Infection qui redirige mes pages internet...

vinciboy -  
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonsoir, depuis quelque temps j'ai du mal a surfer en tranquillité sur le web car un virus quelquonc redirige les liens sur google et aussi certaines adresses que j'entre moi même. Mon systeme n'a pas eu de "check-up" depuis longtemps alors je présume qu'il doit être bourré de cochoneries. J'ai tout de même scanné mon ordinateur avec divers anti malwares/spywares, mais pour les infections mieux caché, je vous demande l'aide.
En parcourant ce forum j'en ai appris sur HiJackThis donc voici mon Log file après le sacan du système :

Si vous pouviez y jetter un oeil et me dire ce qui devrait être enlever, ça serait grand apprécié!

Merci

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:02:13, on 2010-09-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.pch.com/games?source=candystand"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SystemMON.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} (NetmarbleSystemIDInfo Class) - http://download.netmarble.net/...
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\gujofono.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: BCU - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\BCU.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

16 réponses

Réponse 1 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
(sujet redirigé sur le bon forum)

bonjour

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

1
Réponse 2 / 16
Utilisateur anonyme
 
bonjour ouvres un message dans le forum virus/sécurité
0
Réponse 3 / 16
vinciboy
 
Bonsoir, merci pour votre réponse. J'ai le ZHPDiag.txt, par contre, aucun site ne veut me laisser uploader le fichier. Même celui que vous avez mentionné, cijoint. Puis-je le copier/coller sous forme de réponse?
0
Utilisateur anonyme
 
oui
0
Réponse 4 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

je devine le soucis

fais ceci


Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l'utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix



Télécharge ComboFix de sUBs que tu renommes VINCI.exe avant de l'enregistrer sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt



CONTRIBUTEUR SECURITE

Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
vinciboy
 
Bonjour, j'ai utilisé Combofix et voila le rapport qui a résulte. Par contre je n'ai pu installer la console de récupération car il y a eu une erreur pendant le téléchargement et Combofix l'a stoppé.

ComboFix 10-09-16.02 - Admin 2010-09-16 14:00:22.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1623 [GMT -4:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\VINCI.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Local Settings\Application Data\{7348C82B-DDE8-4622-9F77-677FADDE2358}
c:\documents and settings\Admin\Local Settings\Application Data\{7348C82B-DDE8-4622-9F77-677FADDE2358}\chrome\content\_cfg.js
c:\documents and settings\Admin\Local Settings\Application Data\{7348C82B-DDE8-4622-9F77-677FADDE2358}\chrome\content\overlay.xul
c:\documents and settings\Admin\Local Settings\Application Data\{7348C82B-DDE8-4622-9F77-677FADDE2358}\install.rdf
c:\program files\Internet Explorer\UpDate.exe
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\windows\system32\spool\prtprocs\w32x86\xM9gM7g3.dll

Une copie infectée de c:\windows\system32\drivers\afd.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-16 au 2010-09-16 ))))))))))))))))))))))))))))))))))))
.

2010-09-16 04:30 . 2010-09-16 04:32 -------- d-----w- c:\program files\ZHPDiag
2010-09-08 20:18 . 2010-09-08 20:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Geckofx
2010-09-08 20:17 . 2010-09-08 20:17 -------- d-----w- c:\program files\Red Kawa
2010-09-04 21:59 . 2010-09-04 21:59 -------- d-----w- c:\program files\Efficient WMA MP3 Converter
2010-08-28 23:53 . 2010-08-28 23:53 -------- d-----w- c:\program files\Audacity
2010-08-21 09:59 . 2010-08-21 09:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-18 21:52 . 2010-08-18 21:52 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-18 21:41 . 2010-08-19 02:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-18 21:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:15 . 2010-08-18 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 05:57 . 2010-08-18 05:57 -------- d-----w- c:\program files\IrfanView

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 18:41 . 2010-09-16 18:41 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38b0e1f5-n\msvcp71.dll
2010-09-16 18:41 . 2010-09-16 18:41 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38b0e1f5-n\jmc.dll
2010-09-16 18:41 . 2010-09-16 18:41 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38b0e1f5-n\msvcr71.dll
2010-09-16 18:41 . 2010-09-16 18:41 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39c190be-n\decora-sse.dll
2010-09-16 18:41 . 2010-09-16 18:41 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39c190be-n\decora-d3d.dll
2010-09-16 18:39 . 2006-10-24 22:46 -------- d-----w- c:\program files\Java
2010-09-16 18:36 . 2010-02-02 17:33 -------- d-----w- c:\program files\DNA
2010-09-16 18:36 . 2010-02-02 17:33 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA
2010-09-16 18:16 . 2006-03-02 12:00 96240 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-16 18:16 . 2006-03-02 12:00 536458 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-16 18:08 . 2010-06-27 21:07 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-09-16 09:52 . 2010-01-08 01:46 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-16 01:01 . 2010-09-16 01:01 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-09 00:11 . 2007-07-24 00:40 -------- d-----w- c:\documents and settings\Admin\Application Data\Azureus
2010-08-30 03:34 . 2010-06-27 21:07 -------- d-----w- c:\program files\YouTube Downloader
2010-08-30 03:25 . 2009-07-07 05:07 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2010-08-19 06:50 . 2006-11-11 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-19 02:16 . 2010-04-04 02:15 -------- d-----w- c:\program files\Lavasoft
2010-08-19 02:16 . 2008-09-15 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-11 20:21 . 2008-04-16 22:10 220926964 ----a-w- c:\documents and settings\Admin\Application Data\ijjigame\U_GUNZ_setup.exe
2010-08-05 00:14 . 2010-09-16 01:21 875296 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\JRERunOnce.exe
2010-08-02 20:52 . 2010-08-02 20:51 -------- d-----w- c:\program files\IZArc
2010-07-23 15:24 . 2009-02-02 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 02:05 . 2010-07-23 02:05 26732 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-21 00:36 . 2010-07-21 00:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-20 04:15 . 2010-07-20 04:15 -------- d-----w- c:\program files\FLV Player
2010-07-18 21:22 . 2010-07-18 21:22 -------- d-----w- c:\program files\VirtualDJ
2010-06-30 05:28 . 2010-06-30 05:28 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2004-10-01 19:00 . 2006-10-06 14:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-08-22 21:51 . 2006-08-20 21:51 86016 --sh--w- c:\windows\Fonts\DotMSN.dll
2009-08-22 21:51 . 2006-08-20 21:51 192512 --sh--w- c:\windows\Fonts\ICSharpCode.SharpZipLib.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-02-02 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-20 974848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Admin\Menu D'marrer\Programmes\D'marrage\
SystemMON.exe [2009-7-23 637320]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2010-6-29 1073152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\ijji\\ENGLISH\\u_goonzu.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\DriftCity\\driftcity.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PLauncher.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-24 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-08-18 304464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-12 24652]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2006-10-05 34944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-08-18 20952]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 BCU;BCU;c:\docume~1\Admin\LOCALS~1\Temp\BCU.exe --> c:\docume~1\Admin\LOCALS~1\Temp\BCU.exe [?]
S3 CEDRIVER53;CEDRIVER53; [x]
S3 Dua1;Dua1; [x]
S3 ESISTEMA53;ESISTEMA53; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-03-09 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-03-09 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-10-19 44800]
S3 TSHAK3T1;TSHAK3T1;\??\c:\documents and settings\Admin\Mes documents\Revolution Engine 3.2 MaxD_\spuce.sys --> c:\documents and settings\Admin\Mes documents\Revolution Engine 3.2 MaxD_\spuce.sys [?]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva320;XDva320;\??\c:\windows\system32\XDva320.sys --> c:\windows\system32\XDva320.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-11 721904]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{DB220ADC-5273-46B4-91EF-C3C683EBED69}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E71BB337-C5F0-4EC2-9217-8ACFC29C5F0A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {20050325-D35A-4233-926E-2E801AE25949} - hxxp://www.netmarble.jp/_common/cab/NMStarterJP6.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://file.netmarble.jp/Control/NMJTransX.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.com/kdefence/kdfense8237.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wluyew3f.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-nwiz - nwiz.exe
ActiveSetup-{233807B5-2H60-15D0-A31Q-00BB00B32C03} - c:\windows\fonts\fonts.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 14:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,c5,7a,aa,a6,63,c9,46,a1,fb,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,c5,7a,aa,a6,63,c9,46,a1,fb,45,\

[HKEY_USERS\S-1-5-21-790525478-1788223648-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,09,30,f4,b0,a3,42,7e,e4,b7,3b,e2,32,2e,38,b4,fa,3d,9b,19,be,
b3,16,00,a8,13,3f,8d,c2,d1,ab,a8,98,dd,67,75,d7,9d,ac,bd,6d,6b,c1,e3,0e,af,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1552)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre-ca.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Heure de fin: 2010-09-16 14:44:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-16 18:44

Avant-CF: 194 496 139 264 octets libres
Après-CF: 194 643 484 672 octets libres

- - End Of File - - 8E103D5451772B0DAE28EC68A454578B
0
Réponse 6 / 16
vinciboy
 
Et sans oublier voici le log file du scan ZHPDiag:

Rapport de ZHPDiag v1.26.631 par Nicolas Coolman, Update du 15/09/2010
Run by Admin at 2010-09-16 00:31:04
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.6.8)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (47% free)
System drive C: has 181 GB (60%) free of 298 GB

---\\ Logged in mode
Computer Name: SENSEI
User Name: Admin
All Users Names: SUPPORT_388945a0, Monique, HelpAssistant, ASPNET, Administrateur, Admin,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 181 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK


---\\ Processus lancés
[MD5.A86A2F2B2BF5D5EED075B6417DE5CF1C] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) -- C:\WINDOWS\system32\nvsvc32.exe [154216]
[MD5.703485A2C9EC94C35ED7EC56B13778B2] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336]
[MD5.B2764687AA998206879AA53379C0AF31] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968]
[MD5.2E3E53A6AEF23E24F402C7855B9B1542] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144176]
[MD5.E0A2B1714BCA4BE98EEB63D7A44A8757] - (.Spigot, Inc. - Application Updater.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe [380928]
[MD5.5AB58C337AC65837FE404462AD6265AB] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.44FFBA62F0F426B581759C49AAFEC2E2] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [152984]
[MD5.47902A906ACE88580B08FF58D4C0C205] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [304464]
[MD5.641199534871783DD74138FE0BCFDAE7] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [271720]
[MD5.F80EEC5E1D6CDF82CB974DAADA0C57DD] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337]
[MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208]
[MD5.0E01D7EEBADA0B324DB0CA1EE73440BA] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PnkBstrA.exe [66872]
[MD5.5F974FDE801C73952770736BECDE11E7] - (.Viewpoint Corporation - ViewMgr.) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652]
[MD5.F9825069752B43CA98974B71A9B4DCF5] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\WINDOWS\vVX1000.exe [709992]
[MD5.68E9B7820AF8D692F6F99483AB1F3BE5] - (.Pas de propriétaire - razerhid MFC Application.) -- C:\Program Files\Razer\Tarantula\razerhid.exe [176128]
[MD5.1BE6FBEE744B1F35A8A57D7468DAA686] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776]
[MD5.5A25A52B38E8406AAFD2E04325321165] - (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [729088]
[MD5.C657EAFC69660FBEE917F6616DE360E4] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [600896]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840]
[MD5.D22D936F9AB0DA3B8EB7537284867708] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [148888]
[MD5.CF4A0E2C240501C826977ACC5F0E8411] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [282792]
[MD5.A3DAF1B141965C20FBD5CB9DB9C7AAEC] - (.Spigot, Inc. - Search Settings application.) -- C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe [974848]
[MD5.0E284B5BB0CDD631461CE7E91DCEE3E2] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [141624]
[MD5.CC0D9AC0AD3AA394BBA42B0B304BCF13] - (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520]
[MD5.AFA1F8CC076AB0462512A78473D86D53] - (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe [323392]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480]
[MD5.A9D65CEEEC7844C9A0C6B445BCBE7823] - (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [282624]
[MD5.7AD641B3B7F17153A9AB79D02A63B1B8] - (.Pas de propriétaire - Nintendo Wi-Fi Connector USB.) -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe [1073152]
[MD5.8F610078437A459948480407F4DB91EA] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [540472]
[MD5.0313129323AAEFADB820082D014F4DAC] - (.Hewlett-Packard Development Company, L.P. - HP CUE Status.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [204800]
[MD5.5BF59C6BC737BAAF541168E5CB2EC1D9] - (.Nokia - ServiceLayer Module.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800]
[MD5.C538021B867C129458A3E73352B8638D] - (.Nokia - USB Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [132608]
[MD5.46A9D1FCC55EC6A62FE1D2ACE79C6CA8] - (.Nokia - Serial Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe [120832]
[MD5.80660C611B596FFE8AF4074B31AA6FB7] - (.Adobe Systems Incorporated - Adobe Reader 8.1.) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe [341616]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.4CFF10889E527B49EF12122F894666F2] - (.Nero AG - Nero Express.) -- C:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe [42308904]
[MD5.2500976844BBF796F7EDFBA2A9F277F6] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [555008]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Delivery Network Acceleration by BitTorrent(TM).) -- C:\Program Files\DNA\plugins\npbtdna.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
P2 - FPN: [HKCU] [@macromedia.com/FlashPlayer9] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) (2008, 7, 28, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. - Search Settings IE.) (1, 2, 3, 17) -- C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. - Search Settings IE.) -- C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u (.not file.)
O4 - HKLM\..\Run: [Tarantula] . (.Pas de propriétaire - razerhid MFC Application.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMax] . (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
O4 - HKLM\..\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SearchSettings] . (.Spigot, Inc. - Search Settings application.) -- C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [BitTorrent DNA] . (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.exe7; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) -http:\\www.candystand.com\play\billiards (.not file.)
O4 - HKCU\..\RunOnce: [JavaInstallRetry] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Documents and Settings\Admin\Application Data\Sun\Java\JRERunOnce.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [BitTorrent DNA] . (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.exe7; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) -http:\\www.candystand.com\play\billiards (.not file.)
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\RunOnce: [JavaInstallRetry] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Documents and Settings\Admin\Application Data\Sun\Java\JRERunOnce.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk . (.Pas de propriétaire - Nintendo Wi-Fi Connector USB.) -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: SystemMON.exe . (.Pas de propriétaire - Pas de description.) -- C:\Documents And Settings\Admin\Menu Démarrer\Programmes\Démarrage\SystemMON.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} (NetmarbleSystemIDInfo Class) - http://download.netmarble.net/...
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} () - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS1\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS1\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS2\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS2\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS3\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS3\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\System32\WgaLogon.dll


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\gujofono.dll (.not file.)


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater (Application Updater) . (.Spigot, Inc. - Application Updater.) - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service (Viewpoint Manager Service) . (.Viewpoint Corporation - ViewMgr.) - C:\Program Files\Viewpoint\Common\ViewpointService.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB220ADC-5273-46B4-91EF-C3C683EBED69}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{E71BB337-C5F0-4EC2-9217-8ACFC29C5F0A}.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\swdir.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r53.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Acrobat 5.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Acrobat 5.0
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
O42 - Logiciel: Adobe Reader 8.1.3 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A81300000003}
O42 - Logiciel: Adobe Shockwave Player 11 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {B2D328BE-45AD-4D92-96F9-2151490A203E}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {85991ED2-010C-4930-96FA-52F43C2CE98A}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Applian FLV Player - (.Applian Technologies Inc..) [HKLM] -- Applian FLV Player2.0.24
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Attansic Giga Ethernet Utility - (.Pas de propriétaire.) [HKLM] -- {1F698102-5739-441E-96F0-74F4EA540F06}
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Azureus - (.Pas de propriétaire.) [HKLM] -- Azureus
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {0CB9668D-F979-4F31-B8B8-67FE90F929F8}
O42 - Logiciel: CCleaner (remove only) - (.Pas de propriétaire.) [HKLM] -- CCleaner
O42 - Logiciel: DNA - (.BitTorrent Inc..) [HKCU] -- BitTorrent DNA
O42 - Logiciel: DVD Solution - (.Pas de propriétaire.) [HKLM] -- {B97CF5C3-0487-11D8-A36E-0050BAE317E1}
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2}
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}
O42 - Logiciel: Drift City - (.Pas de propriétaire.) [HKLM] -- DriftCity
O42 - Logiciel: Efficient WMA MP3 Converter v0.99.7 - (.Pas de propriétaire.) [HKLM] -- Efficient WMA MP3 Converter_is1
O42 - Logiciel: Final Gunz - (.Pas de propriétaire.) [HKLM] -- Final Gunz
O42 - Logiciel: Fraps (remove only) - (.Pas de propriétaire.) [HKLM] -- Fraps
O42 - Logiciel: Free Internet Eraser 2.30 - (.PrivacyEraser Computing, Inc..) [HKLM] -- Free Internet Eraser_is1
O42 - Logiciel: Grand Theft Auto IV - (.Rockstar Games.) [HKLM] -- {579BA58C-F33D-4970-9953-B94B43768AC3}
O42 - Logiciel: HP Imaging Device Functions 6.1 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 6.1.A - (.HP.) [HKLM] -- {E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}
O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
O42 - Logiciel: HP Product Assistant - (.Hewlett-Packard.) [HKLM] -- {36FDBE6E-6684-462B-AE98-9A39A1B200CC}
O42 - Logiciel: HP Solution Center and Imaging Support Tools 6.1 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {818ABC3C-635C-4651-8183-D0E9640B7DD1}
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: IZArc 4.1.2 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: IrfanView (remove only) - (.Irfan Skiljan.) [HKLM] -- IrfanView
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150100}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150110}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 8 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150080}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 9 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150090}
O42 - Logiciel: JRAID - (.JMICRON Technologies, Inc..) [HKLM] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}
O42 - Logiciel: Java(TM) 6 Update 14 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 3 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160030}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: LG ODD Auto Firmware Update - (.Pas de propriétaire.) [HKLM] -- {6179550A-3E7C-499E-BCC9-9E8113E0A285}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: LimeWire 5.5.8 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
O42 - Logiciel: Lunia - (.Pas de propriétaire.) [HKLM] -- Lunia
O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB925672) - (.Microsoft Corporation.) [HKLM] -- {A9CF9052-F4A0-475D-A00F-A8388C62DD63}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
O42 - Logiciel: Magic ISO Maker v5.4 (build 0251) - (.Pas de propriétaire.) [HKLM] -- Magic ISO Maker v5.4 (build 0251)
O42 - Logiciel: MagicDisc 2.5.79 - (.Pas de propriétaire.) [HKLM] -- MagicDisc 2.5.79
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Games for Windows - LIVE - (.Microsoft Corporation.) [HKLM] -- {A1C962E2-2426-49C6-A38B-9A07E40D607C}
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM] -- {00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007
O42 - Logiciel: Microsoft LifeCam - (.Microsoft.) [HKLM] -- {968D41C3-25BB-4632-A6DF-2E1C8F0143A4}
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Office Basic Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9113040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) - (.Microsoft Corporation.) [HKLM] -- {E09B48B5-E141-427A-AB0C-D3605127224A}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wudf01007
O42 - Logiciel: Microsoft Visual Basic 2005 Express - FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft Visual Basic 2005 Express Edition - FRA
O42 - Logiciel: Microsoft Visual Basic 2005 Express - FRA Service Pack 1 (KB926747) - (.Microsoft Corporation.) [HKLM] -- KB926747.T2_89ToU291_89
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] -- {BA165460-FCF7-4D6C-A7A2-F2321700720F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.8)
O42 - Logiciel: Multimedia Launcher - (.Pas de propriétaire.) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
O42 - Logiciel: NVIDIA nView Desktop Manager - (.NVIDIA Corporation.) [HKLM] -- NVIDIA nView Desktop Manager
O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall
O42 - Logiciel: Neo Steam : The Shattered Continent - (.Studio MARS / Hanbit Soft.) [HKLM] -- Neo Steam
O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {148a66c4-8fa7-47bc-a9d5-07570c4c7cba}
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- {9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- Nokia PC Suite
O42 - Logiciel: Nokia Software Updater - (.Nokia Corporation.) [HKLM] -- {D043E0F8-5EFA-4102-A863-08F39D9DF2F4}
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {BEB79508-7D67-4A2F-9FB3-54C2B68E9532}
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4) - (.Nokia.) [HKLM] -- 8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (10/05/2009 4.2) - (.Nokia.) [HKLM] -- 05B59228C7E1C21DFBE89260F879BD95880548D8
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: PowerProducer - (.Pas de propriétaire.) [HKLM] -- {B7A0CE06-068E-11D6-97FD-0050BACBF861}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
O42 - Logiciel: Razer Tarantula - (.Razer Inc..) [HKLM] -- {655B9514-3963-490B-9EE1-431E80444889}
O42 - Logiciel: Rockstar Games Social Club - (.Rockstar Games.) [HKLM] -- {08B3869E-D282-424C-9AFC-870E04A4BA14}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shin Megami Tensei: Imagine Online - (.Pas de propriétaire.) [HKLM] -- Shin Megami Tensei: Imagine Online
O42 - Logiciel: SoulSeek 157 NS 13e - (.Pas de propriétaire.) [HKLM] -- Soulseek2
O42 - Logiciel: SoundMAX - (.Analog Devices.) [HKLM] -- {F0A37341-D692-11D4-A984-009027EC0A9C}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] -- SystemRequirementsLab
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Utilitaire d'enregistrement du connecteur Wi-Fi USB Nintendo - (.Pas de propriétaire.) [HKLM] -- WiFiConnector
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM] -- {767CC44C-9BBC-438D-BAD3-FD4595DD148B}
O42 - Logiciel: VideoLAN VLC media player 0.8.5 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Videora iPod Converter 6 - (.Red Kawa.) [HKLM] -- Videora iPod Converter
O42 - Logiciel: Viewpoint Media Player - (.Pas de propriétaire.) [HKLM] -- ViewpointMediaPlayer
O42 - Logiciel: Virtual DJ - Atomix Productions - (.Pas de propriétaire.) [HKLM] -- Virtual DJ - Atomix Productions
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: Vuze Launcher - (.http://www.vuze.com/ [HKCU] -- Vuze Launcher
O42 - Logiciel: Windows Defender - (.Microsoft Corporation.) [HKLM] -- {A06275F4-324B-4E85-95E6-87B2CD729401}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840}
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XviD MPEG-4 Video Codec - (.Pas de propriétaire.) [HKLM] -- XviD_is1
O42 - Logiciel: Yahoo! Barre d'outils - (.Pas de propriétaire.) [HKLM] -- Yahoo! Companion
O42 - Logiciel: YouTube Downloader 2.6.1 - (.BienneSoft.) [HKLM] -- {1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
O42 - Logiciel: YouTube Downloader Toolbar v1.0 - (.Spigot, Inc..) [HKLM] -- {004098A1-0362-4C42-A1C3-CAD436CFF4A1}
O42 - Logiciel: getPlus(R) for Adobe - (.NOS Microsystems Ltd..) [HKLM] -- {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {7AB3A249-FB81-416B-917A-A2A10E74C503}
O42 - Logiciel: ijji - (.Pas de propriétaire.) [HKCU] -- ijji.com
O42 - Logiciel: ijji - Gunz - (.Pas de propriétaire.) [HKLM] -- Gunz
O42 - Logiciel: ijji REACTOR - (.ijji.) [HKLM] -- {901DC58A-5C1B-4315-BA40-5AD3D3A463B9}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO]
[HKCU\Software\ASProtect]
[HKCU\Software\AVG]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Alcohol Soft]
[HKCU\Software\America Online]
[HKCU\Software\Analog Devices]
[HKCU\Software\AppConf]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\YouTube Downloader]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Avery]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\Binary Noise]
[HKCU\Software\BitTorrent]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CDDB]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\CyberStep]
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\DVD Shrink]
[HKCU\Software\DefaultID]
[HKCU\Software\Digital River]
[HKCU\Software\DirectShow]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Dragonfly]
[HKCU\Software\DualEngi]
[HKCU\Software\Ectaco]
[HKCU\Software\Elcom]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HanGame.Com]
[HKCU\Software\HanPurple]
[HKCU\Software\Headlight]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\Hyperpia]
[HKCU\Software\IM Providers]
[HKCU\Software\INCAInternet]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\InterTrust]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jetico]
[HKCU\Software\Joymax]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Kazaa]
[HKCU\Software\Lake]
[HKCU\Software\Last.fm]
[HKCU\Software\Lavasoft]
[HKCU\Software\LdShih]
[HKCU\Software\LeaderTech]
[HKCU\Software\Licenses]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\MAIET entertainment]
[HKCU\Software\Macromedia]
[HKCU\Software\MagicDisc]
[HKCU\Software\MagicISO]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Matroska Pack]
[HKCU\Software\Mediachance]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NDOORS]
[HKCU\Software\NOS]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nintendo]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\Opendisc]
[HKCU\Software\PQDVD]
[HKCU\Software\PepiMK Software]
[HKCU\Software\Pinnacle Systems]
[HKCU\Software\Piriform]
[HKCU\Software\PocketDVD]
[HKCU\Software\Policies]
[HKCU\Software\PrivacyEraser Computing, Inc.]
[HKCU\Software\Revolution Engine 3.2]
[HKCU\Software\Ripp-it]
[HKCU\Software\Ruan Engine]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\Search Settings]
[HKCU\Software\SecuROM]
[HKCU\Software\Shareaza]
[HKCU\Software\Softonic]
[HKCU\Software\Sony Creative Software]
[HKCU\Software\SoulSeek]
[HKCU\Software\Soulseek2]
[HKCU\Software\Sysinternals]
[HKCU\Software\TechSmith]
[HKCU\Software\TorrentAid]
[HKCU\Software\Trend Micro]
[HKCU\Software\Trolltech]
[HKCU\Software\Uniblue]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VCRPK]
[HKCU\Software\VOB]
[HKCU\Software\Ventrilo]
[HKCU\Software\VirtuaMedia]
[HKCU\Software\VirtualDJ]
[HKCU\Software\W3i]
[HKCU\Software\WMA-MP3-Converter.org]
[HKCU\Software\WinGuides]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Xfire]
[HKCU\Software\Xiph.Org]
[HKCU\Software\Xobni]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\YouTube Downloader]
[HKCU\Software\ZD Soft]
[HKCU\Software\Zenos Engine]
[HKCU\Software\ZjSoft]
[HKCU\Software\doctorwho engine]
[HKCU\Software\ej-technologies]
[HKCU\Software\ijji]
[HKCU\Software\keyhole.com]
[HKCU\Software\mIRC]
[HKCU\Software\proDAD]
[HKCU\Software\shockwave.com]
[HKLM\Software\0]
[HKLM\Software\5e3]
[HKLM\Software\781]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\AOL]
[HKLM\Software\ASUS]
[HKLM\Software\Acorn]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\America Online]
[HKLM\Software\Analog Devices]
[HKLM\Software\Andrea Electronics]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Application Updater]
[HKLM\Software\AskBarDis]
[HKLM\Software\Attansic]
[HKLM\Software\Audible]
[HKLM\Software\Avery]
[HKLM\Software\Avira]
[HKLM\Software\BitTorrent]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreSecurity]
[HKLM\Software\Croteam]
[HKLM\Software\CyberLink]
[HKLM\Software\CyberStep]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\DIVINA]
[HKLM\Software\DT Soft]
[HKLM\Software\DVC150]
[HKLM\Software\Digital River]
[HKLM\Software\DivXNetworks]
[HKLM\Software\Driver-Soft]
[HKLM\Software\Elcom]
[HKLM\Software\Even Balance]
[HKLM\Software\FAST Multimedia]
[HKLM\Software\Fraps2]
[HKLM\Software\Freeze.com]
[HKLM\Software\GEAR Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Gravity Soft]
[HKLM\Software\HP]
[HKLM\Software\HanGame.Com]
[HKLM\Software\HanPurple]
[HKLM\Software\Hewlett-Packard]
0
Réponse 7 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

il reste des choses

1)

* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Miroir:

https://www.androidworld.fr/

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

.....................

2)


Téléchargez MalwareByte's Anti-Malware (que tu pourras garder)


https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

......................

3)

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr

=> utiliser https://www.cjoint.com/
=> utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

CONTRIBUTEUR SECURITE

Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
0
Réponse 8 / 16
vinciboy
 
Bonjour, voici le rapport AD-R, suivi du Anti-Malware et finalement du ZHPDiag:

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:26:17 le 17/09/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Admin@SENSEI ( )

============== ACTION(S) ==============

Service: "Application Updater" Stoppé et supprimé
Service: "Viewpoint Manager Service" Stoppé et supprimé

0,Dossier supprimé: C:\Program Files\Application Updater
0,Dossier supprimé: C:\Documents and Settings\Admin\Application Data\Search Settings
0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint
0,Dossier supprimé: C:\Program Files\Viewpoint
3,Fichier supprimé: C:\WINDOWS\Installer\1eeeed1b.msi
3,Fichier supprimé: C:\WINDOWS\Installer\f3d6f3b.msi

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
1,Clé supprimée: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
0,Clé supprimée: HKLM\Software\Classes\Need2FindBar.SettingsPlugin
0,Clé supprimée: HKLM\Software\Classes\Need2FindBar.SettingsPlugin.1
0,Clé supprimée: HKLM\Software\Classes\Need2FindBar.ToolbarPlugin
0,Clé supprimée: HKLM\Software\Classes\Need2FindBar.ToolbarPlugin.1
0,Clé supprimée: HKLM\Software\Application Updater
0,Clé supprimée: HKLM\Software\AskBarDis
0,Clé supprimée: HKLM\Software\Freeze.com
0,Clé supprimée: HKLM\Software\MetaStream
0,Clé supprimée: HKLM\Software\Search Settings
0,Clé supprimée: HKLM\Software\Viewpoint
0,Clé supprimée: HKCU\Software\Search Settings
0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
0,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.8 (fr)] **

-- C:\Documents and Settings\Admin\Application Data\Mozilla\FireFox\Profiles\wluyew3f.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\k044xgd0.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.8.1

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 28 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 17/09/2010 (960 Octet(s))
C:\Ad-Report-SCAN[1].txt - 17/09/2010 (5018 Octet(s))

Fin à: 01:29:09, 17/09/2010

============== E.O.F ==============


Rapport Anti-Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4447

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-09-17 13:09:24
mbam-log-2010-09-17 (13-09-24).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 354500
Temps écoulé: 1 heure(s), 54 minute(s), 7 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{B8FA583C-46A5-4903-A922-E4AC0FE5FD37}\RP600\A0081347.sys (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Rapport ZHPDiag

Rapport de ZHPDiag v1.26.631 par Nicolas Coolman, Update du 15/09/2010
Run by Admin at 2010-09-17 13:31:00
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.6.8)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (74% free)
System drive C: has 179 GB (60%) free of 298 GB

---\\ Logged in mode
Computer Name: SENSEI
User Name: Admin
All Users Names: SUPPORT_388945a0, Monique, HelpAssistant, ASPNET, Administrateur, Admin,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 179 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Free 0 Go of 4 Go)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK


---\\ Processus lancés
[MD5.A86A2F2B2BF5D5EED075B6417DE5CF1C] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) -- C:\WINDOWS\system32\nvsvc32.exe [154216]
[MD5.703485A2C9EC94C35ED7EC56B13778B2] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336]
[MD5.B2764687AA998206879AA53379C0AF31] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968]
[MD5.2E3E53A6AEF23E24F402C7855B9B1542] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144176]
[MD5.5AB58C337AC65837FE404462AD6265AB] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.47902A906ACE88580B08FF58D4C0C205] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [304464]
[MD5.641199534871783DD74138FE0BCFDAE7] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [271720]
[MD5.F80EEC5E1D6CDF82CB974DAADA0C57DD] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337]
[MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208]
[MD5.0E01D7EEBADA0B324DB0CA1EE73440BA] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PnkBstrA.exe [66872]
[MD5.F9825069752B43CA98974B71A9B4DCF5] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\WINDOWS\vVX1000.exe [709992]
[MD5.68E9B7820AF8D692F6F99483AB1F3BE5] - (.Pas de propriétaire - razerhid MFC Application.) -- C:\Program Files\Razer\Tarantula\razerhid.exe [176128]
[MD5.1BE6FBEE744B1F35A8A57D7468DAA686] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776]
[MD5.C657EAFC69660FBEE917F6616DE360E4] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [600896]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552]
[MD5.CF4A0E2C240501C826977ACC5F0E8411] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [282792]
[MD5.0E284B5BB0CDD631461CE7E91DCEE3E2] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [141624]
[MD5.AFA1F8CC076AB0462512A78473D86D53] - (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe [323392]
[MD5.A9D65CEEEC7844C9A0C6B445BCBE7823] - (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [282624]
[MD5.7AD641B3B7F17153A9AB79D02A63B1B8] - (.Pas de propriétaire - Nintendo Wi-Fi Connector USB.) -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe [1073152]
[MD5.8F610078437A459948480407F4DB91EA] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [540472]
[MD5.0313129323AAEFADB820082D014F4DAC] - (.Hewlett-Packard Development Company, L.P. - HP CUE Status.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [204800]
[MD5.5BF59C6BC737BAAF541168E5CB2EC1D9] - (.Nokia - ServiceLayer Module.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800]
[MD5.C538021B867C129458A3E73352B8638D] - (.Nokia - USB Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [132608]
[MD5.46A9D1FCC55EC6A62FE1D2ACE79C6CA8] - (.Nokia - Serial Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe [120832]
[MD5.2500976844BBF796F7EDFBA2A9F277F6] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [555008]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Delivery Network Acceleration by BitTorrent(TM).) -- C:\Program Files\DNA\plugins\npbtdna.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (.not file.)
P2 - FPN: [HKCU] [@macromedia.com/FlashPlayer9] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) (2008, 7, 28, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Tarantula] . (.Pas de propriétaire - razerhid MFC Application.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [BitTorrent DNA] . (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [BitTorrent DNA] . (.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-790525478-1788223648-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk . (.Pas de propriétaire - Nintendo Wi-Fi Connector USB.) -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: SystemMON.exe . (.Pas de propriétaire - Pas de description.) -- C:\Documents And Settings\Admin\Menu Démarrer\Programmes\Démarrage\SystemMON.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} (NetmarbleSystemIDInfo Class) - http://download.netmarble.net/...
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} () - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS1\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS2\Services\Tcpip\..\{27EAEE63-3971-42D3-81A7-0464DEDDCC42}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS2\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O17 - HKLM\System\CS3\Services\Tcpip\..\{E5BB8157-ACC0-4D1A-ACD4-71E96D7B86E2}: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\System32\WgaLogon.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\PnkBstrA.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB220ADC-5273-46B4-91EF-C3C683EBED69}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{E71BB337-C5F0-4EC2-9217-8ACFC29C5F0A}.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\swdir.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r53.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Acrobat 5.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Acrobat 5.0
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
O42 - Logiciel: Adobe Reader 8.1.3 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A81300000003}
O42 - Logiciel: Adobe Shockwave Player 11 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {B2D328BE-45AD-4D92-96F9-2151490A203E}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {85991ED2-010C-4930-96FA-52F43C2CE98A}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Applian FLV Player - (.Applian Technologies Inc..) [HKLM] -- Applian FLV Player2.0.24
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Attansic Giga Ethernet Utility - (.Pas de propriétaire.) [HKLM] -- {1F698102-5739-441E-96F0-74F4EA540F06}
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Azureus - (.Pas de propriétaire.) [HKLM] -- Azureus
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {0CB9668D-F979-4F31-B8B8-67FE90F929F8}
O42 - Logiciel: CCleaner (remove only) - (.Pas de propriétaire.) [HKLM] -- CCleaner
O42 - Logiciel: DNA - (.BitTorrent Inc..) [HKCU] -- BitTorrent DNA
O42 - Logiciel: DVD Solution - (.Pas de propriétaire.) [HKLM] -- {B97CF5C3-0487-11D8-A36E-0050BAE317E1}
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2}
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}
O42 - Logiciel: Drift City - (.Pas de propriétaire.) [HKLM] -- DriftCity
O42 - Logiciel: Efficient WMA MP3 Converter v0.99.7 - (.Pas de propriétaire.) [HKLM] -- Efficient WMA MP3 Converter_is1
O42 - Logiciel: Final Gunz - (.Pas de propriétaire.) [HKLM] -- Final Gunz
O42 - Logiciel: Fraps (remove only) - (.Pas de propriétaire.) [HKLM] -- Fraps
O42 - Logiciel: Free Internet Eraser 2.30 - (.PrivacyEraser Computing, Inc..) [HKLM] -- Free Internet Eraser_is1
O42 - Logiciel: Grand Theft Auto IV - (.Rockstar Games.) [HKLM] -- {579BA58C-F33D-4970-9953-B94B43768AC3}
O42 - Logiciel: HP Imaging Device Functions 6.1 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 6.1.A - (.HP.) [HKLM] -- {E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}
O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
O42 - Logiciel: HP Product Assistant - (.Hewlett-Packard.) [HKLM] -- {36FDBE6E-6684-462B-AE98-9A39A1B200CC}
O42 - Logiciel: HP Solution Center and Imaging Support Tools 6.1 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {818ABC3C-635C-4651-8183-D0E9640B7DD1}
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: IZArc 4.1.2 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: IrfanView (remove only) - (.Irfan Skiljan.) [HKLM] -- IrfanView
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150100}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150110}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 8 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150080}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 9 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150090}
O42 - Logiciel: JRAID - (.JMICRON Technologies, Inc..) [HKLM] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 21 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Java(TM) 6 Update 3 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160030}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: LG ODD Auto Firmware Update - (.Pas de propriétaire.) [HKLM] -- {6179550A-3E7C-499E-BCC9-9E8113E0A285}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: LimeWire 5.5.8 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
O42 - Logiciel: Lunia - (.Pas de propriétaire.) [HKLM] -- Lunia
O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB925672) - (.Microsoft Corporation.) [HKLM] -- {A9CF9052-F4A0-475D-A00F-A8388C62DD63}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
O42 - Logiciel: Magic ISO Maker v5.4 (build 0251) - (.Pas de propriétaire.) [HKLM] -- Magic ISO Maker v5.4 (build 0251)
O42 - Logiciel: MagicDisc 2.5.79 - (.Pas de propriétaire.) [HKLM] -- MagicDisc 2.5.79
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Games for Windows - LIVE - (.Microsoft Corporation.) [HKLM] -- {A1C962E2-2426-49C6-A38B-9A07E40D607C}
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM] -- {00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007
O42 - Logiciel: Microsoft LifeCam - (.Microsoft.) [HKLM] -- {968D41C3-25BB-4632-A6DF-2E1C8F0143A4}
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Office Basic Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9113040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) - (.Microsoft Corporation.) [HKLM] -- {E09B48B5-E141-427A-AB0C-D3605127224A}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wudf01007
O42 - Logiciel: Microsoft Visual Basic 2005 Express - FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft Visual Basic 2005 Express Edition - FRA
O42 - Logiciel: Microsoft Visual Basic 2005 Express - FRA Service Pack 1 (KB926747) - (.Microsoft Corporation.) [HKLM] -- KB926747.T2_89ToU291_89
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] -- {BA165460-FCF7-4D6C-A7A2-F2321700720F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.8)
O42 - Logiciel: Multimedia Launcher - (.Pas de propriétaire.) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
O42 - Logiciel: NVIDIA nView Desktop Manager - (.NVIDIA Corporation.) [HKLM] -- NVIDIA nView Desktop Manager
O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall
O42 - Logiciel: Neo Steam : The Shattered Continent - (.Studio MARS / Hanbit Soft.) [HKLM] -- Neo Steam
O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {148a66c4-8fa7-47bc-a9d5-07570c4c7cba}
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- {9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- Nokia PC Suite
O42 - Logiciel: Nokia Software Updater - (.Nokia Corporation.) [HKLM] -- {D043E0F8-5EFA-4102-A863-08F39D9DF2F4}
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {BEB79508-7D67-4A2F-9FB3-54C2B68E9532}
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4) - (.Nokia.) [HKLM] -- 8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (10/05/2009 4.2) - (.Nokia.) [HKLM] -- 05B59228C7E1C21DFBE89260F879BD95880548D8
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: PowerProducer - (.Pas de propriétaire.) [HKLM] -- {B7A0CE06-068E-11D6-97FD-0050BACBF861}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
O42 - Logiciel: Razer Tarantula - (.Razer Inc..) [HKLM] -- {655B9514-3963-490B-9EE1-431E80444889}
O42 - Logiciel: Rockstar Games Social Club - (.Rockstar Games.) [HKLM] -- {08B3869E-D282-424C-9AFC-870E04A4BA14}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shin Megami Tensei: Imagine Online - (.Pas de propriétaire.) [HKLM] -- Shin Megami Tensei: Imagine Online
O42 - Logiciel: SoulSeek 157 NS 13e - (.Pas de propriétaire.) [HKLM] -- Soulseek2
O42 - Logiciel: SoundMAX - (.Analog Devices.) [HKLM] -- {F0A37341-D692-11D4-A984-009027EC0A9C}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] -- SystemRequirementsLab
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Utilitaire d'enregistrement du connecteur Wi-Fi USB Nintendo - (.Pas de propriétaire.) [HKLM] -- WiFiConnector
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM] -- {767CC44C-9BBC-438D-BAD3-FD4595DD148B}
O42 - Logiciel: VideoLAN VLC media player 0.8.5 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Videora iPod Converter 6 - (.Red Kawa.) [HKLM] -- Videora iPod Converter
O42 - Logiciel: Virtual DJ - Atomix Productions - (.Pas de propriétaire.) [HKLM] -- Virtual DJ - Atomix Productions
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: Vuze Launcher - (.http://www.vuze.com/ [HKCU] -- Vuze Launcher
O42 - Logiciel: Windows Defender - (.Microsoft Corporation.) [HKLM] -- {A06275F4-324B-4E85-95E6-87B2CD729401}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840}
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XviD MPEG-4 Video Codec - (.Pas de propriétaire.) [HKLM] -- XviD_is1
O42 - Logiciel: Yahoo! Barre d'outils - (.Pas de propriétaire.) [HKLM] -- Yahoo! Companion
O42 - Logiciel: YouTube Downloader 2.6.1 - (.BienneSoft.) [HKLM] -- {1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
O42 - Logiciel: YouTube Downloader Toolbar v1.0 - (.Spigot, Inc..) [HKLM] -- {004098A1-0362-4C42-A1C3-CAD436CFF4A1}
O42 - Logiciel: getPlus(R) for Adobe - (.NOS Microsystems Ltd..) [HKLM] -- {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {7AB3A249-FB81-416B-917A-A2A10E74C503}
O42 - Logiciel: ijji - (.Pas de propriétaire.) [HKCU] -- ijji.com
O42 - Logiciel: ijji - Gunz - (.Pas de propriétaire.) [HKLM] -- Gunz
O42 - Logiciel: ijji REACTOR - (.ijji.) [HKLM] -- {901DC58A-5C1B-4315-BA40-5AD3D3A463B9}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO]
[HKCU\Software\ASProtect]
[HKCU\Software\AVG]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Alcohol Soft]
[HKCU\Software\America Online]
[HKCU\Software\Analog Devices]
[HKCU\Software\AppConf]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\YouTube Downloader]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Avery]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\Binary Noise]
[HKCU\Software\BitTorrent]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CDDB]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\CyberStep]
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\DVD Shrink]
[HKCU\Software\DefaultID]
[HKCU\Software\Digital River]
[HKCU\Software\DirectShow]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Dragonfly]
[HKCU\Software\DualEngi]
[HKCU\Software\Ectaco]
[HKCU\Software\Elcom]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HanGame.Com]
[HKCU\Software\HanPurple]
[HKCU\Software\Headlight]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\Hyperpia]
[HKCU\Software\IM Providers]
[HKCU\Software\INCAInternet]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\InterTrust]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jetico]
[HKCU\Software\Joymax]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Kazaa]
[HKCU\Software\Lake]
[HKCU\Software\Last.fm]
[HKCU\Software\Lavasoft]
[HKCU\Software\LdShih]
[HKCU\Software\LeaderTech]
[HKCU\Software\Licenses]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\MAIET entertainment]
[HKCU\Software\Macromedia]
[HKCU\Software\MagicDisc]
[HKCU\Software\MagicISO]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Matroska Pack]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NDOORS]
[HKCU\Software\NOS]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nintendo]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\Opendisc]
[HKCU\Software\PQDVD]
[HKCU\Software\PepiMK Software]
[HKCU\Software\Pinnacle Systems]
[HKCU\Software\Piriform]
[HKCU\Software\PocketDVD]
[HKCU\Software\Policies]
[HKCU\Software\PrivacyEraser Computing, Inc.]
[HKCU\Software\Revolution Engine 3.2]
[HKCU\Software\Ripp-it]
[HKCU\Software\Ruan Engine]
[HKCU\Software\Safer Networking Limited]
[HKCU\Softwar
0
Réponse 9 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
0
Réponse 10 / 16
vinciboy
 
Bonsoir, désolé j'ai oublié d'inclure le rapport ZHPDiag dans mon dernier message, le voici:

http://www.cijoint.fr/cjlink.php?file=cj201009/cijQSI3jJQ.txt
0
Réponse 11 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

1)

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :

C:\Documents And Settings\Admin\Menu Démarrer\Programmes\Démarrage\SystemMON.exe



Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK


tuto pour t'aider

http://www.bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

.....................

2)

* Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

* Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur
* L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
* A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
0
Réponse 12 / 16
CJLDOMI Messages postés 357 Date d'inscription   Statut Membre Dernière intervention   70
 
Bj avec malwarebyte, ajoute antivirus Avira et le nettoyeur Ccleaner, avec tout ça je n'ai aucun problèmes.
Bonne chance.
0
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
faut lire le sujet à partir du début...c'est mieux
0
Réponse 13 / 16
vinciboy
 
Voici le rapport de tdsskiller :

2010/09/18 15:18:32.0984 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/18 15:18:32.0984 ================================================================================
2010/09/18 15:18:32.0984 SystemInfo:
2010/09/18 15:18:32.0984
2010/09/18 15:18:32.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/18 15:18:32.0984 Product type: Workstation
2010/09/18 15:18:32.0984 ComputerName: SENSEI
2010/09/18 15:18:32.0984 UserName: Admin
2010/09/18 15:18:32.0984 Windows directory: C:\WINDOWS
2010/09/18 15:18:32.0984 System windows directory: C:\WINDOWS
2010/09/18 15:18:32.0984 Processor architecture: Intel x86
2010/09/18 15:18:32.0984 Number of processors: 2
2010/09/18 15:18:32.0984 Page size: 0x1000
2010/09/18 15:18:32.0984 Boot type: Normal boot
2010/09/18 15:18:32.0984 ================================================================================
2010/09/18 15:18:33.0171 Initialize success
2010/09/18 15:18:51.0609 ================================================================================
2010/09/18 15:18:51.0609 Scan started
2010/09/18 15:18:51.0609 Mode: Manual;
2010/09/18 15:18:51.0609 ================================================================================
2010/09/18 15:18:52.0218 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/18 15:18:52.0265 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/18 15:18:52.0328 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/18 15:18:52.0390 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/18 15:18:52.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/18 15:18:52.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/18 15:18:52.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/18 15:18:52.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/18 15:18:52.0984 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/18 15:18:53.0031 AtcL001 (e0c144c291304952f035b69c60f0d4a6) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2010/09/18 15:18:53.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/18 15:18:53.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/18 15:18:53.0265 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/18 15:18:53.0296 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/18 15:18:53.0390 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/18 15:18:53.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/18 15:18:53.0562 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/18 15:18:53.0609 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/18 15:18:53.0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/18 15:18:53.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/18 15:18:53.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/18 15:18:53.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/18 15:18:54.0031 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/18 15:18:54.0062 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/18 15:18:54.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/18 15:18:54.0109 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/18 15:18:54.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/18 15:18:54.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/18 15:18:54.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/18 15:18:54.0343 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/18 15:18:54.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/18 15:18:54.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/18 15:18:54.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/18 15:18:54.0500 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/18 15:18:54.0546 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/18 15:18:54.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/18 15:18:54.0656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/18 15:18:54.0734 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/18 15:18:54.0781 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/18 15:18:54.0828 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/18 15:18:54.0859 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/18 15:18:54.0921 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/18 15:18:55.0109 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/18 15:18:55.0187 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/18 15:18:55.0281 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/18 15:18:55.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/18 15:18:55.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/18 15:18:55.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/18 15:18:55.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/18 15:18:55.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/18 15:18:55.0562 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/18 15:18:55.0625 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/18 15:18:55.0671 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2010/09/18 15:18:55.0718 JRAID (dafcafacde7de95e136ff5109422531d) C:\WINDOWS\system32\DRIVERS\jraid.sys
2010/09/18 15:18:55.0765 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/18 15:18:55.0796 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/18 15:18:55.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/18 15:18:55.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/18 15:18:56.0015 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2010/09/18 15:18:56.0046 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/09/18 15:18:56.0125 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/09/18 15:18:56.0171 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/18 15:18:56.0218 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/18 15:18:56.0265 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/18 15:18:56.0328 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/18 15:18:56.0359 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/18 15:18:56.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/18 15:18:56.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/18 15:18:56.0531 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/18 15:18:56.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/18 15:18:56.0625 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/18 15:18:56.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/18 15:18:56.0750 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/18 15:18:56.0781 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/09/18 15:18:56.0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/18 15:18:56.0859 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/18 15:18:56.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/18 15:18:56.0953 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/18 15:18:56.0984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/18 15:18:57.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/18 15:18:57.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/18 15:18:57.0171 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/18 15:18:57.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/18 15:18:57.0296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/18 15:18:57.0328 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/09/18 15:18:57.0390 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/09/18 15:18:57.0453 nmwcdnsu (496f34fb30dd541350b29558842cd42a) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/09/18 15:18:57.0500 nmwcdnsuc (99fbb538789888e6a48b902417f68dd4) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010/09/18 15:18:57.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/18 15:18:57.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/18 15:18:57.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/18 15:18:57.0953 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/18 15:18:58.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/18 15:18:58.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/18 15:18:58.0171 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/18 15:18:58.0234 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/18 15:18:58.0281 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/18 15:18:58.0359 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/18 15:18:58.0406 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/09/18 15:18:58.0421 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/18 15:18:58.0453 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/18 15:18:58.0531 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/18 15:18:58.0734 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/09/18 15:18:58.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/18 15:18:58.0812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/18 15:18:58.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/18 15:18:58.0921 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/18 15:18:59.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/18 15:18:59.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/18 15:18:59.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/18 15:18:59.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/18 15:18:59.0218 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/18 15:18:59.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/18 15:18:59.0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/18 15:18:59.0375 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/18 15:18:59.0468 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
2010/09/18 15:18:59.0546 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/18 15:18:59.0609 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2010/09/18 15:18:59.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/18 15:18:59.0718 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/18 15:18:59.0765 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/18 15:18:59.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/18 15:18:59.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/18 15:18:59.0968 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/18 15:19:00.0015 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/18 15:19:00.0062 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/18 15:19:00.0125 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/18 15:19:00.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/18 15:19:00.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/18 15:19:00.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/18 15:19:00.0421 TarFltr (d57c864576a620d832f4d8ee9b9c3ce0) C:\WINDOWS\system32\Drivers\UsbFltr.sys
2010/09/18 15:19:00.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/18 15:19:00.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/18 15:19:00.0578 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/18 15:19:00.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/18 15:19:00.0765 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/18 15:19:00.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/18 15:19:00.0890 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/09/18 15:19:00.0937 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/18 15:19:00.0953 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/18 15:19:01.0000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/18 15:19:01.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/18 15:19:01.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/18 15:19:01.0093 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/18 15:19:01.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/18 15:19:01.0187 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/09/18 15:19:01.0265 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/09/18 15:19:01.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/18 15:19:01.0343 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/18 15:19:01.0375 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/09/18 15:19:01.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/18 15:19:01.0468 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/18 15:19:01.0578 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
2010/09/18 15:19:01.0703 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/18 15:19:01.0765 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/18 15:19:01.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/18 15:19:02.0000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/09/18 15:19:02.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/18 15:19:02.0109 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/18 15:19:02.0171 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/18 15:19:02.0421 ================================================================================
2010/09/18 15:19:02.0421 Scan finished
2010/09/18 15:19:02.0421 ================================================================================

Et celui de virustotal

Antivirus Version Last Update Result
AhnLab-V3 2010.09.19.00 2010.09.18 -
AntiVir 8.2.4.58 2010.09.18 -
Antiy-AVL 2.0.3.7 2010.09.18 -
Authentium 5.2.0.5 2010.09.18 -
Avast 4.8.1351.0 2010.09.18 -
Avast5 5.0.594.0 2010.09.18 -
AVG 9.0.0.851 2010.09.18 -
BitDefender 7.2 2010.09.18 -
CAT-QuickHeal 11.00 2010.09.18 -
ClamAV 0.96.2.0-git 2010.09.18 -
Comodo 6119 2010.09.18 -
DrWeb 5.0.2.03300 2010.09.18 -
Emsisoft 5.0.0.37 2010.09.18 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7862 2010.09.17 -
F-Prot 4.6.1.107 2010.09.18 -
F-Secure 9.0.15370.0 2010.09.18 Worm:W32/Autorun.KN
Fortinet 4.1.143.0 2010.09.18 -
GData 21 2010.09.18 -
Ikarus T3.1.1.88.0 2010.09.18 -
Jiangmin 13.0.900 2010.09.18 -
K7AntiVirus 9.63.2552 2010.09.18 -
Kaspersky 7.0.0.125 2010.09.18 -
McAfee 5.400.0.1158 2010.09.18 -
McAfee-GW-Edition 2010.1C 2010.09.18 Heuristic.BehavesLike.Win32.Dropper.D
Microsoft 1.6201 2010.09.18 -
NOD32 5460 2010.09.18 -
Norman 6.06.06 2010.09.18 -
nProtect 2010-09-18.01 2010.09.18 -
Panda 10.0.2.7 2010.09.18 -
PCTools 7.0.3.5 2010.09.18 -
Prevx 3.0 2010.09.18 Medium Risk Malware
Rising 22.65.05.00 2010.09.18 -
Sophos 4.57.0 2010.09.18 -
Sunbelt 6894 2010.09.18 -
SUPERAntiSpyware 4.40.0.1006 2010.09.18 -
Symantec 20101.1.1.7 2010.09.18 WS.Reputation.1
TheHacker 6.7.0.0.023 2010.09.18 Trojan/Autorun.f
TrendMicro 9.120.0.1004 2010.09.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.18 -
VBA32 3.12.14.0 2010.09.17 -
ViRobot 2010.9.18.4048 2010.09.18 -
VirusBuster 12.65.13.0 2010.09.18 -
Additional informationShow all
MD5 : ab49f12c7eeefcee912fe3236c7703a4
SHA1 : 45056343f4426c13acbb6e3da6ec929d8ea42a70
SHA256: cbef6c4f02285543cee2f5078456358c8e8a4e277f33d398d72b589dca0653f6
0
Réponse 14 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
tu le connais celui là SystemMON.exe ?
0
Réponse 15 / 16
vinciboy
 
Non, j'ai aucune idée. J'ai fais un google dessu, mais il n'y a pas d'info concrète.
0
Réponse 16 / 16
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O4 - Global Startup: SystemMON.exe . (.Pas de propriétaire - Pas de description.) -- C:\Documents And Settings\Admin\Menu Démarrer\Programmes\Démarrage\SystemMON.exe
O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall
[HKCU\Software\LdShih]
O43 - CFD:Common File Directory ----D- C:\Program Files\Freeze.com
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe


Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

Copie/Colle le rapport à l'écran dans ton prochain message

le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
0

Discussions similaires

savoir l'adresse ip du correspondant
ala87 -
ShadowRevenge -

2 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses
Comment trouver l'adresse internet des pages d'un site ?
titin88 -
titin88 -

6 réponses