Sujet Précédent Sujet Suivant

Rapport rsit

mimaly -  
 Utilisateur anonyme -
Bonjour,
suite a un problème,mon processeur fonctionne constamment a 100 pour cent je vous envoie le rapport de rsit merci d avance pour votre aide
info.txt logfile of random's system information tool 1.06 2010-02-03 21:04:24

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
-->MsiExec.exe /I{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}
-->MsiExec.exe /X{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Ad-Aware-->"C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Application Installer 4.00.B13-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{6F8A7834-2600-49E6-9760-9D63E9D5EC8B}
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
DisplayLink Core Software-->MsiExec.exe /X{8B06EC59-76E7-40DA-8179-83787E456D89}
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{BBCA8399-B8E0-4302-9CCE-B3789CE34F03}
Embedded Security for HP ProtectTools-->MsiExec.exe /I{2870C757-99AF-4E59-A853-1E274C5E67E4}
ESU for Microsoft Vista-->MsiExec.exe /I{35843988-D0A7-47AB-8B5E-C3C1D3665500}
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP 3D DriveGuard-->MsiExec.exe /X{826AA385-54B4-4E29-A32B-A2653A3858BD}
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Broadband Wireless Modules-->MsiExec.exe /X{B2D74DEC-9F82-428C-8C30-CCFBCFE45F90}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{9F238A60-C445-4B81-8EDE-07DC924E98F8}
HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 C2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP USB Docking Video-->MsiExec.exe /X{7FA98E77-D82A-4374-9F3A-2B6A7F261B70}
HP User Guides 0058-->MsiExec.exe /I{AAD766FC-9DD0-4493-8EBF-B9DFA869E401}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HP WWAN Setup Utility-->MsiExec.exe /X{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HTML Help Workshop-->C:\Program Files\HTML Help Workshop\setup.exe Uninstall
Installation de HP Backup & Recovery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Active Management Technology Device Software-->C:\Windows\system32\mesoludlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC-->C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe -runfromtemp -l0x040c -removeonly
Logiciel Intel(R) PROSet/Wireless WiFi-->MsiExec.exe /I{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{DCB21DB9-6177-4A7B-B85D-7C081F15A424}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}
Nokia Music-->MsiExec.exe /I{DC432844-6914-4421-910C-F1B05B3A761C}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi One Touch Access 6.85.3019-->msiexec /qn /x {C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi One Touch Access-->MsiExec.exe /I{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi Suite-->MsiExec.exe /I{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}
Nokia Ovi System Utilities 6.85.3018-->msiexec /qn /x {F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Ovi System Utilities-->MsiExec.exe /X{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Photos-->MsiExec.exe /I{0EABFEF6-6D10-4C12-8667-3029C481D355}
O&O Defrag Professional-->MsiExec.exe /I{B15B4D42-6B57-4A36-9458-A07D7F8955F9}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z\UIU32m.exe -U -IhpZ1379z.inf
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 2.5-->MsiExec.exe /X{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
SweetIM Toolbar for Internet Explorer 3.2-->MsiExec.exe /X{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TELL ME MORE-->"C:\Program Files\Auralog\TELL ME MORE Performance\Bin\unsetup.exe" -file "C:\Program Files\Auralog\TELL ME MORE Performance\unsetup.aui"
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UltraISO Premium V9.35-->"C:\Program Files\UltraISO\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vista Default Settings-->MsiExec.exe /I{FA8E7795-47D9-4E6F-9518-C05CF23EDFD0}
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender (disabled)

======System event log======

Computer Name: PC-de-pink
Event Code: 10016
Message: Les paramètres d'autorisation spécifiques à l'application n'accordent pas d'autorisation Local Exécution pour l'application serveur COM avec le CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
au SID AUTORITE NT\SYSTEM de l'utilisateur (S-1-5-18) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
Record Number: 297881
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20091106175428.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-pink
Event Code: 7
Message: La vitesse du processeur 1 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 1 secondes après le dernier rapport.
Record Number: 297880
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20091106175330.399059-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-pink
Event Code: 7
Message: La vitesse du processeur 0 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 1 secondes après le dernier rapport.
Record Number: 297879
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20091106175330.367859-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-pink
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
BtHidBus
VClone
Record Number: 297870
Source Name: Service Control Manager
Time W

Logfile of random's system information tool 1.06 (written by random/random)
Run by pink at 2010-02-03 21:00:32
Microsoft® Windows Vista™ Professionnel Service Pack 2
System drive C: has 32 GB (43%) free of 75 GB
Total RAM: 3062 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:01, on 03/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\pink\Downloads\RSIT(2).exe
C:\Program Files\trend micro\pink.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoower.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
 
Bonsoir

Le premier rapport n'est pas complet ;mais tu peux déja faire ceci:

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Télécharge et install UsbFix de C_XX
Ici : : http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
Tutorial de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

# Clic droit "Exécuter en tant qu'administrateur" sur le raccourci UsbFix présent sur ton bureau.

# Choisi l option 1 (Recherche)

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

@+
0
mimaly
 
merci guillaume de m avoir repondu je t envoie comme prevu le rapport de usbfix

############################## | UsbFix V6.087 |

User : pink () # PC-DE-PINK
Update on 04/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 00:17:26 | 04/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Microsoft® Windows Vista™ Professionnel (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 72,97 Go (31,55 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 1,55 Go (1,02 Go free) [OS_TOOLS] # NTFS
F:\ -> Disque CD-ROM
H:\ -> Disque amovible # 1,89 Go (1,77 Go free) [USB2GO ALI] # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

H:\log.txt

################## | Registre |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\F
shell\AutoRun\command =F:\wd_windows_tools\setup.exe

HKCU\..\..\Explorer\MountPoints2\H
shell\AutoRun\command =H:\start.exe

HKCU\..\..\Explorer\MountPoints2\{0cb30e92-6091-11dd-b821-001e37a04fa4}
shell\AutoRun\command =G:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{210277f0-ee32-11dd-80a0-001e37a04fa4}
shell\AutoRun\command =G:\start.exe

HKCU\..\..\Explorer\MountPoints2\{2697f3ff-c144-11dd-934f-001e37a04fa4}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{2697f422-c144-11dd-934f-001e37a04fa4}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{2fdf3866-e3f7-11dd-8db5-001e37a04fa4}
shell\AutoRun\command =G:\ntdetec1.exe
shell\explore\Command =G:\ntdetec1.exe
shell\open\Command =G:\ntdetec1.exe

HKCU\..\..\Explorer\MountPoints2\{2fdf386b-e3f7-11dd-8db5-001e37a04fa4}
shell\AutoRun\command =H:\start.exe

HKCU\..\..\Explorer\MountPoints2\{513a068b-10ba-11de-8870-001e37a04fa4}
shell\AutoRun\command =opgde.exe
shell\open\Command =opgde.exe

HKCU\..\..\Explorer\MountPoints2\{5fbb8279-8e46-11de-903a-001e37a04fa4}
shell\AutoRun\command =G:\InstallTomTomHOME.exe

HKCU\..\..\Explorer\MountPoints2\{8618075e-07fc-11de-97b1-001e37a04fa4}
shell\Auto\command =AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{94ab9377-e80d-11de-a8b3-001e37a04fa4}
shell\AutoRun\command =H:\InstallTomTomHOME.exe

HKCU\..\..\Explorer\MountPoints2\{9af4edde-cc44-11dd-89e8-001e37a04fa4}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{ae83b0cd-9eac-11dd-b742-001e37a04fa4}
shell\AutoRun\command =setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{b263e572-6f84-11dd-938c-001e37a04fa4}
shell\Auto\command =AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{bda8346e-0e38-11de-a55f-001e37a04fa4}
shell\1\Comµ(*h'žTÆÄl™¹ÂÐæ.£$°b&æüÇpçåD~J•”LWšØÍ@šÇ/ż,°Ã™‹k吙žÜjvÜûàÎX–ŸŽÀbÉ›ܱdza`r&¨x€ÔE,62¼v`”!#¾€y‰§>|øÆ(¼Ê5TÑšQ””É{8áVG|ÿHVóiÇ¡ÀŽð/ØWéEÔ*6Äù«I¾U.°@\¶¤Q~š*Ü+¤ý‰ý“ÿ"QGû øºM. ¯ü‚_ð1äïb¹:š îªh†††±ê#²¢DÊ2PTÐ!æ rDY§Ì¸Ü+ ä­Üë=7Uðg<:.7nÁÓg³úÄâ:BåbKÐùxü¥óSôn±ûÒd+ñèñWÛ69‹FïhÉž"=V#Ã"'K•°‡À¬çø~ëB¥õóˆiƒ"kÔÄ š¯g®
Âyœ¦º–Æ›Ž‘
`¯|nRG?× ™ ¥'ºÓm.ñ:G&Ì!8Á£Æ ¢AxàÁ áJãbô?Ê5êÊ
2žô× ãžVjÌD:_௓.ëO°‚k i5Eµ³åÎ©tžGÒ„?ƒNÇH ±k³·CÊ_õ˜!ÜøS·§{ãל«ó‚¹¾fòzÖ^:æ8¼¢t{aõi,"á&Í¿°>ä—ÅßHÊ·7“AÈäÒ¸£q7úÃû>'¡F ÀÀ´8MÅU³½
²r!ÌŒdfqH)–šÑšIÒ˜ÃB¹Âá91cPZHÔ”kò_§¢-¯«®í&=Áw•¡x\RͨyÞIa|™‰¶Ð9^›dËžÒ_ "Œ½¨™Øç£t7¡;¡š¼µ*^lòw
¼~Æí`Séå®<ÔzPÄÛ¦Gé&/ÜW ¬èó–äì*´ÜŸ+;º
Jk'ýn0E¶†¢*X)Ô
0
Utilisateur anonyme > mimaly
 
Bonsoir

1) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Clic droit"exécuter en temps qu'administrateur" sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 (Suppression)

# Ton bureau disparaîtra et le pc redémarrera.

# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


2)=> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.

3)Télécharge Malwarebytes anti malware ici
http://www.malwarebytes.org/mbam.php

* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

* Potasse le tuto pour te familiariser avec le prg :

https://forum.pcastuces.com/sujet.asp?f=31&s=3

(cela dis, il est très simple d’utilisation).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)


Poste les rapports au fur et à mesure ;merci

@+
0
Réponse 2 / 7
mimaly
 
bonjour guillaume voila le rapport de malwarebytes ,le dernier en date
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3690
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04/02/2010 22:20:55
mbam-log-2010-02-04 (22-20-55).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 265779
Temps écoulé: 59 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\pink\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00000001FC11589E2E59D837 (Trojan.Dropper) -> Quarantined and deleted successfully.
0
Utilisateur anonyme
 
Bonjour

Pourrais tu poster le rapport d'UsbFix option 2 stp ;merci.

Ensuite ;reposte un RSIT mais en mode normal;pas de mode sans échec.

@+

0
Réponse 3 / 7
MIMALY
 
bonjour guillaume voici le rapport d'UsbFix comme tu me l avais demande par contre je n ai pas pu avoir le rapport rsit en mode normal ,mon pc est trop lent et je n arrive plus acceder au bureau de windows en mode normal je ne sais pas pour quoi voila le rapport

############################## | UsbFix V6.087 |

User : pink (Administrateurs) # PC-DE-PINK
Update on 04/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:43:49 | 05/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Microsoft® Windows Vista™ Professionnel (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 72,97 Go (31,98 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 1,55 Go (1,12 Go free) [OS_TOOLS] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque amovible # 1,89 Go (1,77 Go free) [USB2GO ALI] # FAT
I:\ -> Disque CD-ROM # 5,45 Mo (0 Mo free) [U3 System] # CDFS
J:\ -> Disque amovible # 973,16 Mo (971,91 Mo free) [SCANDISK AL] # FAT
K:\ -> Disque fixe local # 298,08 Go (297,61 Go free) [ext ally] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\oodag.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\system32\runonce.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\igfxsrvc.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1048705490-3314177153-1035306432-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1781800892-3585499076-1573027979-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-1003
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-1004
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-501
Supprimé ! C:\$Recycle.Bin\S-1-5-21-918056312-2952985149-2686913973-500
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-1003
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-1004
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-501
Supprimé ! H:\log.txt
Non supprimé ! I:\autorun.inf
Supprimé ! J:\SYSTEM
Supprimé ! K:\$Recycle.Bin\S-1-5-21-3303094250-2052613164-1373151634-1003

################## | Registre |

Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{0cb30e92-6091-11dd-b821-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{210277f0-ee32-11dd-80a0-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2697f3ff-c144-11dd-934f-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2697f422-c144-11dd-934f-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2fdf3866-e3f7-11dd-8db5-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2fdf386b-e3f7-11dd-8db5-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{513a068b-10ba-11de-8870-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{5fbb8279-8e46-11de-903a-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8618075e-07fc-11de-97b1-001e37a04fa4}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{94ab9377-e80d-11de-a8b3-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9af4edde-cc44-11dd-89e8-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ae83b0cd-9eac-11dd-b742-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b263e572-6f84-11dd-938c-001e37a04fa4}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bda8346e-0e38-11de-a55f-001e37a04fa4}\Shell\1\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bda83473-0e38-11de-a55f-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{be73dd13-94c7-11de-8a1c-001e37a04fa4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d98aed6f-0cc0-11de-a27b-001e37a04fa4}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[05/02/2010 13:24|--a------|2917] C:\aaw7boot.log
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[04/06/2009 00:44|--a------|1677656] C:\ciam_install.log
[21/07/2009 23:22|--a------|9363] C:\Ciam_LogFile.log
[04/07/2007 12:57|--a------|0] C:\C_USERPART
[04/06/2009 01:22|--a------|186] C:\hpqlb.log
[03/05/2009 10:56|-rahs----|0] C:\IO.SYS
[14/10/2009 15:35|--a------|78] C:\lxdx.log
[03/05/2009 10:56|-rahs----|0] C:\MSDOS.SYS
[21/07/2009 23:22|--a------|184] C:\NONAME.LOG
[27/11/2008 18:11|--a------|262144] C:\ntuser.dat
[27/11/2008 18:11|--ah-----|5120] C:\ntuser.dat.LOG1
[27/11/2008 18:11|--ah-----|0] C:\ntuser.dat.LOG2
[27/11/2008 18:11|--ahs----|65536] C:\ntuser.dat{84dd1b4a-bca4-11dd-ac62-001e37a04fa4}.TM.blf
[27/11/2008 18:11|--ahs----|524288] C:\ntuser.dat{84dd1b4a-bca4-11dd-ac62-001e37a04fa4}.TMContainer00000000000000000001.regtrans-ms
[27/11/2008 18:11|--ahs----|524288] C:\ntuser.dat{84dd1b4a-bca4-11dd-ac62-001e37a04fa4}.TMContainer00000000000000000002.regtrans-ms
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[04/06/2009 00:46|--a------|3494] C:\ptsteLog.txt
[30/08/2009 16:10|--a------|11] C:\trace.ini
[05/02/2010 23:54|--a------|7731] C:\UsbFix.txt
[29/08/2009 19:14|--ahs----|4096] C:\VSNAP.IDX
[21/04/2009 22:45|--a------|19182] C:\WirelessDiagLog.csv
[25/07/2008 18:26|--a------|50] E:\HP_WINRE
[21/11/2009 21:57|--a------|73138176] H:\APPLICATION.zip
[21/11/2009 22:05|--a------|52428800] H:\Acronis True Image Home 2010+serial.zip
[03/02/2010 21:04|--a------|16384] H:\info.txt
[29/10/2009 17:33|--a------|34304] H:\Formatage rapide ou normal.doc
[03/02/2010 23:34|--a------|1497989] H:\UsbFix.exe
[04/02/2010 00:20|--a------|4792] H:\UsbFix.txt
[11/12/2006 21:03|-r-------|277] I:\autorun.inf
[07/12/2006 19:45|-r-------|1095224] I:\LaunchU3.exe
[11/12/2006 21:26|-r-------|4557609] I:\LaunchPad.zip
[10/12/2008 18:41|--a------|685] J:\CLEF ET CERTIFICAT.cer
[07/12/2006 19:45|-ra------|1095224] J:\LaunchU3.exe
[04/02/2010 02:14|---hs----|85] K:\desktop.ini

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-pink.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.087 ! |
0
Utilisateur anonyme
 
Bonjour



Toujours UAC désactivé:

1)Ton PC démarre t' il en mode normal? Il ne manque que le bureau?

2)Désinstalle Tunes up.

3)Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l’enregistrer sur ton bureau en asdehi (tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes


@+
0
Réponse 4 / 7
MIMALY
 
bonjour guillaume impossible a désinstaller-tuneup-utilities même avec le logiciel revo, ensuite une fois [ lance mon pc a plante complètement la je ne sais plus quoi faire en tout cas il est vraiment costaud ce cheval de troie ,j aurais aimer le trouver et supprimer avec ton aide par ce qu il m a vraiment défier, lol mais je crois que le plus sage est de lui céder place et formater mon disque dur mais la encore je ne possède pas de cd d installation et vu que je n arrive accéder a mon pc en mode normal ca va etre compliquer donc je suis un peu coincer. merci pour l aide que tu m apportes j attends tes conseilles
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
MIMALY
 
bonjour guillaume finalement j ai réussi avoir le rapport de combo mais en mode sans échec seulement voila le rapport

ComboFix 10-02-05.04 - pink 06/02/2010 22:04:12.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.3062.2590 [GMT 1:00]
Lancé depuis: H:\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pink\AppData\Roaming\Desktopicon
c:\users\pink\AppData\Roaming\Desktopicon\config.ini
c:\users\pink\AppData\Roaming\inst.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.

2010-02-06 21:46 . 2010-02-06 21:48 -------- d-----w- c:\users\pink\AppData\Local\temp
2010-02-06 21:46 . 2010-02-06 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-06 19:09 . 2010-02-06 19:09 -------- d-----w- c:\program files\VS Revo Group
2010-02-05 22:55 . 2010-02-05 22:55 14004 ----a-w- C:\UsbFix_Upload_Me_PC-de-pink.zip
2010-02-04 19:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 19:45 . 2010-02-04 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 19:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 23:14 . 2010-02-05 22:55 -------- d-----w- C:\UsbFix
2010-02-03 20:00 . 2010-02-05 23:02 -------- d-----w- C:\rsit
2010-02-03 00:48 . 2010-02-03 00:48 -------- d-----w- c:\program files\Lavasoft
2010-02-03 00:29 . 2010-02-03 00:43 -------- d-----w- c:\program files\Trojan Remover
2010-01-26 16:36 . 2010-01-26 16:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-26 12:48 . 2010-02-05 23:02 -------- d-----w- c:\program files\Trend Micro
2010-01-12 21:09 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:09 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 19:43 . 2009-07-29 20:11 5656 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-06 19:43 . 2009-07-29 20:11 5415456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-06 19:43 . 2009-07-29 20:11 46532 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-06 19:43 . 2009-07-29 20:11 1032224 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-06 19:42 . 2006-11-09 19:30 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-06 19:36 . 2009-07-29 20:11 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-05 22:49 . 2006-11-02 15:47 687282 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-05 22:49 . 2006-11-02 15:47 131396 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-05 12:36 . 2008-12-30 18:51 -------- d-----w- c:\programdata\Lavasoft
2010-02-05 02:24 . 2009-10-10 19:33 -------- d-----w- c:\program files\Full Tilt Poker
2010-02-04 21:42 . 2009-07-12 19:49 -------- d-----w- c:\users\pink\AppData\Roaming\vlc
2010-02-03 01:32 . 2009-05-03 17:14 -------- d-----w- c:\program files\P2P_Torrent
2010-02-03 00:18 . 2008-07-29 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-31 02:25 . 2009-12-03 23:12 -------- d-----w- c:\program files\SpeedFan
2010-01-27 12:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-26 17:11 . 2009-04-09 20:30 -------- d-----w- c:\programdata\NOS
2010-01-26 16:12 . 2008-09-29 21:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 02:34 . 2008-08-23 14:06 1356 ----a-w- c:\users\pink\AppData\Local\d3d9caps.dat
2010-01-19 22:36 . 2009-09-24 18:19 -------- d-----w- c:\users\pink\AppData\Roaming\BitTorrent
2010-01-14 10:12 . 2009-10-03 15:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:47 . 2007-07-04 12:17 -------- d-----w- c:\program files\Java
2009-12-19 16:23 . 2009-12-19 16:23 -------- d-----w- c:\program files\SPlayer
2009-12-17 21:32 . 2009-08-18 20:50 -------- d-----w- c:\users\pink\AppData\Roaming\Azureus
2009-12-13 17:43 . 2009-12-13 17:43 -------- d-----w- c:\programdata\TomTom
2009-12-13 17:43 . 2009-12-13 17:43 -------- d-----w- c:\users\pink\AppData\Roaming\TomTom
2009-12-13 17:42 . 2009-12-13 17:42 -------- d-----w- c:\program files\TomTom International B.V
2009-12-13 17:42 . 2009-12-13 17:42 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-11-26 23:43 . 2009-11-26 23:43 872960 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-26 23:43 . 2009-11-26 23:43 340480 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-26 23:43 43008 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-26 23:43 346624 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-17 20:20 . 2009-11-17 20:03 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-09 12:31 . 2009-12-09 16:38 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 16:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 16:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-03-08 18:52 . 2009-03-08 18:52 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-05 13:52 . 2008-08-05 13:52 23 --sha-w- c:\windows\System32\cdbe7_g.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2009-06-03 677144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 150552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-09-26 316720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-02-22 11:30 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2009-06-04 00:22 408088 ----a-w- c:\program files\Intel\AMT\atchk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]
2009-10-15 08:53 959808 ----a-w- c:\program files\SFR\Kit\9props.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-08-19 10:59 173592 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 09:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 08:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-19 10:59 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-10-18 13:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-04-07 23:39 2553088 ----a-w- c:\windows\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 12:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-19 10:59 150552 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2008-02-26 07:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-02-26 07:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 15:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ST Recovery Launcher]
2007-03-09 14:24 44168 ----a-w- c:\windows\SMINST\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 01:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,86,29,06,17,21,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303094250-2052613164-1373151634-1003]
"EnableNotificationsRef"=dword:00000008

R0 dlkmdldr;dlkmdldr;c:\windows\System32\drivers\dlkmdldr.sys [04/06/2009 13:08 13424]
R0 SafeBoot;SafeBoot;c:\windows\System32\drivers\SafeBoot.sys [14/08/2007 16:59 101167]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09/10/2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [14/06/2007 15:22 13184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [04/06/2009 00:31 38816]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 16:29 33808]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [30/08/2009 15:10 721904]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 16:28 20496]
S1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [14/08/2007 16:59 5840]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10/03/2009 06:47 447848]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [06/09/2007 12:26 221184]
S2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [04/07/2007 19:05 24880]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [04/07/2007 12:52 539936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01/09/2009 15:47 1153368]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04/12/2006 15:13 292384]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [25/07/2008 21:16 1464856]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [31/03/2009 19:41 498432]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/11/2009 23:18 193840]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [08/06/2007 07:49 30008]
S3 dlkmd;dlkmd;c:\windows\System32\drivers\dlkmd.sys [04/06/2009 13:08 367728]
S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;c:\windows\System32\flcdlock.exe [08/06/2007 08:06 172131]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 17:02 26640]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [08/11/2008 14:10 256000]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [04/03/2009 09:49 4232704]
S3 rismc32;RICOH Smart Card Reader;c:\windows\System32\drivers\rismc32.sys [20/12/2006 02:08 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25/04/2007 12:32 31232]
S3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\System32\drivers\WSDPrint.sys [01/08/2008 14:27 16896]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{B2C91C8A-1CE6-4532-B768-2552B02DCEB7}.job
- c:\windows\system32\msfeedssync.exe [2008-08-01 07:33]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1210541&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-Norton Ghost 14 - c:\program files\Norton Ghost\Agent\VProTray.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-Service Scheduler2 Acronis - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 22:47
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.032"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.abr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ani"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.bay"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.bw"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.cs1"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.cur"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.dcx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.dib"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.djv"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.djvu"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.emf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.eps"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.erf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.fff"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.fpx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.hdr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.icl"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.icn"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ilbm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.int"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.inta"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.iw4"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.j2c"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.j2k"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jbr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jfif"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jp2"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpc"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpk"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.mef"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.mos"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pbr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pct"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pgm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pic"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pict"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pix"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.psp"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pspimage"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ras"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rgb"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rgba"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rle"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rsb"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.sgi"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.thm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ttc"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ttf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.wmf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.xif"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E…¸Î®X[^%¼pXýåÀHÄå T%Òk¼…Gûî|Ö—ŸrQøb¨njF×ÒÐ=Çó÷—!çÔÖByŽœraàÂ0<å…07ïÓË…æ=ÌïÓÛûë¨Ûhb½Å÷³¾itG0䣪n,/2ÀÿŸÛýG´·«h<é]&å•­‰¼‚pPü¯ðDiÇõ‡HVCÂ$›p+´tQ›PÙ-ä¯æÿ`ÏÙ†3¼Tø:-˜V‡Ç>Ámteüßá"‰¿i¢:THÄŸ©5ù
g÷£g›6že|]™CgêªgØ-5õÙ¦ –¡
…ü†w4mŒæ§Ê36ta×#*ÈAGL„È®D¨Êt G§ )sÀõî òRí.Yös‰c.“;ÞaÌ©5!6€:òUµ‚ÉjìÅsv+í1ØáœÇcÐØ褔ŸX‘0ÄuاNíÇ€6ÑVL›ZÍ©n9/âú˜ëä:áCL<hEŒ“1 Á.»:’šM˜v+„fò_dMÙµ3–G©¨e~X…;!H£t¦’âÏ„õ)Œ+­)Š¸A[b„˜®wQ//AÑì„öG]uiáSÁz9æòÊ¿ß­ç\»jÞ*˜£ãžô=æ–XÉÿ«ï8á¢O?ûe@…2Ç~Oõ™ex›D['žühÐO‹ªr¤òõ6â³,-Å%I>“¾Š:Tö-ï)éä5íøÉéìÆÕpRŽ}Ÿdl͇¢¹ñ©çÎx%Š£¢H¤î®¢€5Ó2Ï]„!1¿Ø±0ÄvÑ~z(ŽGµ?‰R5…ß±¨Â?öý+ãVÍš®öã³)IƒhhP"­ÓúaIBOQVéº'ò²aMž?kXˆo¿\2†îHÐéq–€ê½*“^røžwYòhÁ¦1ù®€¿}dÅðšñB= hŽ>„C™(Ú“”1ô½Ic¾­D4þ>BÔ[6öâãü@foЫw.³n ñäÑ‚âˆRU
”oŒœÒz?ÉÉ#vFäÙwqb¼£¾lûbƒsv̤CÌ–ž«L ÿ_Ø/ÌìXg.,¶~r¢ó¾Z]ž¸³=`¤†´InBë¾HT’•:L®Tt^ÄyM·Ùâš=q=Q$å`6gè‹€I6úèŠ8kpD¸°t!è³ñ[¸Ê«ÚBD¾Æ9š¯‘Y{‹ê«‰ïTÃ[sÈ0OêÑEDJ/s0¸m`kvJm¢®z–¾µ:6
«Ôö÷ÈnºqÃzÊOvIÈ°×&ÌJžg©4w2» {=
0
Réponse 6 / 7
mimaly
 
bonjour guillaume j ai reussi a lancer combofix en mode normal voici le dernier rapport merci

ComboFix 10-02-05.04 - pink 07/02/2010 21:01:48.2.2 - x86
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.3062.1955 [GMT 1:00]
Lancé depuis: H:\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 ))))))))))))))))))))))))))))))))))))
.

2010-02-07 20:08 . 2010-02-07 20:08 -------- d-----w- c:\users\pink\AppData\Local\temp
2010-02-07 20:08 . 2010-02-07 20:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-07 20:08 . 2010-02-07 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-06 19:09 . 2010-02-06 19:09 -------- d-----w- c:\program files\VS Revo Group
2010-02-05 22:55 . 2010-02-05 22:55 14004 ----a-w- C:\UsbFix_Upload_Me_PC-de-pink.zip
2010-02-04 19:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 19:45 . 2010-02-04 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 19:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 23:14 . 2010-02-05 22:55 -------- d-----w- C:\UsbFix
2010-02-03 20:00 . 2010-02-05 23:02 -------- d-----w- C:\rsit
2010-02-03 00:48 . 2010-02-03 00:48 -------- d-----w- c:\program files\Lavasoft
2010-02-03 00:29 . 2010-02-03 00:43 -------- d-----w- c:\program files\Trojan Remover
2010-01-26 16:36 . 2010-01-26 16:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-26 12:48 . 2010-02-05 23:02 -------- d-----w- c:\program files\Trend Micro
2010-01-12 21:09 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:09 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 19:58 . 2009-07-29 20:11 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-07 19:48 . 2006-11-02 15:47 687282 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-07 19:48 . 2006-11-02 15:47 131396 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-07 19:28 . 2009-07-29 20:11 5656 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-07 19:28 . 2009-07-29 20:11 5415456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-07 19:28 . 2009-07-29 20:11 46532 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-07 19:28 . 2009-07-29 20:11 1032224 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-07 19:28 . 2006-11-09 19:30 1076 ----a-w- c:\windows\bthservsdp.dat
2010-02-07 18:50 . 2009-12-03 23:12 -------- d-----w- c:\program files\SpeedFan
2010-02-06 23:44 . 2008-07-29 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-05 12:36 . 2008-12-30 18:51 -------- d-----w- c:\programdata\Lavasoft
2010-02-05 02:24 . 2009-10-10 19:33 -------- d-----w- c:\program files\Full Tilt Poker
2010-02-04 21:42 . 2009-07-12 19:49 -------- d-----w- c:\users\pink\AppData\Roaming\vlc
2010-02-03 01:32 . 2009-05-03 17:14 -------- d-----w- c:\program files\P2P_Torrent
2010-01-27 12:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-26 17:11 . 2009-04-09 20:30 -------- d-----w- c:\programdata\NOS
2010-01-26 16:12 . 2008-09-29 21:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 02:34 . 2008-08-23 14:06 1356 ----a-w- c:\users\pink\AppData\Local\d3d9caps.dat
2010-01-19 22:36 . 2009-09-24 18:19 -------- d-----w- c:\users\pink\AppData\Roaming\BitTorrent
2010-01-14 10:12 . 2009-10-03 15:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:47 . 2007-07-04 12:17 -------- d-----w- c:\program files\Java
2009-12-19 16:23 . 2009-12-19 16:23 -------- d-----w- c:\program files\SPlayer
2009-12-17 21:32 . 2009-08-18 20:50 -------- d-----w- c:\users\pink\AppData\Roaming\Azureus
2009-12-13 17:43 . 2009-12-13 17:43 -------- d-----w- c:\programdata\TomTom
2009-12-13 17:43 . 2009-12-13 17:43 -------- d-----w- c:\users\pink\AppData\Roaming\TomTom
2009-12-13 17:42 . 2009-12-13 17:42 -------- d-----w- c:\program files\TomTom International B.V
2009-12-13 17:42 . 2009-12-13 17:42 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-11-26 23:43 . 2009-11-26 23:43 872960 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-26 23:43 . 2009-11-26 23:43 340480 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-26 23:43 43008 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-26 23:43 346624 ----a-w- c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-17 20:20 . 2009-11-17 20:03 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-03-08 18:52 . 2009-03-08 18:52 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-05 13:52 . 2008-08-05 13:52 23 --sha-w- c:\windows\System32\cdbe7_g.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2009-06-03 677144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 150552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-09-26 316720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-29 208616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-02-22 11:30 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2009-06-04 00:22 408088 ----a-w- c:\program files\Intel\AMT\atchk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]
2009-10-15 08:53 959808 ----a-w- c:\program files\SFR\Kit\9props.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-08-19 10:59 173592 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 09:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 08:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-19 10:59 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-10-18 13:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-04-07 23:39 2553088 ----a-w- c:\windows\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 12:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-19 10:59 150552 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2008-02-26 07:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-02-26 07:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 15:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ST Recovery Launcher]
2007-03-09 14:24 44168 ----a-w- c:\windows\SMINST\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 01:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,86,29,06,17,21,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3303094250-2052613164-1373151634-1003]
"EnableNotificationsRef"=dword:00000008

R0 dlkmdldr;dlkmdldr;c:\windows\System32\drivers\dlkmdldr.sys [04/06/2009 13:08 13424]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 16:29 33808]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09/10/2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [14/06/2007 15:22 13184]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 16:28 20496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [04/06/2009 00:31 38816]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [14/08/2007 16:59 5840]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10/03/2009 06:47 447848]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [06/09/2007 12:26 221184]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [04/07/2007 19:05 24880]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [04/07/2007 12:52 539936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01/09/2009 15:47 1153368]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04/12/2006 15:13 292384]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [25/07/2008 21:16 1464856]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [31/03/2009 19:41 498432]
R3 dlkmd;dlkmd;c:\windows\System32\drivers\dlkmd.sys [04/06/2009 13:08 367728]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 17:02 26640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [04/03/2009 09:49 4232704]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [30/08/2009 15:10 721904]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/11/2009 23:18 193840]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [08/06/2007 07:49 30008]
S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;c:\windows\System32\flcdlock.exe [08/06/2007 08:06 172131]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [08/11/2008 14:10 256000]
S3 rismc32;RICOH Smart Card Reader;c:\windows\System32\drivers\rismc32.sys [20/12/2006 02:08 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25/04/2007 12:32 31232]
S3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\System32\drivers\WSDPrint.sys [01/08/2008 14:27 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{B2C91C8A-1CE6-4532-B768-2552B02DCEB7}.job
- c:\windows\system32\msfeedssync.exe [2008-08-01 07:33]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1210541&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\pink\AppData\Roaming\Mozilla\Firefox\Profiles\8tfmwdno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 21:08
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.032"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.abr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ani"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.bay"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.bw"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.cs1"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.cur"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.dcx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.dib"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.djv"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.djvu"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.emf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.eps"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.erf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.fff"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.fpx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.hdr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.icl"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.icn"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ilbm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.int"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.inta"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.iw4"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.j2c"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.j2k"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jbr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jfif"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jp2"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpc"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpk"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.jpx"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.mef"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.mos"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pbr"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pct"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pgm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pic"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pict"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pix"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.psp"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.pspimage"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ras"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rgb"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rgba"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rle"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.rsb"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.sgi"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.thm"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3303094250-2052613164-1373151634-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ttc"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.ttf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.wmf"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.xif"

[HKEY_USERS\S-1-5-21-3303094250-2052613164-1373151634-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Gestionnaire de photos 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(776)
c:\windows\SbHpNp.dll
.
Heure de fin: 2010-02-07 21:11:25
ComboFix-quarantined-files.txt 2010-02-07 20:11

Avant-CF: 34 990 415 872 octets libres
Après-CF: 34 940 571 648 octets libres

- - End Of File - - A67D99D79EEE6968F8C60E77EB9EAD3B
0
Réponse 7 / 7
Utilisateur anonyme
 
Bonjour

De retour après une semaine de vacances au ski.

1)Envoie ce fichier comme demandé;merci

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-pink.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

2)As tu retrouver ton bureau?
Comment se comporte ton PC?

@+

0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses