Infection Security Suite [Fermé]

Signaler
-
 Utilisateur anonyme -
Bonjour à tous,


Je viens d'être infecté par Security Suite. J'ai essayé de suivre quelques conseils postés, et j'ai cherché à installé MBAM, OTL, Ad-remover... je parviens à les télécharger mais impossible de les installer...
La seule application qui ait fonctionné est Rkill (mais sans certitude si j'ai bien de le faire?!).

Quelqu'un aurait-il une solution à ce problème?

En vous remerciant d'avance,

12 réponses

Salut,

Dans l'ordre :



Redémarre ton pc en mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

Lance ensuite MBAM

Tu l'installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l'onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t'es demandé de redemarrer > click sur "oui".
A la fin un rapport va s'ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 83728 internautes nous ont dit merci ce mois-ci

Messages postés
13525
Date d'inscription
jeudi 16 juin 2005
Statut
Contributeur
Dernière intervention
2 décembre 2019
928
Salut,

essaye EMCO Malware Destroyer.
Messages postés
14
Date d'inscription
mardi 7 septembre 2010
Statut
Membre
Dernière intervention
9 septembre 2010

Bonsoir,

Pour éviter que Security Suite ne bloque les programmes, j'ai utilisé cette petite astuce : dès que tu arrives sur Windows, ouvre tout de suite le gestionnaire de tache, avant que Security Suite ne se lance (tu as environ 5-10 secondes). Ensuite, Security Suite va apparaître et tu le verras sur ton gestionnaire. Tu n'as plus qu'à le fermer avec ce dernier et il ne reviendra pas, tu pourras ensuite faire tourner tes programmes et applications.

Pour l'éliminer définitivement, je laisse des gens plus compétents te guider :) Mais ca te permettra au moins de télécharger ce dont tu auras besoin et d'installer.
Je te remercie pour ton aide.
En réalité, les programmes s'installent ( comme EMCO dont une icône s'installe sur le PC). Mais, c'est l'application ne se lance pas (avec une petite fenêtre en bas à droite - du virus j'imagine - qui s'oiuvre précisant que l'appli ne peut être exécutée...).
Je vais essayer l'astuce d'AK13. Merci.
L'astuce du gestionnaire des tâches a fonctionné pour lancer OTL et Malware.
J'ai le rapport OTL - je le copie colle ici? Je lance Malware Destroyer.
Pour le moment Malware refuse de se lancer. J'y suis parvenu à force de redémarrer, mais la mise à jour s'est révélée impossible (écran bleu avec un commentaire sur le vidage de la mémoire)

Malwarebytes tourne ou pas?
Non, il ne tourne pas. J'ai un créneau de quelques secondes pour le lancer. Donc je vais réessayer.

Le rapport d'OTL :

OTL logfile created on: 07/09/2010 20:52:08 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\Profiles\jnchuiton.EMEA\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 007,00 Mb Total Physical Memory | 325,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 10,78 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 87,37 Gb Total Space | 71,79 Gb Free Space | 82,16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L390199
Current User Name: JNChuiton
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
PRC - [2010/09/07 18:04:37 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
PRC - [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
PRC - [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe
PRC - [2010/09/07 18:04:28 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
PRC - [2010/09/07 18:04:27 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe
PRC - [2010/09/07 18:04:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe
PRC - [2010/09/07 18:04:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe
PRC - [2010/09/07 18:04:09 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe
PRC - [2010/09/07 18:04:07 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe
PRC - [2010/09/07 18:04:05 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
PRC - [2010/09/07 18:04:03 | 000,217,088 | ---- | M] () -- C:\WINDOWS\system32\regedit.exe
PRC - [2010/09/07 18:04:03 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win.exe
PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe
PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe
PRC - [2010/09/07 18:03:58 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe
PRC - [2010/09/07 18:03:52 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe
PRC - [2010/09/07 18:03:52 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe
PRC - [2010/09/07 18:03:51 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe
PRC - [2010/09/07 18:03:29 | 000,204,800 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
PRC - [2010/09/07 18:03:24 | 000,243,712 | ---- | M] (Security Suites Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe
PRC - [2010/09/07 18:03:10 | 000,034,304 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\202fbh.exe
PRC - [2010/06/03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/25 23:00:40 | 000,323,632 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/05/25 23:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/05/25 04:41:12 | 000,104,448 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/05/25 04:41:00 | 000,248,368 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/10/27 12:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/24 12:02:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/17 14:24:10 | 000,713,744 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\vVX6000.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
PRC - [2008/03/12 17:54:00 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2008/03/12 17:53:58 | 001,643,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2008/03/12 17:53:56 | 002,569,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2008/03/12 17:53:54 | 002,189,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/30 13:42:22 | 000,074,240 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2007/10/30 13:42:12 | 000,225,792 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2007/04/10 14:10:20 | 001,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/04/10 14:10:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/04/10 14:10:10 | 000,404,248 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/04/10 14:10:06 | 000,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/02/15 12:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/07 01:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/10/09 11:28:56 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/08/11 14:52:10 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
MOD - [2008/04/13 19:33:34 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/26 03:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2006/12/04 09:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
MOD - [2005/08/11 14:51:16 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/05/25 23:00:40 | 000,323,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/05/25 23:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/05/25 04:42:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/05/25 04:41:00 | 000,248,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/10/27 12:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/20 16:27:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
SRV - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/03/12 17:53:58 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2008/03/12 17:53:56 | 002,569,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2008/03/12 17:53:54 | 002,189,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/30 13:42:12 | 000,225,792 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2007/09/10 17:49:13 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/04/10 14:10:20 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/04/10 14:10:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/04/10 14:10:06 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/02/15 12:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 01:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/22 05:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/07/15 10:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100906.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 10:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100906.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/14 00:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010/03/26 21:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/28 15:23:22 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/20 07:53:24 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/01/20 07:53:24 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/01/20 07:53:24 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/01/20 07:53:24 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/10/09 04:36:22 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/17 14:24:10 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/03/11 18:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/12 17:54:04 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/12 17:54:04 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 17:54:02 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/12 17:53:50 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/03/12 17:53:50 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/03/12 17:53:48 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/11/05 11:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/26 22:58:18 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/04/06 10:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/03/09 00:13:30 | 000,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/03/01 12:47:46 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel(R)
DRV - [2007/03/01 12:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/02/26 12:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/15 20:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/07 20:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2007/01/23 20:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/01/23 19:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/01/12 14:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/20 02:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/12/15 14:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/07 16:30:50 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 16:30:12 | 000,209,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/07 16:30:08 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/10/19 01:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/01/10 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/01/10 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2004/06/16 13:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2565816
IE - HKCU\..\URLSearchHook: {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1561552&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: TixeoFirefoxExtension@tixeo.com:0.4

FF - HKLM\software\mozilla\Firefox\Extensions\\TixeoFirefoxExtension@tixeo.com: C:\Program Files\Tixeo Soft\Communication\Client\FirefoxExt\TixeoFirefoxExtension@tixeo.com [2010/04/07 17:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 20:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 20:22:41 | 000,000,000 | ---D | M]

[2010/04/02 22:11:49 | 000,000,000 | ---D | M] -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Extensions
[2010/08/20 11:45:54 | 000,000,000 | ---D | M] -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions
[2010/04/29 22:19:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 16:45:24 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2010/01/20 12:14:02 | 000,000,931 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\searchplugins\conduit.xml
[2009/11/09 23:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/16 13:17:32 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/16 13:17:32 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/02/16 13:17:32 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/02/16 13:17:32 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/02/16 13:17:32 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/09/07 20:51:43 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HotSpot Shield FR Toolbar) - {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (HotSpot Shield FR Toolbar) - {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (HotSpot Shield FR Toolbar) - {F6AF0697-CE5D-4718-AC5E-6613B6B3DF09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KsoITBOXRme] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRmSc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRnsc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRnxZc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe ()
O4 - HKLM..\Run: [KsoITBOXRnZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRouic] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe ()
O4 - HKLM..\Run: [KsoITBOXRpuc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRpZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRqNc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe ()
O4 - HKLM..\Run: [KsoITBOXRqvJ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe ()
O4 - HKLM..\Run: [KsoITBOXRrrb] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRsPc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\win16.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KsoITBOXRspe] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKcrc] C:\WINDOWS\login.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKerb] C:\WINDOWS\taskmgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKetc] C:\WINDOWS\sysedit.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKfPc] C:\WINDOWS\win32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MKZSc] C:\WINDOWS\avp32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nhhyqjwj] D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe (Security Suites Corporation)
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe File not found
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [xwcosnaemr.tmp] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\xwcosnaemr.tmp ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKCU..\Run: [KsoITBOXRme] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRmSc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRnsc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRnxZc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe ()
O4 - HKCU..\Run: [KsoITBOXRnZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRouic] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe ()
O4 - HKCU..\Run: [KsoITBOXRpuc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRpZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRpZ (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRqNc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe ()
O4 - HKCU..\Run: [KsoITBOXRqvJ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe ()
O4 - HKCU..\Run: [KsoITBOXRrrb] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRsPc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\win16.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KsoITBOXRspe] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [leueku] D:\Profiles\jnchuiton.EMEA\leueku.exe ()
O4 - HKCU..\Run: [mediafix70700en02.exe] D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214\mediafix70700en02.exe (MS)
O4 - HKCU..\Run: [MKcrc] C:\WINDOWS\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKerb] C:\WINDOWS\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKetc] C:\WINDOWS\sysedit.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKfPc] C:\WINDOWS\win32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKZSc] C:\WINDOWS\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [nhhyqjwj] D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe (Security Suites Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: D:\Profiles\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: D:\Profiles\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk = D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214\mediafix70700en02.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = D:\Profiles\JNCHUI~1.EME\LOCALS~1\Temp\202fbh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = c:\windows\Master_Adjust_HR_1280_v3.bmp ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/... (Office Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.fr/s/v/61.03/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mobility.adecco.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.adecco.net
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (c:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - c:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01} - D:\Profiles\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/04 18:36:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d47520f-51d6-11df-afa0-001b38bed442}\Shell\AutoRun\command - "" = F:\9fo3ar0j.exe -- File not found
O33 - MountPoints2\{1d47520f-51d6-11df-afa0-001b38bed442}\Shell\open\Command - "" = F:\9fo3ar0j.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/09/07 20:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\EMCO
[2010/09/07 20:30:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
[2010/09/07 20:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/09/07 20:28:06 | 001,419,787 | ---- | C] (C_XX) -- D:\Profiles\jnchuiton.EMEA\Bureau\AD-R.exe
[2010/09/07 20:15:14 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Application Data\Malwarebytes
[2010/09/07 20:14:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 20:14:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 20:14:45 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Application Data\Malwarebytes
[2010/09/07 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 20:14:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Profiles\jnchuiton.EMEA\Bureau\mbam-setup-1.46.exe
[2010/09/07 19:52:56 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Mes documents\Téléchargements
[2010/09/07 19:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/09/07 18:04:38 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win16.exe
[2010/09/07 18:04:37 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
[2010/09/07 18:04:32 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
[2010/09/07 18:04:31 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\winlogon.exe
[2010/09/07 18:04:31 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
[2010/09/07 18:04:28 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
[2010/09/07 18:04:15 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\sysedit.exe
[2010/09/07 18:04:05 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
[2010/09/07 18:04:02 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\login.exe
[2010/09/07 18:03:58 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win.exe
[2010/09/07 18:03:44 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk
[2010/09/07 18:03:05 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\Windows Server
[2010/09/07 18:02:59 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214
[2010/08/30 11:28:56 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Bureau\commission 0709
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp files -> D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/07 20:56:01 | 000,776,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\nrxtpf.sys
[2010/09/07 20:55:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FF2105A8-B2AC-491C-B095-034A3EF52EBB}.job
[2010/09/07 20:51:07 | 004,718,592 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\NTUSER.DAT
[2010/09/07 20:49:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 20:49:30 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/07 20:48:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 20:48:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 20:46:49 | 000,000,284 | -HS- | M] () -- D:\Profiles\jnchuiton.EMEA\ntuser.ini
[2010/09/07 20:41:20 | 000,000,734 | ---- | M] () -- D:\Profiles\All Users\Bureau\Malware Destroyer.lnk
[2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
[2010/09/07 20:28:06 | 001,419,787 | ---- | M] (C_XX) -- D:\Profiles\jnchuiton.EMEA\Bureau\AD-R.exe
[2010/09/07 20:14:49 | 000,000,584 | ---- | M] () -- D:\Profiles\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:14:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- D:\Profiles\jnchuiton.EMEA\Bureau\mbam-setup-1.46.exe
[2010/09/07 20:03:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 20:03:00 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958495452-1883378620-2258318669-9902UA.job
[2010/09/07 19:52:56 | 000,363,520 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\rkill.exe
[2010/09/07 18:07:00 | 000,001,197 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
[2010/09/07 18:07:00 | 000,001,163 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/09/07 18:06:59 | 000,001,185 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Antimalware Doctor.lnk
[2010/09/07 18:05:32 | 000,000,160 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\2674515.BAT
[2010/09/07 18:04:38 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win16.exe
[2010/09/07 18:04:37 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
[2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\winlogon.exe
[2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
[2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
[2010/09/07 18:04:28 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
[2010/09/07 18:04:16 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\sysedit.exe
[2010/09/07 18:04:05 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
[2010/09/07 18:04:03 | 000,217,088 | ---- | M] () -- C:\WINDOWS\System32\regedit.exe
[2010/09/07 18:04:03 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
[2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win.exe
[2010/09/07 18:03:29 | 000,204,800 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
[2010/09/07 17:54:47 | 000,002,728 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\arbredecision_p.jpg
[2010/09/07 14:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958495452-1883378620-2258318669-9902Core.job
[2010/09/07 08:05:14 | 000,827,904 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Commission SG 070910.ppt
[2010/09/06 15:42:08 | 000,046,080 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\GUENNOC NMG1.doc
[2010/09/06 11:10:10 | 000,002,558 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\nmg richard.xls
[2010/08/31 15:53:22 | 000,196,380 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\[Office] R Standard - HULNE, Pierre Henri.pdf
[2010/08/31 15:40:21 | 000,046,080 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\NMG HULNE.doc
[2010/08/31 14:44:19 | 000,025,600 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Nouveau Document Microsoft Word.doc
[2010/08/29 19:45:05 | 000,164,807 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\MelchersKleinmannPrinzIJSA[1].pdf
[2010/08/27 13:35:23 | 000,000,162 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\~$LTGEN Venceslas 250810.doc
[2010/08/24 15:24:22 | 000,000,744 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Raccourci vers Personnel et Confidentiel.lnk
[2010/08/24 13:54:29 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\btsendto_lnagent.nsf
[2010/08/24 13:44:50 | 000,000,485 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Maul.lnk
[2010/08/15 18:56:05 | 000,000,524 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\intlname.ols
[2010/08/12 16:08:53 | 000,000,658 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Microsoft Office Outlook.lnk
[2010/08/12 16:08:11 | 001,242,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 16:08:11 | 000,558,380 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/12 16:08:11 | 000,482,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 16:08:11 | 000,104,786 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/12 16:08:11 | 000,086,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 14:25:54 | 000,023,614 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\ntuser.pol
[2010/08/12 14:23:27 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 12:17:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 12:17:00 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 10:33:01 | 000,000,695 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp files -> D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/07 20:41:20 | 000,000,734 | ---- | C] () -- D:\Profiles\All Users\Bureau\Malware Destroyer.lnk
[2010/09/07 20:14:49 | 000,000,584 | ---- | C] () -- D:\Profiles\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/07 19:52:56 | 000,363,520 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\rkill.exe
[2010/09/07 18:07:00 | 000,001,197 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
[2010/09/07 18:07:00 | 000,001,163 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/09/07 18:06:59 | 000,001,185 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Antimalware Doctor.lnk
[2010/09/07 18:05:32 | 000,000,160 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\2674515.BAT
[2010/09/07 18:04:29 | 000,776,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\nrxtpf.sys
[2010/09/07 18:03:28 | 000,204,800 | RHS- | C] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
[2010/09/07 18:03:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\regedit.exe
[2010/09/07 17:55:26 | 000,002,728 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\arbredecision_p.jpg
[2010/09/06 18:12:04 | 000,827,904 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Commission SG 070910.ppt
[2010/09/06 15:42:08 | 000,046,080 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\GUENNOC NMG1.doc
[2010/09/06 11:10:10 | 000,002,558 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\nmg richard.xls
[2010/09/03 17:41:07 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\FnF4.txt
[2010/08/31 15:53:22 | 000,196,380 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\[Office] R Standard - HULNE, Pierre Henri.pdf
[2010/08/31 15:40:21 | 000,046,080 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\NMG HULNE.doc
[2010/08/31 13:32:29 | 000,025,600 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Nouveau Document Microsoft Word.doc
[2010/08/29 19:45:05 | 000,164,807 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\MelchersKleinmannPrinzIJSA[1].pdf
[2010/08/27 13:35:23 | 000,000,162 | -H-- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\~$LTGEN Venceslas 250810.doc
[2010/08/24 15:24:22 | 000,000,744 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Raccourci vers Personnel et Confidentiel.lnk
[2010/08/24 13:44:50 | 000,000,485 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Maul.lnk
[2010/08/12 10:33:01 | 000,000,695 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/04/21 18:16:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/04/21 18:16:35 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/04/21 18:16:24 | 000,002,528 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\$_hpcst$.hpc
[2010/04/12 11:08:29 | 000,005,632 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\QSwitch.txt
[2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\DSwitch.txt
[2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\AtStart.txt
[2010/03/09 12:47:20 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/10/06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/17 11:32:11 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2009/05/06 12:19:09 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2009/05/06 12:19:09 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2009/05/06 12:19:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/05/06 12:04:37 | 000,000,713 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2009/05/03 22:36:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/06 10:30:36 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 10:25:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/06 10:25:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/06 10:25:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/06 10:25:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/06 10:25:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/06 10:25:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/06 10:20:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/06/06 09:41:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/05 10:52:49 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/05 10:52:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/05/07 02:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >
Malware destroyer a fonctionné.

J'ai un écran "detected malware" mais ne voit pas de rapport à copier coller. Désolé pour le manque de maîtrise du sujet.
Ce qui semble être le rapport :

NMC.ANTIMALWAREDOCTOR SPYWARE Scan mode Only
NMC.ANTIMALWAREDOCTOR SPYWARE No Action Performed
NMC.BANCBAN.AH TROJAN Scan mode Only
NMC.BANCBAN.AH TROJAN No Action Performed
NMC.GAMETHIEF.WIN32.MAGANIA.CPBC TROJAN Scan mode Only
NMC.GAMETHIEF.WIN32.MAGANIA.CPBC TROJAN No Action Performed
NMC.NETSKY.C WORM Scan mode Only
NMC.NETSKY.C WORM No Action Performed
NMC.NETSKY.D WORM Scan mode Only
NMC.NETSKY.D WORM No Action Performed
NMC.NETSKY.E WORM Scan mode Only
NMC.NETSKY.E WORM No Action Performed
NMC.NETSKY.K WORM Scan mode Only
NMC.NETSKY.K WORM No Action Performed
NMC.STARTPAGE ADWARE Scan mode Only
NMC.STARTPAGE ADWARE No Action Performed
NMC.TRODAL TROJAN Scan mode Only
NMC.TRODAL TROJAN No Action Performed
NMC.TROJAN.NULLPOS TROJAN Scan mode Only
NMC.TROJAN.NULLPOS TROJAN No Action Performed
NMC.VTUB.AI TROJAN Scan mode Only
NMC.VTUB.AI TROJAN No Action Performed
NMC.WINDIR.WINLOGON TROJAN Scan mode Only
NMC.WINDIR.WINLOGON TROJAN No Action Performed

Dans l'ordre :



Redémarre ton pc en mode sans échec avec prise en charge reseau

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php


----------------



Télécharge rkill
https://download.bleepingcomputer.com/grinler/rkill.exe

Enregistre-le sur ton Bureau

Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)

Un bref écran noir t'indiquera que le tool s'est correctement exécuté, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:

Rkill COM: Rkill COM:
https://download.bleepingcomputer.com/grinler/rkill.com https://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR: Rkill RCS:
https://download.bleepingcomputer.com/grinler/rkill.scr https://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF: Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/rkill.pif

---------------

Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l'installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l'onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t'es demandé de redemarrer > click sur "oui".
A la fin un rapport va s'ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+