --
browser.startup.homepage, www.google.be
browser.startup.homepage_override.mstone, rv:1.9.2.10

========================================

** Internet Explorer Version [8.0.6001.18943] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 94 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 22/09/2010 (4542 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 22/09/2010 (4752 Byte(s)) 

End at: 21:06:03, 22/09/2010 
 
============== E.O.F ==============

nicplet · Answer

Voici le log:

ComboFix 10-09-22.02 - Nicolas 22/09/2010  21:55:15.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique   6.0.6002.2.1252.32.1036.18.2940.1634 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\divC88C.tmp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-22 au 2010-09-22  ))))))))))))))))))))))))))))))))))))
.

2010-09-22 20:02 . 2010-09-22 20:02	--------	d-----w-	c:\users\Nicolas\AppData\Local	emp
2010-09-22 20:02 . 2010-09-22 20:02	--------	d-----w-	c:\users\Guest\AppData\Local	emp
2010-09-22 20:02 . 2010-09-22 20:02	--------	d-----w-	c:\users\Default\AppData\Local	emp
2010-09-22 18:00 . 2010-09-22 19:04	--------	d-----w-	c:\program files\Ad-Remover
2010-09-21 20:09 . 2010-09-21 20:13	--------	d-----w-	c:\program files\ZHPDiag
2010-09-19 08:17 . 2010-09-19 08:17	--------	d-----w-	c:\program files\iPod
2010-09-19 08:14 . 2010-09-19 08:14	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-19 08:09 . 2010-09-19 08:09	--------	d-----w-	c:\program files\QuickTime
2010-09-19 06:26 . 2010-09-19 06:26	388096	----a-r-	c:\users\Nicolas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 15:30 . 2010-09-18 15:30	20332736	----a-w-	c:\users\Nicolas\AppData\Roaming\TomTom\HOME\Profiles\kztr9brv.default\Updates\v2_7_6_2056_win.exe
2010-09-16 21:48 . 2010-09-16 21:47	53632	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-15 06:50 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-15 06:50 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 06:50 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 06:50 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-12 14:51 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-09-12 14:51 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32
toskrnl.exe
2010-09-12 14:51 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-09-12 14:51 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-09-12 14:51 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-09-12 14:51 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers	cpip.sys
2010-09-11 05:42 . 2010-09-11 06:02	--------	d-----w-	c:\users\Nicolas\.android
2010-09-09 21:02 . 2010-08-27 12:56	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2010-09-09 21:02 . 2010-08-27 12:56	21312	----a-w-	c:\windows\system32\authuitu.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 19:50 . 2009-10-10 06:19	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-22 19:50 . 2009-08-20 19:41	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\uTorrent
2010-09-19 08:19 . 2009-12-25 14:42	--------	d-----w-	c:\program files\iTunes
2010-09-19 08:17 . 2009-12-22 19:53	--------	d-----w-	c:\program files\Common Files\Apple
2010-09-16 21:47 . 2009-08-22 13:12	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-09-16 21:47 . 2009-08-20 18:09	--------	d-----w-	c:\program files\MSXML 4.0
2010-09-15 20:38 . 2010-04-15 10:51	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-15 20:37 . 2010-03-31 18:47	--------	d-----w-	c:\programdata\DivX
2010-09-15 20:37 . 2010-03-31 18:48	--------	d-----w-	c:\program files\DivX
2010-09-15 20:37 . 2009-08-22 12:22	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-09-15 20:34 . 2009-08-20 17:53	--------	d-----w-	c:\program files\Microsoft Works
2010-09-15 20:28 . 2010-03-31 18:49	--------	d-----w-	c:\program files\WinASPI
2010-09-15 20:14 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-11 06:55 . 2009-09-02 18:18	--------	d-----w-	c:\program files\Common Files\Teleca Shared
2010-09-11 06:55 . 2009-09-05 07:10	--------	d-----w-	c:\programdata\Teleca
2010-09-09 21:03 . 2009-08-20 19:14	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-09 21:01 . 2010-07-30 09:13	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-09-02 20:50 . 2009-08-20 18:56	--------	d-----w-	c:\program files\CCleaner
2010-08-27 13:02 . 2010-07-30 09:14	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2010-08-25 06:04 . 2010-03-02 19:49	1	----a-w-	c:\users\Nicolas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-18 21:01 . 2010-07-10 20:50	--------	d-----w-	c:\program files\Zortam Mp3 Media Studio
2010-08-15 12:43 . 2009-03-09 06:03	--------	d-----w-	c:\program files\Hewlett-Packard
2010-08-15 09:49 . 2009-03-09 06:26	--------	d---a-w-	c:\program files\Common Files\LightScribe
2010-08-15 09:47 . 2010-08-15 09:47	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\Hewlett-Packard
2010-08-15 09:41 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-08-15 06:27 . 2010-08-15 06:27	--------	d-----w-	c:\program files\Trend Micro
2010-08-14 22:27 . 2010-08-14 22:27	--------	d-----w-	c:\program files\Enigma Software Group
2010-08-14 22:27 . 2010-08-14 22:27	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-14 05:34 . 2009-08-20 18:30	680	----a-w-	c:\users\Nicolas\AppData\Local\d3d9caps.dat
2010-08-07 16:08 . 2010-08-07 16:08	--------	d-----w-	c:\program files\Common Files\Remote Control Software Common
2010-08-07 16:08 . 2010-08-07 16:08	--------	d-----w-	c:\program files\Logitech
2010-08-07 16:08 . 2009-03-09 06:13	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-07 16:08 . 2010-08-07 16:08	--------	d-----w-	c:\program files\Common Files\Remote Control USB Driver
2010-08-07 06:20 . 2009-11-15 12:50	--------	d-----w-	c:\programdata\ma-config.com
2010-08-07 06:20 . 2009-11-15 12:50	--------	d-----w-	c:\program files\ma-config.com
2010-08-06 15:53 . 2010-06-19 07:57	--------	d-----w-	c:\program files\Apple Software Update
2010-08-06 15:48 . 2010-08-06 15:48	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\ALK Technologies
2010-08-06 15:47 . 2010-08-06 15:47	--------	d-----w-	c:\program files\ALK Technologies
2010-08-05 21:44 . 2010-08-05 21:44	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\CompanionLink
2010-08-05 21:01 . 2009-08-23 20:35	--------	d-----w-	c:\program files\Palm
2010-08-04 21:05 . 2010-08-04 21:05	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\dba2csv
2010-08-04 21:05 . 2010-08-04 21:05	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\palm2google
2010-08-03 16:09 . 2009-08-24 16:20	115088	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-02 19:09 . 2010-08-02 19:09	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-08-02 19:04 . 2010-08-02 19:04	--------	d-----w-	c:\program files\Brol
2010-08-02 14:52 . 2009-08-22 13:13	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-02 08:15 . 2009-09-03 14:52	--------	d-----w-	c:\users\Guest\AppData\Roaming\Teleca
2010-07-31 11:01 . 2009-09-02 20:23	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\Teleca
2010-07-31 11:00 . 2010-07-31 11:00	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-07-30 09:11 . 2009-08-20 19:47	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-07-29 16:23 . 2010-01-23 13:58	--------	d-----w-	c:\program files\MP3Gain
2010-07-28 20:33 . 2009-09-02 18:19	--------	d-----w-	c:\program files\The GodFather
2010-07-12 21:23 . 2009-12-20 13:55	143972	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-08 08:02 . 2010-07-08 08:02	1	----a-w-	c:\users\Guest\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-06 05:33 . 2010-07-06 05:33	1798248	----a-w-	c:\windows\system32\RtkPgExt.dll
2010-07-06 05:33 . 2010-07-06 05:33	367208	----a-w-	c:\windows\system32\RtkApoApi.dll
2010-07-06 05:33 . 2010-03-21 16:28	59496	----a-w-	c:\windows\system32\RtkCoInst.dll
2010-07-06 05:33 . 2010-03-21 16:28	3596392	----a-w-	c:\windows\system32\RtkAPO.dll
2010-07-06 05:33 . 2010-07-06 05:33	3112360	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2010-06-29 22:12 . 2010-06-29 22:12	13312	----a-w-	c:\windows\LPRES.DLL
2010-06-26 06:05 . 2010-09-12 14:52	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-09-12 14:52	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-09-12 14:52	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-09-12 14:52	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2000-10-18 10:19 . 2010-05-17 04:43	57344	--sha-w-	c:\windows\System32\mfc42loc.dll
1995-09-20 14:16 . 2010-05-17 04:43	35088	--sha-w-	c:\windows\System32\msjint32.dll
1995-09-20 14:13 . 2010-05-17 04:43	977680	--sha-w-	c:\windows\System32\msjt3032.dll
1995-09-20 14:16 . 2010-05-17 04:43	23824	--sha-w-	c:\windows\System32\msjter32.dll
1995-09-24 09:02 . 2010-05-17 04:43	243472	--sha-w-	c:\windows\System32\vbar2232.dll
1998-05-18 01:06 . 2009-08-22 09:32	368912	--sha-w-	c:\windows\System32\vbar332.dll
2009-03-09 13:50 . 2009-03-09 13:49	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"uTorrent"="c:\users\Nicolas\Desktop\uTorrent.exe" [2010-08-29 328568]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2010-02-26 1148200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
2008-01-03 16:28	1392640	----a-r-	c:\program files\Palm\Hotsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44	3883856	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38	247144	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Device Detector"=DevDetect.exe -autorun
"DebugDump"=regsvr32 /s /u "c:\users\Nicolas\AppData\Local\Debug\DebugDump.dll"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"uTorrent"="c:\users\Nicolas\Desktop\uTorrent.exe"
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ZortamMp3MediaStudio"="c:\program files\Zortam Mp3 Media Studio\zmmspro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"SmartMenu"=%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe"
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" /P Belgacom
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SearchSettings"=c:\program files\pdfforge Toolbar\SearchSettings.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2324f3892098;Service Google Update (gupdate1ca2324f3892098);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-05-01 13224]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\DRIVERS\P1120Vid.sys [2003-09-19 759050]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-22 716272]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-27 1051968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS
etr73.sys [2009-05-24 501248]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-05-01 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2010-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 16:47]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:34]

2010-09-14 c:\windows\Tasks\HPCeeScheduleForNicolas.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-03-09 20:01]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\ch29uqwf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin
pgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542
pCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29
pGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin
ew_plugin
pdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Photodex Presenter
pPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Associations de fichier -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************
Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-764769323-2292736403-4051837317-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-764769323-2292736403-4051837317-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="6280080D27AC88A2A654C2F29273D597F8013BD5313F13CD9E794A162550F82D2D952B3B2F61620716DF0F3466FDCA960E74082EBD641A27376EB370E085C1B524FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D6794FEBC9E127BECC74C93CDAB529C3B7AF196B376F1C605A249F7E8B7DB1D76600B20FDC07F1E2E0A2774AAC7B2E6FDA508BFFC4987AA0B970CB5E0F679B6355D5D7BF3C261095A5491CB2B67C0FC5A1713A3C4115AF679E8EB7D8F8F97358EADCEA5FB94449FF674FA93838C97336D94EA5B5EFB08729D54562B83F279719828805B8013316A0BF85D081D9D22644B027BC54F17816638374ADD80FB34C66344A71B228082F4109441A893E4A1EC7B6CC3844F578EA37B175DF7FB66B5146F208D2AB401E851F31BC4BDB611AA307701D57E4D14C6FB911CB6A1A0D0393D307C0F903F20679219871B4E8BB52712AF945BDCEA081945931093444DC254AA103C9E9B7DC8D55255780AA8CB46D1FD061D8D0F7DD1C75A94E5431113226C486BEABF59DDCD602DF2AF6CDCE21F3DE0D2B53CC60E76679A95AE2BF93BBCBC0494B40D9F85E408C3AF11AFBFF07F4EABE09C4B795ADCE2E8122442B6BD42D2D2CEE9B206CBA59E3BBD29D56D4C873CD3ED35B0E1D3D076AAF22216C2CA47142DD37F7367BA8FCB3BC2A476BF7BBF14552E86F9FDA080B4CB9AA7465CC344B48C500FA36613830DF05954BAD83C9138AA483BC3901A81043B5BD707074095C071E6D4AC6549C4B10D8F30E19EFE4ADBD8D622431ECD481E697EFC9F0A897B96E0AAB10C8D02005C446651BDB8671E88E26A2EBE727C32104EBF026F701F9BE86026ABD2C99B41854E5475B317CE239A538476921B9CFDBB654EF56388B3FBBF7C55E9A6CB24797969447E3F67C0D343B71DB62C6B56CFD7AC4E8D8167AC8BF3C5293A4006DF7ED65493F3EE217F8D87A29D4C10F609ADEC26D8A1E163A598354F078EEC32C50992D5157C637D7E933F28E6BBD5994505595979AB31966DD88630C8790E4B81B7F3B58CE754F8E68B98E24CA9A8F15023CD51B0CC2FE084E33F043A369992720B964036280C53940192EF126347E0A43D521A70492F66A33708EA9C9F988BAC686AC64053E714976103F1F555850DED69BE4A23899B8CB4326109A4B827FD7799B39CCAA25A83B47F918DA615C9E19024C175A497EE0055199D05FCA4F7774D4D0A1C6D746AAEE592BDECC558108B9FCA5DB743253A2F5915E38B42AD4FC5DF12582032C9B1665633553E6BF9677C6523E62F4485A0CC46B22FCA03BE877F91DEDE0B954A5FBF66E17EB1227873EBDF5388FE60AFDCD0D7E1CDF7476A8DFAF98DB1418B3F34952C7E327DE9776BD3C067BECC4141"
"11.00.00.01WORKSTATION"="8EF065C0B8D820499D0CADA57F6572076832FB265059D9B91393CC8CF0E89412B2E79A8218D2CCD5B89E4E397C9BF1C438198315C25068126EFB1D7537DC84722C8EAA045175563801261C1A8F8AC7763C2847ADA0CF05FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555BA7FD869164D679467875260EA7D7DA312F227A62BCA8003206DA6B5CB9B25D6DE835F4400477A1BDB0AD532D3B8346B919E098A180CB371A2787ADC6A109AA02485CBDD478BF344F7E176DCA75369D9B690008639B70ABC29914E001E39A1A7584104C03F111D7A9E06ED51310D03DA5CD207C9A2337B22A97A00A8E13FE113A74B617570E66EEF5780B9B6A0F56DCE8286DCB6CCB384CABC87AE18191D887D664E08B744ECE64DCB721DE48874958A4E6005E39444A4D91F233FC088A2C67309885B79085786ABCB8E1DEAE0C2EED38628C51B3AC35EE33249D94B597451F72ACB04DDEF30549B4A1C8408856DF0E8973A2B5BE264B9F1F98C6992188961000780F03E1253591FDEF56134B4D794F7118604D694AE440120129FA5382EB077021E53A76872A3AD428B069812B6D9272791E3F4BE7B0B82F0116F490E02833B21B49E58519145B2D46108902614C20CB1F3224F2F7A245BDE59127352F71C1E8DE50DC70F09520D1A8CC1AFDACDD5342D5A58B41CAE25E27CCA83D1A3D9C4E317E89B1C4887668E37B9D03C01959D20B704E6281C6E2A68845B03418241C849AC068BB3878B1D80F8A799AC4B702A43164570DF2EE3532CD3949457D51F787BE51E621EBA6B1A9B4DAA4031CF3A0D84B1865DC5B00FC463E892815AE4362B1CFD21E79F354E01104628AE2B8C9E5CC014C4D8F8E7C125B6EB08D5C6DD203741CF962AB12D337D819C1D942E5FA0B2496F10CE4C7D24A0C2A4B861CBD247F87460987B00BBE83C062A1863060C153060158C76C67DAF661AFE7F38CC396C52B453546E6C6115EEA8ED3D502EB926F63E7F71C4A058B32B408C473361E8222773F28EDE88FDB04BE78AC2565AF3D2AC0F498DF4CAE15226AE82946DD52150E0182E9BE620DA888A38C773B4EDA9EA7DF3B13E8766D203125239F9C62803B3EB7A16E56BAD1FBCEA008F30EA842F1517001EF9BD4AC810AE8CAD22640D125BB8E9616C8E635C43AD9AF0EA4269BB4BACBB95C79F02C119C0B281C92FEB3A2CBB28E8403AA4836319D59F2C43A0EADA73A2C444F8CA238F8F8D78C251DFC7DBEDEBAA891C896ABAF5F6728EBA5DBA66A7A47AA0D818B53C66587C723C38EBF74CDD4901A560CC3A923263C03D0A8FE208A52B1F910FA6B795C69AD0A3783CDE571D0A750BA7C6A6C0B411872045B11AD5FE6F1AB98B84F16F7D02EB00D9B14692BA57"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-09-22  22:06:07
ComboFix-quarantined-files.txt  2010-09-22 20:06

Avant-CF: 114.762.153.984 octets libres
Après-CF: 114.794.778.624 octets libres

- - End Of File - - 7B7B8BB9C2419C34FE632B0326CD46C7

nicplet · Answer

nicplet · Answer

et la suite....

O43 - CFD:Common File Directory ----D- C:\ProgramData\ACD Systems
O43 - CFD:Common File Directory ----D- C:\ProgramData\Adobe
O43 - CFD:Common File Directory ----D- C:\ProgramData\Apple
O43 - CFD:Common File Directory ----D- C:\ProgramData\Apple Computer
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Application Data
O43 - CFD:Common File Directory ----D- C:\ProgramData\Avira
O43 - CFD:Common File Directory ----D- C:\ProgramData\BVRP Software
O43 - CFD:Common File Directory ----D- C:\ProgramData\CyberLink
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Desktop
O43 - CFD:Common File Directory ----D- C:\ProgramData\DivX
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Documents
O43 - CFD:Common File Directory ----D- C:\ProgramData\DriverScanner
O43 - CFD:Common File Directory ----D- C:\ProgramData\eMule
O43 - CFD:Common File Directory ----D- C:\ProgramData\EPSON
O43 - CFD:Common File Directory ----D- C:\ProgramData\ExtraFilm
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favorites
O43 - CFD:Common File Directory ----D- C:\ProgramData\FLEXnet
O43 - CFD:Common File Directory ----D- C:\ProgramData\Google
O43 - CFD:Common File Directory ----D- C:\ProgramData\Google Updater
O43 - CFD:Common File Directory ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\ProgramData\HotSync
O43 - CFD:Common File Directory ----D- C:\ProgramData\iolo
O43 - CFD:Common File Directory ----D- C:\ProgramData\Lavasoft
O43 - CFD:Common File Directory ----D- C:\ProgramData\LightScribe
O43 - CFD:Common File Directory ----D- C:\ProgramData\ma-config.com
O43 - CFD:Common File Directory ----D- C:\ProgramData\Malwarebytes
O43 - CFD:Common File Directory -S-AD- C:\ProgramData\Microsoft
O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft Help
O43 - CFD:Common File Directory ----D- C:\ProgramData\Nero
O43 - CFD:Common File Directory ----D- C:\ProgramData\Norton
O43 - CFD:Common File Directory ----D- C:\ProgramData\NortonInstaller
O43 - CFD:Common File Directory ----D- C:\ProgramData\NVIDIA
O43 - CFD:Common File Directory ----D- C:\ProgramData\Office Genuine Advantage
O43 - CFD:Common File Directory ----D- C:\ProgramData\PACE Anti-Piracy
O43 - CFD:Common File Directory ----D- C:\ProgramData\Photodex
O43 - CFD:Common File Directory ----D- C:\ProgramData\Ralink Driver
O43 - CFD:Common File Directory ----D- C:\ProgramData\RapidSolution
O43 - CFD:Common File Directory ----D- C:\ProgramData\Sony Ericsson
O43 - CFD:Common File Directory ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\ProgramData\srcheng
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Start Menu
O43 - CFD:Common File Directory ----D- C:\ProgramData\Sun
O43 - CFD:Common File Directory ----D- C:\ProgramData\SupportSoft
O43 - CFD:Common File Directory ----D- C:\ProgramData\Symantec
O43 - CFD:Common File Directory ----D- C:\ProgramData\Teleca
O43 - CFD:Common File Directory ---AD- C:\ProgramData\Temp
O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Templates
O43 - CFD:Common File Directory ----D- C:\ProgramData\TuneUp Software
O43 - CFD:Common File Directory ----D- C:\ProgramData\UDL
O43 - CFD:Common File Directory ----D- C:\ProgramData\Uniblue
O43 - CFD:Common File Directory ----D- C:\ProgramData\WildTangent
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ACD Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared
O43 - CFD:Common File Directory ---AD- C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PACE Anti-Piracy
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Remote Control Software Common
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Remote Control USB Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Sony Ericsson Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Supportsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Teleca Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/09/2010 - 7:55:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DbgOut.INI [0]
O44 - LFC:[MD5.048A108B37993E9C5BEECA61835DE6DA] - 13/09/2010 - 7:52:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [2346128]
O44 - LFC:[MD5.C2CE54DF259FDB731E86774AFDF94DD3] - 19/09/2010 - 9:19:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [632]
O44 - LFC:[MD5.9BDC4E4EC9D68BCE88CB41FAEEF89190] - 8/09/2010 - 10:17:46 ---A- . (.Apple Inc. - QuickTime Client DLL.) -- C:\Windows\System32\QuickTime.qts [69632]
O44 - LFC:[MD5.F4F9CA5BA9479BBD29BF128BA19BC443] - 8/09/2010 - 10:17:46 ---A- . (.Apple Inc. - QuickTimeVR DLL.) -- C:\Windows\System32\QuickTimeVR.qtx [94208]
O44 - LFC:[MD5.00000000000000000000000000000000] - 22/09/2010 - 21:06:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1478814]
O44 - LFC:[MD5.168C997530D63A6A913B4B36153D54B0] - 22/09/2010 - 21:06:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [46861]
O44 - LFC:[MD5.09465DE0625C9405AFFF89444A7A6874] - 22/09/2010 - 21:03:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system.ini [273]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 22/09/2010 - 20:51:54 ---A- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [31232]
O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 22/09/2010 - 20:51:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\MBR.exe [77312]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 22/09/2010 - 20:51:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 22/09/2010 - 20:51:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 22/09/2010 - 20:51:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 22/09/2010 - 20:51:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 22/09/2010 - 20:51:54 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 22/09/2010 - 20:51:54 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [136704]
O44 - LFC:[MD5.B44F9D96222F991EE6B9F7ED56966FAD] - 22/09/2010 - 20:51:19 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.761B83E39945CA9ABC48DF0BA0EDA183] - 22/09/2010 - 20:51:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\oodbs.lor [1435348]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 22/09/2010 - 20:49:54 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Windows\SWXCACLS.exe [212480]
O44 - LFC:[MD5.0F19CB0357A0B26AD2F95C14BB1ED061] - 22/09/2010 - 20:06:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [4727]
O44 - LFC:[MD5.C78B78CADD4EDAC2ADF741A52F19D181] - 22/09/2010 - 19:04:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [4752]
O44 - LFC:[MD5.0753BA5A34B41EFF032F929D896B6EC5] - 19/09/2010 - 12:40:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [707392]
O44 - LFC:[MD5.3B17D7B35CA38D327285AE36DBF1E88E] - 19/09/2010 - 12:40:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [104716]
O44 - LFC:[MD5.CEE26660E918F6C75F47500440BB6A9C] - 19/09/2010 - 12:40:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [598702]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 16:28:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 16:28:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.3F337DD54339BEAF26917D3A0A32C1DE] - 12/09/2010 - 15:52:10 ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll [81920]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 12/09/2010 - 15:28:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.12E10DCAD92CECF8BB63F7315C03BB49] - 27/08/2010 - 14:02:10 ---A- . (.TuneUp Software - TuneUp Registry Optimization Boot Applicati.) -- C:\Windows\System32\TURegOpt.exe [30528]
O44 - LFC:[MD5.03997A0D72112088CD69B0785CE286B2] - 27/08/2010 - 13:56:42 ---A- . (.TuneUp Software - TuneUp WinLogon Extension.) -- C:\Windows\System32\authuitu.dll [21312]
O44 - LFC:[MD5.734C80D01B405534FA4054FA27A023D7] - 27/08/2010 - 13:56:30 ---A- . (.TuneUp Software - TuneUp Theme Extension.) -- C:\Windows\System32\uxtuneup.dll [30016]

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - (no name) - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers\"MSVideo.PD1120VFW"="P1120Vfw.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \Drivers32\"vidc.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"ACDV.dll"="ACDV 1.0" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\HotSync [Key] . (.PalmSource, Inc - HotSync® Manager Application.) -- C:\Program Files\Palm\Hotsync.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe [Key] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.73685E15EF8B0BD9C30F1AF413F13D49] - 10/01/2010 - 12:25:47 ---A- . (.Adobe Systems, Inc. - Adobe Drive File System Driver.) -- C:\Windows\system32\drivers\adfs.sys
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 3:32:46 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 3:32:51 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 3:32:52 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 3:32:53 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 3:32:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 3:32:49 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 3:32:50 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys
O58 - SDL:[MD5.B979979AB8027F7F53FB16EC4229B7DB] - 10/09/1999 - 11:06:00 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\Windows\system32\drivers\Aspi32.sys
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 25/11/2009 - 11:19:02 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys
O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 9:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\system32\drivers\avipbb.sys
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 2/11/2006 - 9:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 2/11/2006 - 9:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 2/11/2006 - 9:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 2/11/2006 - 9:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 3:32:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 2/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 3:32:50 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys
O58 - SDL:[MD5.DC8FCBD7E98FE7BE4E7CA9780835FAB7] - 20/09/2007 - 13:12:34 ---A- . (.EldoS Corporation - RawDisk Driver. Allows write-access to raw disk sectors for use.) -- C:\Windows\system32\drivers\elrawdsk.sys
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 3:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys
O58 - SDL:[MD5.007AEA2E06E7CEF7372E40C277163959] - 1/05/2010 - 11:00:53 ---A- . (.Sony Ericsson Mobile Communications - SEMC USB Flash Driver Filter.) -- C:\Windows\system32\drivers\ggflt.sys
O58 - SDL:[MD5.C73DE35960CA75C5AB4AE636B127C64E] - 1/05/2010 - 11:00:53 ---A- . (.Sony Ericsson Mobile Communications - SEMC USB Flash Driver.) -- C:\Windows\system32\drivers\ggsemc.sys
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 3:32:52 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 3:32:49 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 2/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 3:32:49 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 3:32:51 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 3:32:48 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 3:32:53 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 3:32:52 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 2/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys
O58 - SDL:[MD5.C9AFE484B3645DA74FD459F45E4F756F] - 24/05/2009 - 15:36:42 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\Windows\system32\drivers\netr73.sys
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 2/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 2/11/2006 - 8:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys
O58 - SDL:[MD5.FBBA09782F2FAC5A57619DF378BA9372] - 22/05/2008 - 21:49:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.) -- C:\Windows\system32\drivers\nvlddmkm.sys
O58 - SDL:[MD5.D958A2B5F6AD5C3B8CCDC4D7DA62466C] - 1/08/2008 - 13:51:14 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvmfdx32.sys
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 3:32:47 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys
O58 - SDL:[MD5.BE9039422A5CE976C03C5E2CF20106BE] - 25/04/2009 - 2:07:20 ---A- . (.NVIDIA Corporation - NVIDIA nForce(TM) SMU Microcontroller Driver.) -- C:\Windows\system32\drivers\nvsmu.sys
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 3:32:47 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys
O58 - SDL:[MD5.3CF8312C91F2B5C6830391E97D11A0CB] - 30/08/2008 - 4:21:46 ---A- . (.O&O Software GmbH - O&O TextMode Driver (Win32).) -- C:\Windows\system32\drivers\oobctm.sys
O58 - SDL:[MD5.AFAC801658FC8CAE393755E7BA214D88] - 19/09/2003 - 7:34:06 ---A- . (.Creative Technology Ltd. - Video Streaming and Capture Device Driver.) -- C:\Windows\system32\drivers\P1120Vid.sys
O58 - SDL:[MD5.390C204CED3785609AB24E9C52054A84] - 12/12/2005 - 18:27:00 ---A- . (.Hewlett-Packard Company - PS2 SYS.) -- C:\Windows\system32\drivers\PS2.sys
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 3:32:50 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 2/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys
O58 - SDL:[MD5.5A4AAD2240CB8B50FFEAEDB2BF747ABD] - 6/07/2010 - 6:33:52 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys
O58 - SDL:[MD5.E1AB463B36A7EF31D8A73A97A9B57AFA] - 23/04/2007 - 14:54:46 ---A- . (.MCCI Corporation - Sony Ericsson Device 115 Driver.) -- C:\Windows\system32\drivers\s115bus.sys
O58 - SDL:[MD5.E4B2CBD20267081D1EECCCEB0BA8F4DF] - 23/04/2007 - 14:54:48 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s115cm.sys
O58 - SDL:[MD5.E4B2CBD20267081D1EECCCEB0BA8F4DF] - 23/04/2007 - 14:54:48 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s115cmnt.sys
O58 - SDL:[MD5.E24113FC13B8737C94CF4E3415488C76] - 23/04/2007 - 14:54:48 ---A- . (.MCCI Corporation - Sony Ericsson Device 115 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s115mdfl.sys
O58 - SDL:[MD5.4029E49E7C673AA0670BD206B0AF1B5B] - 23/04/2007 - 14:54:48 ---A- . (.MCCI Corporation - Sony Ericsson Device 115 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s115mdm.sys
O58 - SDL:[MD5.EB02AB4CA8BCCECFDE236CAD8FC6E135] - 23/04/2007 - 14:54:50 ---A- . (.MCCI Corporation - Sony Ericsson Device 115 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s115mgmt.sys
O58 - SDL:[MD5.089869DB9FFD2AC807FA87FE82AC7761] - 23/04/2007 - 14:54:50 ---A- . (.MCCI Corporation - Sony Ericsson Device 115 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s115obex.sys
O58 - SDL:[MD5.6CE7CFEEFF96BD1B999BEBE5F9AD7D78] - 23/04/2007 - 14:54:50 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s115wh.sys
O58 - SDL:[MD5.6CE7CFEEFF96BD1B999BEBE5F9AD7D78] - 23/04/2007 - 14:54:50 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s115whnt.sys
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 2/11/2006 - 7:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys
O58 - SDL:[MD5.E5B56569A9F79B70314FEDE6C953641E] - 1/05/2010 - 11:01:26 ---A- . (.Sony Ericsson Mobile Communications - seehcri Driver.) -- C:\Windows\system32\drivers\seehcri.sys
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 3:32:52 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys
O58 - SDL:[MD5.7F1B7C4D446CD3F926AF45B8C48BD593] - 22/08/2009 - 12:46:57 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\system32\drivers\sptd.sys
O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 11/05/2009 - 9:11:52 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 2/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 2/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 2/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 3:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 3:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys
O58 - SDL:[MD5.4B8A9C16B6D9258ED99C512AECB8C555] - 19/04/2010 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl.sys
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 3:32:21 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 3:32:49 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS

---\\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {27CED31B-0EF3-467B-91AF-2D87AABFB3FF} - (Yahoo! Search) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {89566CD9-F413-0460-BD99-8AE6980911A3} - (MyStart) - http://www.mystart101.com
O69 - SBI: SearchScopes [HKCU] {C2BC8855-EA37-11DE-8A39-0800200C9A66} - (MyStart) - http://www.mystart101.com

---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
Run by Nicolas at 22/09/2010 22:53:15
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS
kernel: MBR read successfully
user & kernel MBR OK

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
MBRCheck, version 1.2.3 by ad13, http://ad13.geekstog
Run by Nicolas at 22/09/2010 22:53:29
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
Found non-standard or infected MBR.
Dump file Name : C:\Program Files\ZHPDiag\MBRDump_09-22-10_22-53-29_PhysicalDrive0.bin

---\\ Recherche des services démarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d'application.) -- C:\Windows\System32\aelupsvc.dll [24576]
O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\Windows\System32\uxtuneup.dll [30016]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [62976]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [247296]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [122880]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [576512]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [438784]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [315392]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d'accès distant.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\System32\rasmans.dll [262144]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d'interface dynamique.) -- C:\Windows\System32\mprdim.dll [68608]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d'événements système (SENS).) -- C:\Windows\system32\sens.dll [47104]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [288256]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242688]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [1929952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [758784]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247296]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [19968]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d'application.) -- C:\Windows\System32\appinfo.dll [33280]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [111616]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [45056]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [153088]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [57344]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [162304]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [595456]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service de configuration des services Terminal Server.) -- C:\Windows\system32\sessenv.dll [84992]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d'ordinateurs.) -- C:\Windows\System32\browser.dll [81920]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [68096]
O83 - Search Svchost Services: ezSharedSvc (ezSharedSvc) . (.EasyBits Sofware AS - Shared EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7.dll [129992]

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 13/05/2009 108289 | Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 21/07/2009 185089 | Avira AntiVir Guard (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 13/08/2010 144672 | Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 18/05/2010 345376 | Service Bonjour (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 9/07/2009 1716224 | ExtraFilm upload service (EFUploadSrv) . (.Textalk AB.) - C:\Program Files\ExtraFilm Designer BE FR\EFUploadSrv.exe
SS - | Demand 22/08/2009 655624 | FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 22/08/2009 133104 | Service Google Update (gupdate1ca2324f3892098) (gupdate1ca2324f3892098) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 2/02/2010 194032 | Google Software Updater (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 4/12/2008 94208 | HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 4/04/2005 69632 | InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 1/09/2010 820008 | Service de l'iPod (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/03/2009 73728 | LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 29/04/2010 304464 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/09/2007 853288 | Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Demand 20/09/2007 382248 | NMIndexingService (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Demand 22/05/2008 118784 | NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 4/09/2008 1295616 | O&O Defrag (O&O Defrag) . (.O&O Software GmbH.) - C:\Windows\system32\oodag.exe
SR - | Auto 28/02/2010 186760 | ScsiAccess (ScsiAccess) . (.Pas de propriétaire.) - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
SR - | Auto 29/05/2008 202016 | SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) . (.SupportSoft, Inc..) - C:\Program Files\Belgacom\bin\sprtsvc.exe
SR - | Auto 28/05/2007 275968 | StarWind AE Service (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Auto 29/05/2008 382320 | SupportSoft RemoteAssist (SupportSoft RemoteAssist) . (.SupportSoft, Inc..) - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
SR - | Auto 24/08/2010 92008 | TomTomHOMEService (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SS - | Demand 9/09/2010 435008 | C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp.Defrag) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
SR - | Auto 27/08/2010 1051968 | TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

End of the scan (1150 lines in 02mn 48s)(0)

nicplet · Answer

voici le rapport:

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.7 ¤¤¤¤¤¤¤¤¤¤

User : Nicolas (Administrators) 
Update on 22/09/2010 by g3n-h@ckm@n ::::: 16.30
Start at: 23:11:48 | 22/09/2010

Intel(R) Pentium(R) Dual  CPU  E2220  @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18943
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 286,77 Go (106,97 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 11,32 Go (1,58 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque amovible
 
Boot: Normal 

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer


C:\Windows\System32\smss.exe ---- 748 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ---- 
C:\Windows\system32\csrss.exe ---- 6072 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ---- 
C:\Windows\system32\wininit.exe ---- 3888 Ko ---- High ---- wininit.exe ---- 
C:\Windows\system32\csrss.exe ---- 15120 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ---- 
C:\Windows\system32\services.exe ---- 5740 Ko ---- Normal ---- C:\Windows\system32\services.exe ---- 
C:\Windows\system32\lsass.exe ---- 2056 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ---- 
C:\Windows\system32\lsm.exe ---- 3820 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ---- 
C:\Windows\system32\winlogon.exe ---- 5892 Ko ---- High ---- winlogon.exe ---- 
C:\Windows\system32\svchost.exe ---- 5664 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ---- 
C:\Windows\system32\svchost.exe ---- 5928 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ---- 
C:\Windows\System32\svchost.exe ---- 44844 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ---- 
C:\Windows\System32\svchost.exe ---- 11936 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ---- 
C:\Windows\System32\svchost.exe ---- 93312 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ---- 
C:\Windows\system32\svchost.exe ---- 39076 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ---- 
C:\Windows\system32\svchost.exe ---- 4512 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k GPSvcGroup ---- 
C:\Windows\system32\SLsvc.exe ---- 10928 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ---- 
C:\Windows\system32\svchost.exe ---- 10200 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ---- 
C:\Windows\system32\svchost.exe ---- 17624 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ---- 
C:\Windows\System32\spoolsv.exe ---- 10120 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ---- 
C:\Windows\system32	askeng.exe ---- 5596 Ko ---- Below Normal ---- taskeng.exe {F06E49F8-E853-4FD6-8FF4-0EEE523A1300} ---- 
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 1700 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ---- 
C:\Windows\system32\svchost.exe ---- 16992 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ---- 
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 7792 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ---- 
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ---- 3784 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 4712 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\Windows\system32\svchost.exe ---- 3316 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k bthsvcs ---- 
C:\Program Files\ExtraFilm Designer BE FR\EFUploadSrv.exe ---- 4048 Ko ---- Normal ---- "C:\Program Files\ExtraFilm Designer BE FR\EFUploadSrv.exe" ---- 
c:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 3652 Ko ---- Normal ---- "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" ---- 
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe ---- 7192 Ko ---- Normal ---- "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ---- Nero AG
C:\Windows\system32\oodag.exe ---- 27744 Ko ---- Normal ---- C:\Windows\system32\oodag.exe ---- O and O Software GmbH
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ---- 1612 Ko ---- Normal ---- "C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe" ---- Photodex Corporation
C:\Program Files\Belgacom\bin\sprtsvc.exe ---- 340 Ko ---- Normal ---- "C:\Program Files\Belgacom\bin\sprtsvc.exe" /service /p belgacom ---- SupportSoft, Inc.
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ---- 5160 Ko ---- Normal ---- "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ---- 
C:\Windows\system32\svchost.exe ---- 6908 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ---- 
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 2164 Ko ---- Normal ---- "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" ---- TomTom International BV
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe ---- 15404 Ko ---- Normal ---- "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" ---- TuneUp Software
C:\Windows\System32\svchost.exe ---- 4048 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ---- 
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 9376 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\Windows\system32\WUDFHost.exe ---- 5040 Ko ---- Normal ---- "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-56d2f2be-4692-4413-a4ea-3a9a8c71afce -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a899f357-c3b4-4be8-b592-ce0e4b41108a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4fda58b6-9aa3-41ff-a0e0-a282ec5f8326 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3998826c-0050-4c68-affd-3c30b3027c08 ---- 
C:\Windows\system32\Dwm.exe ---- 4340 Ko ---- Normal ---- "C:\Windows\system32\Dwm.exe" ---- 
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 2744 Ko ---- Normal ---- WLIDSvcM.exe 2168 ---- Microsoft Corporation
C:\Windows\system32	askeng.exe ---- 10140 Ko ---- Normal ---- taskeng.exe {74F5A70F-D7A2-4B0C-A1DC-A337C03C5BCC} ---- 
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe ---- 6896 Ko ---- Normal ---- "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe" /TUStart /pid:2120 ---- TuneUp Software
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe ---- 8628 Ko ---- Normal ---- "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" ---- 
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe ---- 4828 Ko ---- Normal ---- "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" ---- Malwarebytes Corporation
C:\Windows\system32\conime.exe ---- 3504 Ko ---- Normal ---- C:\Windows\system32\conime.exe ---- 
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 6248 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnscfg.exe" ---- 
C:\Windows\system32\wbem\unsecapp.exe ---- 4608 Ko ---- Normal ---- C:\Windows\system32\wbem\unsecapp.exe -Embedding ---- 
C:\Windows\system32\wbem\wmiprvse.exe ---- 5812 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ---- 
C:\Windows\system32\wuauclt.exe ---- 5144 Ko ---- Normal ---- "C:\Windows\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
C:\Windows\System32\mobsync.exe ---- 6368 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ---- 
C:\Windows\Explorer.exe ---- 45660 Ko ---- Normal ---- Explorer.exe ---- 
C:\Program Files\ZHPDiag\ZHPDiag.exe ---- 92648 Ko ---- Normal ---- "C:\Program Files\ZHPDiag\ZHPDiag.exe"  ---- 
C:\Windows\system32\cmd.exe ---- 2452 Ko ---- Normal ---- C:\Windows\system32\cmd.exe  /K List'em.bat ---- 
C:\Windows\system32\wbem\wmiprvse.exe ---- 9008 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ---- 
C:\Program Files\List_Kill'em\pv.exe ---- 6956 Ko ---- Normal ---- pv  -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ---- 


¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar	=         	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uTorrent	=         	"C:\Users\Nicolas\Desktop\uTorrent.exe"
TomTomHOME.exe	=         	"C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
Windows Defender	=  	%ProgramFiles%\Windows Defender\MSASCui.exe -hide 
hpsysdrv	=         	c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe 
{0228e555-4f9c-4e35-a3ec-b109a192b4c2}	=         	C:\Program Files\Google\Gmail Notifier\gnotify.exe 
NBKeyScan	=         	"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
NeroFilterCheck	=         	C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe 
SmartMenu	=  	%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 
DVDAgent	=         	"C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" 
NvCplDaemon	=         	RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
avgnt	=         	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
Malwarebytes' Anti-Malware	=         	"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	=      	145 (0x91) 
NoDrives	=      	0 (0x0) 
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DISALLOWCPL 
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RESTRICTCPL 
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RESTRICTRUN 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDrives	=      	0 (0x0) 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 Shell	=         	Explorer.exe 
 Userinit	=         	C:\Windows\system32\userinit.exe, 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD}	=         	Groove GFS Stub Execution Hook 
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	=         	 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe	=         	C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe	=         	C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

HKLM\SYSTEM\CCS\Services\Tcpip\..\{73E75807-35B1-4C38-A31A-F8CE45B28BC4}: DhcpNameServer=192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{73E75807-35B1-4C38-A31A-F8CE45B28BC4}: DhcpNameServer=192.168.1.1 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{73E75807-35B1-4C38-A31A-F8CE45B28BC4}: DhcpNameServer=192.168.1.1 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr
Default_Search_URL	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	=         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤ Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1	=      	1 (0x1)
ProxyEnable	=      	0 (0x0)


¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
 

¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Adobe Reader and Acrobat Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Google Software Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Google Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\GoogleUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\GoogleUpdateTaskMachineUA]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\HP Health Check]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\HP Health Check Scheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\HPCeeScheduleForNicolas]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Java Update Scheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Launch HTC Sync Loader]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\OfficeSoftwareProtectionPlatform]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\TuneUpUtilities_Task_BkGndMaintenance]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\WPD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule	askcache	ree\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}]

¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]

¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection] 
KnownDllList	=         	nlhtml.dll
SFCDisable	=      	0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!  
 
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys  
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys  
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys  
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys  
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys  
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys  
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys  

¤¤¤¤¤ Reference 

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4   : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 338c86357871c167a96ab976519bf59e
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
 
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe  
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe  
[MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe  
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe  
[MD5.5ef11ac92b68b4b8058a3a4f037f26ce] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_541a229990083594\explorer.exe  

¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
 
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe 
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe 
[MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe 
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe 

¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

Défragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: HP

    Taille du volume                	= 287 Go
    Espace libre                    	= 107 Go
    Étendue d'espace libre la plus grande 	= 90.80 Go
    Pourcentage de fragmentation des fichiers 	= 0 %

    Remarque : sur les volumes NTFS, les fragments de fichiers de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas nécessaire de défragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
 
 
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
 

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\ProgramData
vModes.001  
Present !! : C:\ProgramData
vModes.dat  
Present !! : C:\ProgramData
vModes.001  
Present !! : C:\ProgramData
vModes.dat  
Present !! : C:\ProgramData
vModes.001  
Present !! : C:\ProgramData
vModes.dat  
Present !! : C:\ProgramData
vModes.001  
Present !! : C:\ProgramData
vModes.dat  
Present !! : C:\Windows\System32\_AxShlEx.dll  
Present !! : C:\Windows\System32\drivers\etc\hosts.msn  
Present !! : C:\Users\Nicolas\AppData\Local\d3d9caps.dat  
Present !! : C:\Users\Nicolas\AppData\Local\GDIPFONTCACHEV1.DAT  
Present !! : C:\Users\Nicolas\Local Settings\Temp\log.txt  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Present !! : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6  
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19  
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\BHDRVX86  
Present !! : HKLM\SYSTEM\ControlSet001\Services\BHDRVX86  
Present !! : HKLM\SYSTEM\ControlSet002\Services\BHDRVX86  

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 23:29:52
Windows 6.0.6002 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
kernel: MBR read successfully
user & kernel MBR OK 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
cval	=      	1 (0x1) 
FirewallDisableNotify	=      	0 (0x0) 
AntiVirusDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 23:30:40,09 
User : Nicolas (Administrators) 
Update on 22/09/2010 by g3n-h@ckm@n ::::: 16.30
Start at: 23:33:16 | 22/09/2010

Intel(R) Pentium(R) Dual  CPU  E2220  @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18943
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 286,77 Go (106,97 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 11,32 Go (1,58 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque amovible
 
Boot: Normal

nicplet · Answer

Est-ce ceci?

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.7 ¤¤¤¤¤¤¤¤¤¤ 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\ProgramData
vModes.001 
Quarantined & Deleted !! : C:\ProgramData
vModes.dat 
 
Quarantined & Deleted !! : C:\Windows\System32\_AxShlEx.dll 
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\Users\Nicolas\AppData\Local\d3d9caps.dat 
Quarantined & Deleted !! : C:\Users\Nicolas\AppData\Local\GDIPFONTCACHEV1.DAT 
Quarantined & Deleted !! : C:\Users\Nicolas\Local Settings\Temp\log.txt 
Quarantined & Deleted !! : C:\Users\Nicolas\LOCAL Settings\Temp\catchme.dll 
Deleted !! : C:\$Recycle.bin\S-1-5-21-764769323-2292736403-4051837317-1000\$IQO267E.txt   
Deleted !! : C:\$Recycle.bin\S-1-5-21-764769323-2292736403-4051837317-1000\$RQO267E.txt   
 
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1       localhost   

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19  
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\BHDRVX86  
Deleted : HKLM\SYSTEM\ControlSet002\Services\BHDRVX86  

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	=         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	=         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.google.com/?gws_rd=ssl
Local Page	=         	C:\WINDOWS\system32\blank.htm
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
cval	=      	1 () 
FirewallDisableNotify	=      	0 (0x0) 
AntiVirusDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 
FirstRunDisabled	=      	1 () 
AntiVirusOverride	=      	0 (0x0) 
FirewallOverride	=      	0 (0x0) 
 
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Wlansvc : Start = 2   
 SharedAccess : Start = 2   
 windefend : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ 

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
kernel: MBR read successfully
user & kernel MBR OK 
 
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

nicplet · Answer

J'ai un problème, je n'arrive pas à télécharger Delfix via le lien que tu me donnes...  :-(

nicplet · Answer

Ca marche pas: Il est indiqué que le programme ne réponds pas....

nicplet · Answer

Ok, ça a marché, pour finir.

voici le rapport:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Backup old\Documents and Settings\Nico\Bureau\HijackThis.lnk: trouvé !
C:\Backup old\Documents and Settings\Nico\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Ad-Remover\Backup\Ad-R.exe: trouvé !
C:\Program Files\List_Kill'em\catchme.exe: trouvé !
C:\Program Files\List_Kill'em\mbr.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Program Files\ZHPDiag\catchme.exe: trouvé !
C:\Program Files\ZHPDiag\mbr.log: trouvé !
C:\Program Files\ZHPDiag\mbr.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\Guest\Desktop\HijackThis.lnk: trouvé !
C:\Users\Nicolas\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Nicolas\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\Nicolas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HijackThis.exe: trouvé !
C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HijackThis.lnk: trouvé !
C:\Users\Nicolas\Desktop\HijackThis.lnk: trouvé !
C:\Users\Nicolas\Downloads\ZHPdiag.exe: trouvé !
C:\Users\Nicolas\Downloads\ComboFix.exe: trouvé !
C:\Windows\mbr.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Backup old\Documents and Settings\Nico\Bureau\HijackThis.lnk: supprimé !
C:\Backup old\Documents and Settings\Nico\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Ad-Remover\Backup\Ad-R.exe: supprimé !
C:\Program Files\List_Kill'em\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Program Files\ZHPDiag\catchme.exe: supprimé !
C:\Users\Guest\Desktop\HijackThis.lnk: supprimé !
C:\Users\Nicolas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HijackThis.lnk: supprimé !
C:\Users\Nicolas\Desktop\HijackThis.lnk: supprimé !
C:\Users\Nicolas\Downloads\ZHPdiag.exe: supprimé !
C:\Users\Nicolas\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\Program Files\List_Kill'em\mbr.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Program Files\ZHPDiag\mbr.log: supprimé !
C:\Program Files\ZHPDiag\mbr.exe: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Nicolas\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\ZHPDiag: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\Users\Nicolas\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Explorateur Windows a cessé de fonctionner

16 réponses

Newsletters