Infection Security Suite

Nicolas -  
 archet9 -
Bonjour à tous,

Je viens d'être infecté par Security Suite. J'ai essayé de suivre quelques conseils postés, et j'ai cherché à installé MBAM, OTL, Ad-remover... je parviens à les télécharger mais impossible de les installer...
La seule application qui ait fonctionné est Rkill (mais sans certitude si j'ai bien de le faire?!).

Quelqu'un aurait-il une solution à ce problème?

En vous remerciant d'avance,

12 réponses

  1. archet9
     
    Salut,

    Dans l'ordre :

    Redémarre ton pc en mode sans échec
    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

    Lance ensuite MBAM

    Tu l'installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l'onglet recherche et coche la case :
    "Executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    A la fin du scan, clique sur Afficher les résultats
    Si des elements on ete trouvés :
    > click sur supprimer la selection.
    si il t'es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s'ouvrir;
    sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    a+
    1
  2. Hamster Messages postés 6733 Statut Contributeur 984
     
    Salut,

    essaye EMCO Malware Destroyer.
    0
  3. AK13 Messages postés 14 Statut Membre
     
    Bonsoir,

    Pour éviter que Security Suite ne bloque les programmes, j'ai utilisé cette petite astuce : dès que tu arrives sur Windows, ouvre tout de suite le gestionnaire de tache, avant que Security Suite ne se lance (tu as environ 5-10 secondes). Ensuite, Security Suite va apparaître et tu le verras sur ton gestionnaire. Tu n'as plus qu'à le fermer avec ce dernier et il ne reviendra pas, tu pourras ensuite faire tourner tes programmes et applications.

    Pour l'éliminer définitivement, je laisse des gens plus compétents te guider :) Mais ca te permettra au moins de télécharger ce dont tu auras besoin et d'installer.
    0
  4. Nicolas
     
    Je te remercie pour ton aide.
    En réalité, les programmes s'installent ( comme EMCO dont une icône s'installe sur le PC). Mais, c'est l'application ne se lance pas (avec une petite fenêtre en bas à droite - du virus j'imagine - qui s'oiuvre précisant que l'appli ne peut être exécutée...).
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Nicolas
     
    Je vais essayer l'astuce d'AK13. Merci.
    0
  7. Nicolas
     
    L'astuce du gestionnaire des tâches a fonctionné pour lancer OTL et Malware.
    J'ai le rapport OTL - je le copie colle ici? Je lance Malware Destroyer.
    0
  8. Nicolas
     
    Pour le moment Malware refuse de se lancer. J'y suis parvenu à force de redémarrer, mais la mise à jour s'est révélée impossible (écran bleu avec un commentaire sur le vidage de la mémoire)
    0
  9. Nicolas
     
    Non, il ne tourne pas. J'ai un créneau de quelques secondes pour le lancer. Donc je vais réessayer.

    Le rapport d'OTL :

    OTL logfile created on: 07/09/2010 20:52:08 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = D:\Profiles\jnchuiton.EMEA\Bureau
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 007,00 Mb Total Physical Memory | 325,00 Mb Available Physical Memory | 32,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24,41 Gb Total Space | 10,78 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
    Drive D: | 87,37 Gb Total Space | 71,79 Gb Free Space | 82,16% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: L390199
    Current User Name: JNChuiton
    NOT logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
    PRC - [2010/09/07 18:04:37 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
    PRC - [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
    PRC - [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe
    PRC - [2010/09/07 18:04:28 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
    PRC - [2010/09/07 18:04:27 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe
    PRC - [2010/09/07 18:04:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe
    PRC - [2010/09/07 18:04:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe
    PRC - [2010/09/07 18:04:09 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe
    PRC - [2010/09/07 18:04:07 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe
    PRC - [2010/09/07 18:04:05 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
    PRC - [2010/09/07 18:04:03 | 000,217,088 | ---- | M] () -- C:\WINDOWS\system32\regedit.exe
    PRC - [2010/09/07 18:04:03 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
    PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win.exe
    PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe
    PRC - [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe
    PRC - [2010/09/07 18:03:58 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe
    PRC - [2010/09/07 18:03:52 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe
    PRC - [2010/09/07 18:03:52 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe
    PRC - [2010/09/07 18:03:51 | 000,030,001 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe
    PRC - [2010/09/07 18:03:29 | 000,204,800 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
    PRC - [2010/09/07 18:03:24 | 000,243,712 | ---- | M] (Security Suites Corporation) -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe
    PRC - [2010/09/07 18:03:10 | 000,034,304 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\202fbh.exe
    PRC - [2010/06/03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/05/25 23:00:40 | 000,323,632 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2010/05/25 23:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2010/05/25 04:41:12 | 000,104,448 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    PRC - [2010/05/25 04:41:00 | 000,248,368 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2009/10/27 12:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    PRC - [2009/04/24 12:02:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
    PRC - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/03/17 14:24:10 | 000,713,744 | ---- | M] (Microsoft Corporation
    ) -- C:\WINDOWS\vVX6000.exe
    PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    PRC - [2008/03/12 17:54:00 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    PRC - [2008/03/12 17:53:58 | 001,643,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
    PRC - [2008/03/12 17:53:56 | 002,569,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
    PRC - [2008/03/12 17:53:54 | 002,189,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2007/10/30 13:42:22 | 000,074,240 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
    PRC - [2007/10/30 13:42:12 | 000,225,792 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
    PRC - [2007/04/10 14:10:20 | 001,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
    PRC - [2007/04/10 14:10:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
    PRC - [2007/04/10 14:10:10 | 000,404,248 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
    PRC - [2007/04/10 14:10:06 | 000,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
    PRC - [2007/02/15 12:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
    PRC - [2007/02/07 01:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2007/01/05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2006/10/09 11:28:56 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    PRC - [2005/08/11 14:52:10 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
    PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

    [color=#E56717]========== Modules (SafeList) ==========[/color]

    MOD - [2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
    MOD - [2008/04/13 19:33:34 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2008/04/13 19:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/02/26 03:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
    MOD - [2006/12/04 09:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
    MOD - [2005/08/11 14:51:16 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll

    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - [2010/05/25 23:00:40 | 000,323,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010/05/25 23:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2010/05/25 04:42:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010/05/25 04:41:00 | 000,248,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2009/10/27 12:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
    SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
    SRV - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/06/20 16:27:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
    SRV - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/03/12 17:54:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/03/12 17:53:58 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
    SRV - [2008/03/12 17:53:56 | 002,569,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
    SRV - [2008/03/12 17:53:54 | 002,189,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2007/10/30 13:42:12 | 000,225,792 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
    SRV - [2007/09/10 17:49:13 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2007/04/10 14:10:20 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
    SRV - [2007/04/10 14:10:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
    SRV - [2007/04/10 14:10:06 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
    SRV - [2007/02/15 12:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
    SRV - [2007/02/07 01:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2006/06/22 05:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2010/07/15 10:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100906.024\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/15 10:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100906.024\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/28 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/14 00:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
    DRV - [2010/03/26 21:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/01/28 15:23:22 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/01/20 07:53:24 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2010/01/20 07:53:24 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
    DRV - [2010/01/20 07:53:24 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2010/01/20 07:53:24 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2009/10/09 04:36:22 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/17 14:24:10 | 002,077,840 | ---- | M] (Microsoft Corporation
    ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
    DRV - [2009/03/11 18:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
    DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/12 17:54:04 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2008/03/12 17:54:04 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2008/03/12 17:54:02 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2008/03/12 17:53:50 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2008/03/12 17:53:50 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2008/03/12 17:53:48 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/11/05 11:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/06/26 22:58:18 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/04/06 10:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2007/03/09 00:13:30 | 000,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2007/03/01 12:47:46 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel(R)
    DRV - [2007/03/01 12:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/02/26 12:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/15 20:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
    DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2007/02/07 20:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
    DRV - [2007/01/23 20:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
    DRV - [2007/01/23 19:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2007/01/12 14:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/12/20 02:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
    DRV - [2006/12/15 14:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/07 16:30:50 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/07 16:30:12 | 000,209,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/07 16:30:08 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/10/19 01:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
    DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2006/01/10 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2006/01/10 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2004/06/16 13:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2565816
    IE - HKCU\..\URLSearchHook: {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1561552&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: TixeoFirefoxExtension@tixeo.com:0.4

    FF - HKLM\software\mozilla\Firefox\Extensions\\TixeoFirefoxExtension@tixeo.com: C:\Program Files\Tixeo Soft\Communication\Client\FirefoxExt\TixeoFirefoxExtension@tixeo.com [2010/04/07 17:47:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 20:22:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 20:22:41 | 000,000,000 | ---D | M]

    [2010/04/02 22:11:49 | 000,000,000 | ---D | M] -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Extensions
    [2010/08/20 11:45:54 | 000,000,000 | ---D | M] -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions
    [2010/04/29 22:19:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/30 16:45:24 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
    [2010/01/20 12:14:02 | 000,000,931 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Mozilla\Firefox\Profiles\tpvomnjx.default\searchplugins\conduit.xml
    [2009/11/09 23:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/16 13:17:32 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/02/16 13:17:32 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/02/16 13:17:32 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/02/16 13:17:32 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/02/16 13:17:32 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/09/07 20:51:43 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (HotSpot Shield FR Toolbar) - {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (HotSpot Shield FR Toolbar) - {f6af0697-ce5d-4718-ac5e-6613b6b3df09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (HotSpot Shield FR Toolbar) - {F6AF0697-CE5D-4718-AC5E-6613B6B3DF09} - C:\Program Files\HotSpot_Shield_FR\tbHot1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [KsoITBOXRme] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRmSc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRnsc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRnxZc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe ()
    O4 - HKLM..\Run: [KsoITBOXRnZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRouic] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe ()
    O4 - HKLM..\Run: [KsoITBOXRpuc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRpZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRqNc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe ()
    O4 - HKLM..\Run: [KsoITBOXRqvJ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe ()
    O4 - HKLM..\Run: [KsoITBOXRrrb] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRsPc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\win16.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [KsoITBOXRspe] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKcrc] C:\WINDOWS\login.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKerb] C:\WINDOWS\taskmgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKetc] C:\WINDOWS\sysedit.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKfPc] C:\WINDOWS\win32.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MKZSc] C:\WINDOWS\avp32.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [nhhyqjwj] D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe (Security Suites Corporation)
    O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe File not found
    O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe ()
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
    )
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKLM..\Run: [xwcosnaemr.tmp] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\xwcosnaemr.tmp ()
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
    O4 - HKCU..\Run: [KsoITBOXRme] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRmSc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\avp32.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRnsc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\drweb.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRnxZc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\fzlsmdh4e.exe ()
    O4 - HKCU..\Run: [KsoITBOXRnZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\cmd.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRouic] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\jdfzvzay6.exe ()
    O4 - HKCU..\Run: [KsoITBOXRpuc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\lsass.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRpZ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRpZ (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\mdm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRqNc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\p8gd1.exe ()
    O4 - HKCU..\Run: [KsoITBOXRqvJ] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\rlsrk1c.exe ()
    O4 - HKCU..\Run: [KsoITBOXRrrb] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\taskmgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRsPc] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\win16.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KsoITBOXRspe] D:\Profiles\jnchuiton.EMEA\Local Settings\Temp\winamp.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [leueku] D:\Profiles\jnchuiton.EMEA\leueku.exe ()
    O4 - HKCU..\Run: [mediafix70700en02.exe] D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214\mediafix70700en02.exe (MS)
    O4 - HKCU..\Run: [MKcrc] C:\WINDOWS\login.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKerb] C:\WINDOWS\taskmgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKetc] C:\WINDOWS\sysedit.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKfPc] C:\WINDOWS\win32.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MKZSc] C:\WINDOWS\avp32.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [nhhyqjwj] D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk\wxrvcmsuqiw.exe (Security Suites Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: D:\Profiles\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: D:\Profiles\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - Startup: D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk = D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214\mediafix70700en02.exe (MS)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = D:\Profiles\JNCHUI~1.EME\LOCALS~1\Temp\202fbh.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = c:\windows\Master_Adjust_HR_1280_v3.bmp ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.fr/s/v/61.03/uploader2.cab (UploadListView Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mobility.adecco.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.adecco.net
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (c:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - c:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
    O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01} - D:\Profiles\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll File not found
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/04 18:36:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1d47520f-51d6-11df-afa0-001b38bed442}\Shell\AutoRun\command - "" = F:\9fo3ar0j.exe -- File not found
    O33 - MountPoints2\{1d47520f-51d6-11df-afa0-001b38bed442}\Shell\open\Command - "" = F:\9fo3ar0j.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2010/09/07 20:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\EMCO
    [2010/09/07 20:30:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
    [2010/09/07 20:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2010/09/07 20:28:06 | 001,419,787 | ---- | C] (C_XX) -- D:\Profiles\jnchuiton.EMEA\Bureau\AD-R.exe
    [2010/09/07 20:15:14 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Application Data\Malwarebytes
    [2010/09/07 20:14:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/07 20:14:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/07 20:14:45 | 000,000,000 | ---D | C] -- D:\Profiles\All Users\Application Data\Malwarebytes
    [2010/09/07 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/07 20:14:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Profiles\jnchuiton.EMEA\Bureau\mbam-setup-1.46.exe
    [2010/09/07 19:52:56 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Mes documents\Téléchargements
    [2010/09/07 19:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/09/07 18:04:38 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win16.exe
    [2010/09/07 18:04:37 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
    [2010/09/07 18:04:32 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
    [2010/09/07 18:04:31 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\winlogon.exe
    [2010/09/07 18:04:31 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
    [2010/09/07 18:04:28 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
    [2010/09/07 18:04:15 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\sysedit.exe
    [2010/09/07 18:04:05 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
    [2010/09/07 18:04:02 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\login.exe
    [2010/09/07 18:03:58 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\win.exe
    [2010/09/07 18:03:44 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\asvqhpxsk
    [2010/09/07 18:03:05 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\Windows Server
    [2010/09/07 18:02:59 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Application Data\C9FB27F27815D9A43361E0EF3E4B6214
    [2010/08/30 11:28:56 | 000,000,000 | ---D | C] -- D:\Profiles\jnchuiton.EMEA\Bureau\commission 0709
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp files -> D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2010/09/07 20:56:01 | 000,776,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\nrxtpf.sys
    [2010/09/07 20:55:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FF2105A8-B2AC-491C-B095-034A3EF52EBB}.job
    [2010/09/07 20:51:07 | 004,718,592 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\NTUSER.DAT
    [2010/09/07 20:49:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/07 20:49:30 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/07 20:48:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/07 20:48:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/07 20:46:49 | 000,000,284 | -HS- | M] () -- D:\Profiles\jnchuiton.EMEA\ntuser.ini
    [2010/09/07 20:41:20 | 000,000,734 | ---- | M] () -- D:\Profiles\All Users\Bureau\Malware Destroyer.lnk
    [2010/09/07 20:30:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Profiles\jnchuiton.EMEA\Bureau\OTL.exe
    [2010/09/07 20:28:06 | 001,419,787 | ---- | M] (C_XX) -- D:\Profiles\jnchuiton.EMEA\Bureau\AD-R.exe
    [2010/09/07 20:14:49 | 000,000,584 | ---- | M] () -- D:\Profiles\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 20:14:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- D:\Profiles\jnchuiton.EMEA\Bureau\mbam-setup-1.46.exe
    [2010/09/07 20:03:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/07 20:03:00 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958495452-1883378620-2258318669-9902UA.job
    [2010/09/07 19:52:56 | 000,363,520 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\rkill.exe
    [2010/09/07 18:07:00 | 000,001,197 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
    [2010/09/07 18:07:00 | 000,001,163 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
    [2010/09/07 18:06:59 | 000,001,185 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Antimalware Doctor.lnk
    [2010/09/07 18:05:32 | 000,000,160 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\2674515.BAT
    [2010/09/07 18:04:38 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win16.exe
    [2010/09/07 18:04:37 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win32.exe
    [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\winlogon.exe
    [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\taskmgr.exe
    [2010/09/07 18:04:32 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
    [2010/09/07 18:04:28 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp32.exe
    [2010/09/07 18:04:16 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\sysedit.exe
    [2010/09/07 18:04:05 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
    [2010/09/07 18:04:03 | 000,217,088 | ---- | M] () -- C:\WINDOWS\System32\regedit.exe
    [2010/09/07 18:04:03 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
    [2010/09/07 18:04:00 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win.exe
    [2010/09/07 18:03:29 | 000,204,800 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
    [2010/09/07 17:54:47 | 000,002,728 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\arbredecision_p.jpg
    [2010/09/07 14:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958495452-1883378620-2258318669-9902Core.job
    [2010/09/07 08:05:14 | 000,827,904 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Commission SG 070910.ppt
    [2010/09/06 15:42:08 | 000,046,080 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\GUENNOC NMG1.doc
    [2010/09/06 11:10:10 | 000,002,558 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\nmg richard.xls
    [2010/08/31 15:53:22 | 000,196,380 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\[Office] R Standard - HULNE, Pierre Henri.pdf
    [2010/08/31 15:40:21 | 000,046,080 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\NMG HULNE.doc
    [2010/08/31 14:44:19 | 000,025,600 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Nouveau Document Microsoft Word.doc
    [2010/08/29 19:45:05 | 000,164,807 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\MelchersKleinmannPrinzIJSA[1].pdf
    [2010/08/27 13:35:23 | 000,000,162 | -H-- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\~$LTGEN Venceslas 250810.doc
    [2010/08/24 15:24:22 | 000,000,744 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Raccourci vers Personnel et Confidentiel.lnk
    [2010/08/24 13:54:29 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\btsendto_lnagent.nsf
    [2010/08/24 13:44:50 | 000,000,485 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Maul.lnk
    [2010/08/15 18:56:05 | 000,000,524 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\intlname.ols
    [2010/08/12 16:08:53 | 000,000,658 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Microsoft Office Outlook.lnk
    [2010/08/12 16:08:11 | 001,242,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/12 16:08:11 | 000,558,380 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/08/12 16:08:11 | 000,482,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/12 16:08:11 | 000,104,786 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/08/12 16:08:11 | 000,086,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/12 14:25:54 | 000,023,614 | RHS- | M] () -- D:\Profiles\jnchuiton.EMEA\ntuser.pol
    [2010/08/12 14:23:27 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/12 12:17:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/12 12:17:00 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/12 10:33:01 | 000,000,695 | ---- | M] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp files -> D:\Profiles\jnchuiton.EMEA\Bureau\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2010/09/07 20:41:20 | 000,000,734 | ---- | C] () -- D:\Profiles\All Users\Bureau\Malware Destroyer.lnk
    [2010/09/07 20:14:49 | 000,000,584 | ---- | C] () -- D:\Profiles\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 19:52:56 | 000,363,520 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\rkill.exe
    [2010/09/07 18:07:00 | 000,001,197 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
    [2010/09/07 18:07:00 | 000,001,163 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
    [2010/09/07 18:06:59 | 000,001,185 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Antimalware Doctor.lnk
    [2010/09/07 18:05:32 | 000,000,160 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\2674515.BAT
    [2010/09/07 18:04:29 | 000,776,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\nrxtpf.sys
    [2010/09/07 18:03:28 | 000,204,800 | RHS- | C] () -- D:\Profiles\jnchuiton.EMEA\leueku.exe
    [2010/09/07 18:03:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\regedit.exe
    [2010/09/07 17:55:26 | 000,002,728 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\arbredecision_p.jpg
    [2010/09/06 18:12:04 | 000,827,904 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Commission SG 070910.ppt
    [2010/09/06 15:42:08 | 000,046,080 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\GUENNOC NMG1.doc
    [2010/09/06 11:10:10 | 000,002,558 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\nmg richard.xls
    [2010/09/03 17:41:07 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\FnF4.txt
    [2010/08/31 15:53:22 | 000,196,380 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\[Office] R Standard - HULNE, Pierre Henri.pdf
    [2010/08/31 15:40:21 | 000,046,080 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\NMG HULNE.doc
    [2010/08/31 13:32:29 | 000,025,600 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Nouveau Document Microsoft Word.doc
    [2010/08/29 19:45:05 | 000,164,807 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\MelchersKleinmannPrinzIJSA[1].pdf
    [2010/08/27 13:35:23 | 000,000,162 | -H-- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\~$LTGEN Venceslas 250810.doc
    [2010/08/24 15:24:22 | 000,000,744 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Raccourci vers Personnel et Confidentiel.lnk
    [2010/08/24 13:44:50 | 000,000,485 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Bureau\Maul.lnk
    [2010/08/12 10:33:01 | 000,000,695 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
    [2010/04/21 18:16:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/04/21 18:16:35 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/04/21 18:16:24 | 000,002,528 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Application Data\$_hpcst$.hpc
    [2010/04/12 11:08:29 | 000,005,632 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\QSwitch.txt
    [2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\DSwitch.txt
    [2010/04/01 10:44:45 | 000,000,000 | ---- | C] () -- D:\Profiles\jnchuiton.EMEA\Local Settings\Application Data\AtStart.txt
    [2010/03/09 12:47:20 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2009/10/06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/07/17 11:32:11 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
    [2009/05/06 12:19:09 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
    [2009/05/06 12:19:09 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
    [2009/05/06 12:19:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
    [2009/05/06 12:04:37 | 000,000,713 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
    [2009/05/03 22:36:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/06/06 10:30:36 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/06/06 10:25:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/06/06 10:25:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/06/06 10:25:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/06/06 10:25:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/06/06 10:25:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/06/06 10:25:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/06/06 10:20:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2007/06/06 09:41:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/06/05 10:52:49 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2007/06/05 10:52:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
    [1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
    [1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
    [1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
    [1998/05/07 02:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
    [1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
    < End of report >
    0
  10. Nicolas
     
    Malware destroyer a fonctionné.

    J'ai un écran "detected malware" mais ne voit pas de rapport à copier coller. Désolé pour le manque de maîtrise du sujet.
    0
  11. Nicolas
     
    Ce qui semble être le rapport :

    NMC.ANTIMALWAREDOCTOR SPYWARE Scan mode Only
    NMC.ANTIMALWAREDOCTOR SPYWARE No Action Performed
    NMC.BANCBAN.AH TROJAN Scan mode Only
    NMC.BANCBAN.AH TROJAN No Action Performed
    NMC.GAMETHIEF.WIN32.MAGANIA.CPBC TROJAN Scan mode Only
    NMC.GAMETHIEF.WIN32.MAGANIA.CPBC TROJAN No Action Performed
    NMC.NETSKY.C WORM Scan mode Only
    NMC.NETSKY.C WORM No Action Performed
    NMC.NETSKY.D WORM Scan mode Only
    NMC.NETSKY.D WORM No Action Performed
    NMC.NETSKY.E WORM Scan mode Only
    NMC.NETSKY.E WORM No Action Performed
    NMC.NETSKY.K WORM Scan mode Only
    NMC.NETSKY.K WORM No Action Performed
    NMC.STARTPAGE ADWARE Scan mode Only
    NMC.STARTPAGE ADWARE No Action Performed
    NMC.TRODAL TROJAN Scan mode Only
    NMC.TRODAL TROJAN No Action Performed
    NMC.TROJAN.NULLPOS TROJAN Scan mode Only
    NMC.TROJAN.NULLPOS TROJAN No Action Performed
    NMC.VTUB.AI TROJAN Scan mode Only
    NMC.VTUB.AI TROJAN No Action Performed
    NMC.WINDIR.WINLOGON TROJAN Scan mode Only
    NMC.WINDIR.WINLOGON TROJAN No Action Performed
    0
  12. archet9
     
    Dans l'ordre :

    Redémarre ton pc en mode sans échec avec prise en charge reseau

    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

    ----------------

    Télécharge rkill
    https://download.bleepingcomputer.com/grinler/rkill.exe

    Enregistre-le sur ton Bureau

    Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)

    Un bref écran noir t'indiquera que le tool s'est correctement exécuté, s'il ne lance pas
    change de lien de téléchargement en utilisant le suivant à partir d'ici:

    Rkill COM: Rkill COM:
    https://download.bleepingcomputer.com/grinler/rkill.com https://download.bleepingcomputer.com/grinler/rkill.com

    Rkill SCR: Rkill RCS:
    https://download.bleepingcomputer.com/grinler/rkill.scr https://download.bleepingcomputer.com/grinler/rkill.scr

    Rkill PIF: Rkill PIF:
    http://download.bleepingcomputer.com/grinler/rkill.pif
    http://download.bleepingcomputer.com/grinler/rkill.pif

    ---------------

    Fais un scan avec cet antispyware :
    Malwarebytes + tutoriel

    Tu l'installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l'onglet recherche et coche la case :
    "Executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    A la fin du scan, clique sur Afficher les résultats
    Si des elements on ete trouvés :
    > click sur supprimer la selection.
    si il t'es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s'ouvrir;
    sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    a+
    0