Se connecter / S'enregistrer
Votre question

Aide nettoyage virus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Août 2011 22:51:46

Bonjour,


Au départ il se manifestait par une musique qui se déclenchait toute seulement lorsque je me connectait.
Maintenant ça deviens plus embattent car je ne peux plus lancer mes logiciels de travail. Aussi lorsque j'ouvre une application J'ai la fenêtre "ouvrir avec" qui s'affiche.
Le virus est survenu en désactivant une option dans les paramètres de configuration pour ne plus avoir a confirmer les droits d'administration (réactivé depuis :) )


merci de votre aide,
Arnaud

Autres pages sur : aide nettoyage virus

24 Août 2011 22:54:24

... le rapport d'hijackthis


Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:55, on 24/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Arnaud\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Users\Arnaud\AppData\Roaming\WMPRWISE.EXE
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [8DDYX0ZBPZ] C:\Windows\TEMP\Kw1.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [KYQ8ZBOAXR] C:\Windows\TEMP\Kw0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [390311819] C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'Default user')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\upxvqy\setup.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8346 bytes

25 Août 2011 07:57:30

Bonjour,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici ou
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès via ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi qu' info.txt qui est dans la Barre des Tâches

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+
Contenus similaires
26 Août 2011 20:52:40

merci :) 

Logfile of random's system information tool 1.09 (written by random/random)
Run by Arnaud at 2011-08-26 20:37:43
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 100 GB (34%) free of 295 GB
Total RAM: 3070 MB (62% free)


======Scheduled tasks folder======

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\dngwjv7f.default

prefs.js - "browser.startup.homepage" - "http://www.google.fr/"
prefs.js - "extensions.enabledItems" - "{ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10, howtovideosidebar@wonderhowto.com:1.0, illimitux@illimitux.net:4.0, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, moveplayer@movenetworks.com:1.0.0.071303000004, vgplugin@visioglobe.com:0.4.1614, foxmarks@kei.com:3.9.7, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4, support@lastpass.com:1.73.0, LDSI_plashcor@gmail.com:0.6.8, firebug@software.joehewitt.com:1.6.2, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMW..."

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Module iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml

C:\Users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\dngwjv7f.default\extensions\
foxmarks@kei.com
illimitux@illimitux.net
moveplayer@movenetworks.com
staged
support@lastpass.com
vgplugin@visioglobe.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{c45c406e-ab73-11d8-be73-000a95be3b12}
{ca0849e8-2c76-42ae-9abe-34e14d337acf}

C:\Users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\dngwjv7f.default\searchplugins\
live-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"OEM13Mon.exe"=C:\Windows\OEM13Mon.exe [2008-01-08 36864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]
"MacDrive 8 application"=C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe [2009-06-15 202328]
"Getting started with MacDrive 8"=C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe [2009-03-31 141312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2008-12-09 495616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Microsoft Firewall 2.9"=C:\Users\Arnaud\AppData\Roaming\WMPRWISE.EXE []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=tsccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.exe - open - "C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2011-08-26 20:37:44 ----D---- C:\Program Files\trend micro
2011-08-26 20:37:43 ----D---- C:\rsit
2011-08-14 00:19:26 ----D---- C:\ProgramData\gL00000JbAaF00000
2011-08-14 00:18:31 ----D---- C:\Windows\Sun
2011-08-10 16:31:01 ----D---- C:\Users\Arnaud\AppData\Roaming\SynthEyes
2011-08-10 16:20:42 ----D---- C:\Program Files\Andersson Technologies LLC
2011-08-09 12:27:53 ----D---- C:\Users\Arnaud\AppData\Roaming\vlc
2011-08-07 17:20:26 ----D---- C:\Program Files\Microsoft Silverlight
2011-08-07 17:18:55 ----A---- C:\Windows\system32\wininet.dll
2011-08-07 17:18:55 ----A---- C:\Windows\system32\msls31.dll
2011-08-07 17:18:55 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\urlmon.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-08-07 17:18:54 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-08-07 17:18:54 ----A---- C:\Windows\system32\msrating.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\mshtmler.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\ieui.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\iesysprep.dll
2011-08-07 17:18:54 ----A---- C:\Windows\system32\iertutil.dll
2011-08-07 17:18:53 ----A---- C:\Windows\system32\ieframe.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\iesetup.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\iernonce.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\ieapfltr.dat
2011-08-07 17:18:52 ----A---- C:\Windows\system32\ie4uinit.exe
2011-08-07 17:18:52 ----A---- C:\Windows\system32\icardie.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\dxtrans.dll
2011-08-07 17:18:52 ----A---- C:\Windows\system32\dxtmsft.dll
2011-08-07 17:18:51 ----A---- C:\Windows\system32\webcheck.dll
2011-08-07 17:18:51 ----A---- C:\Windows\system32\url.dll
2011-08-07 17:18:51 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-07 17:18:51 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-07 17:18:50 ----A---- C:\Windows\system32\wextract.exe
2011-08-07 17:18:50 ----A---- C:\Windows\system32\vbscript.dll
2011-08-07 17:18:50 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-07 17:18:50 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-07 17:18:50 ----A---- C:\Windows\system32\inseng.dll
2011-08-07 17:18:50 ----A---- C:\Windows\system32\iexpress.exe
2011-08-07 17:18:49 ----A---- C:\Windows\system32\mshtml.dll
2011-08-07 17:18:49 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-07 17:18:48 ----A---- C:\Windows\system32\pngfilt.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\occache.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\mshta.exe
2011-08-07 17:18:48 ----A---- C:\Windows\system32\jscript9.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\jscript.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\ieakui.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\ieaksie.dll
2011-08-07 17:18:48 ----A---- C:\Windows\system32\admparse.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-07 17:18:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\imgutil.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\iepeers.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\ieakeng.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-08-07 17:18:47 ----A---- C:\Windows\system32\advpack.dll
2011-08-07 17:14:16 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-08-07 17:14:16 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-08-07 13:44:12 ----D---- C:\Program Files\iPod
2011-08-07 13:44:09 ----D---- C:\Program Files\iTunes
2011-08-07 13:39:00 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-08-07 13:39:00 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-08-07 13:38:59 ----A---- C:\Windows\system32\XpsPrint.dll
2011-08-07 13:38:59 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-08-07 13:38:59 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-08-07 13:38:58 ----A---- C:\Windows\system32\mfmp4src.dll
2011-08-07 13:38:58 ----A---- C:\Windows\system32\dxgi.dll
2011-08-07 13:38:58 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-08-07 13:38:57 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-08-07 13:38:57 ----A---- C:\Windows\system32\mf.dll
2011-08-07 13:38:56 ----A---- C:\Windows\system32\stobject.dll
2011-08-07 13:38:56 ----A---- C:\Windows\system32\shdocvw.dll
2011-08-07 13:38:56 ----A---- C:\Windows\system32\mfplat.dll
2011-08-07 13:38:52 ----A---- C:\Windows\system32\cdd.dll
2011-08-07 13:38:51 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-08-07 13:38:51 ----A---- C:\Windows\system32\mfps.dll
2011-08-07 13:38:38 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-08-07 13:38:15 ----A---- C:\Windows\system32\d3d10warp.dll
2011-08-07 13:38:15 ----A---- C:\Windows\system32\d3d10_1.dll
2011-08-07 13:38:15 ----A---- C:\Windows\system32\d2d1.dll
2011-08-07 13:38:14 ----A---- C:\Windows\system32\FntCache.dll
2011-08-07 13:38:14 ----A---- C:\Windows\system32\DWrite.dll
2011-08-07 13:38:14 ----A---- C:\Windows\system32\d3d10level9.dll
2011-08-07 13:38:14 ----A---- C:\Windows\system32\d3d10.dll
2011-08-07 13:38:13 ----A---- C:\Windows\system32\xpsservices.dll
2011-08-07 13:38:13 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-08-07 13:38:13 ----A---- C:\Windows\system32\OpcServices.dll
2011-08-07 13:38:13 ----A---- C:\Windows\system32\d3d10core.dll
2011-08-07 13:38:13 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-08-07 13:37:09 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-08-07 13:36:59 ----HD---- C:\alexej.Bin
2011-08-07 13:36:59 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-07 13:36:59 ----A---- C:\Windows\system32\ntdll.dll
2011-08-07 13:36:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-07 13:36:33 ----A---- C:\Windows\system32\odbc32.dll
2011-08-07 13:36:03 ----A---- C:\Windows\system32\EncDec.dll
2011-08-07 13:36:01 ----A---- C:\Windows\system32\sbe.dll
2011-08-07 13:36:00 ----A---- C:\Windows\system32\sbeio.dll
2011-08-07 13:35:51 ----A---- C:\Windows\system32\inetcomm.dll
2011-08-07 13:35:36 ----A---- C:\Windows\system32\shell32.dll
2011-08-07 13:35:34 ----A---- C:\Windows\system32\shlwapi.dll
2011-08-07 13:35:15 ----A---- C:\Windows\system32\shsvcs.dll
2011-08-07 13:35:03 ----A---- C:\Windows\system32\win32k.sys
2011-08-07 13:34:54 ----A---- C:\Windows\system32\sdclt.exe
2011-08-07 13:34:47 ----A---- C:\Windows\system32\oleaut32.dll
2011-08-07 13:34:36 ----A---- C:\Windows\system32\mfc42u.dll
2011-08-07 13:34:35 ----A---- C:\Windows\system32\mfc42.dll
2011-08-07 13:34:27 ----A---- C:\Windows\system32\kernel32.dll
2011-08-07 13:34:15 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-08-07 13:34:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-07 13:34:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-08-07 13:33:37 ----A---- C:\Windows\system32\atmfd.dll
2011-08-07 13:33:35 ----A---- C:\Windows\system32\atmlib.dll
2011-08-07 13:33:20 ----A---- C:\Windows\system32\drivers\srv.sys
2011-08-07 13:32:37 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-08-07 13:32:37 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-08-07 13:32:25 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-08-07 13:32:25 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-08-07 13:32:25 ----A---- C:\Windows\system32\dnsapi.dll
2011-08-07 13:32:13 ----A---- C:\Windows\system32\drivers\afd.sys
2011-08-07 13:32:01 ----A---- C:\Windows\system32\winsrv.dll
2011-08-07 13:32:01 ----A---- C:\Windows\system32\csrsrv.dll
2011-08-07 13:31:33 ----A---- C:\Windows\system32\mstscax.dll
2011-08-07 13:31:32 ----A---- C:\Windows\system32\mstsc.exe
2011-08-07 13:13:22 ----A---- C:\Windows\system32\schannel.dll
2011-08-07 13:10:50 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 month======

2011-08-26 20:38:05 ----D---- C:\Windows\Temp
2011-08-26 20:37:44 ----RD---- C:\Program Files
2011-08-26 20:29:10 ----D---- C:\Windows\System32
2011-08-26 20:29:10 ----D---- C:\Windows\inf
2011-08-26 20:29:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-26 20:23:01 ----D---- C:\Users\Arnaud\AppData\Roaming\WTablet
2011-08-18 09:34:44 ----HD---- C:\ProgramData
2011-08-18 09:21:35 ----D---- C:\Windows\system32\spool
2011-08-17 21:11:36 ----D---- C:\Windows\Tasks
2011-08-17 20:23:14 ----D---- C:\Windows\system32\Tasks
2011-08-15 16:35:13 ----D---- C:\Windows\system32\WDI
2011-08-14 21:20:01 ----D---- C:\Windows\Prefetch
2011-08-14 18:44:21 ----A---- C:\Windows\ntbtlog.txt
2011-08-14 18:43:54 ----D---- C:\Windows\system32\catroot2
2011-08-14 18:42:53 ----D---- C:\Windows\Minidump
2011-08-14 18:42:39 ----D---- C:\Windows
2011-08-14 01:27:51 ----D---- C:\Windows\system32\drivers\etc
2011-08-14 00:19:43 ----D---- C:\Program Files\Mozilla Firefox
2011-08-14 00:18:48 ----D---- C:\Users\Arnaud\AppData\Roaming\Adobe
2011-08-13 16:02:03 ----SHD---- C:\System Volume Information
2011-08-12 18:39:31 ----D---- C:\Program Files\JDownloader
2011-08-10 16:21:02 ----SHD---- C:\Windows\Installer
2011-08-10 16:21:01 ----HD---- C:\Config.Msi
2011-08-08 03:01:15 ----D---- C:\Windows\rescache
2011-08-08 02:47:32 ----D---- C:\Windows\system32\catroot
2011-08-08 02:27:03 ----D---- C:\Windows\system32\fr-FR
2011-08-08 02:27:02 ----D---- C:\Program Files\Internet Explorer
2011-08-08 02:27:01 ----RD---- C:\Windows\Offline Web Pages
2011-08-08 02:27:00 ----D---- C:\Windows\system32\wbem
2011-08-08 02:27:00 ----D---- C:\Windows\system32\migration
2011-08-08 02:27:00 ----D---- C:\Windows\system32\en-US
2011-08-08 02:27:00 ----D---- C:\Windows\PolicyDefinitions
2011-08-08 02:26:56 ----SD---- C:\Windows\Downloaded Program Files
2011-08-08 02:26:54 ----D---- C:\Windows\AppPatch
2011-08-07 20:10:02 ----D---- C:\Windows\Microsoft.NET
2011-08-07 20:09:59 ----RSD---- C:\Windows\assembly
2011-08-07 17:21:20 ----SD---- C:\ProgramData\Microsoft
2011-08-07 17:19:50 ----D---- C:\Windows\winsxs
2011-08-07 17:19:17 ----D---- C:\Windows\Logs
2011-08-07 17:14:59 ----D---- C:\Program Files\Microsoft Office
2011-08-07 14:41:34 ----D---- C:\Windows\system32\drivers
2011-08-07 14:41:28 ----D---- C:\Program Files\Windows Mail
2011-08-07 14:41:21 ----RSD---- C:\Windows\Fonts
2011-08-07 14:28:09 ----D---- C:\ProgramData\Microsoft Help
2011-08-07 14:04:46 ----D---- C:\Windows\Debug
2011-08-07 13:44:11 ----D---- C:\Program Files\Common Files\Apple
2011-08-07 13:27:06 ----D---- C:\Program Files\Bonjour
2011-08-07 13:22:15 ----D---- C:\Program Files\QuickTime
2011-08-06 12:35:43 ----D---- C:\Users\Arnaud\AppData\Roaming\MAXON
2011-08-06 12:04:04 ----D---- C:\Program Files\MAXON

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MDFSYSNT;MacDrive file system driver; C:\Windows\system32\drivers\MDFSYSNT.sys [2009-09-28 259176]
R0 MDPMGRNT;MacDrive partition driver; C:\Windows\system32\drivers\MDPMGRNT.sys [2009-07-31 27488]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-08-12 721904]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-08-23 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-11 56816]
R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver; C:\Windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 106496]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2011-02-27 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-04-13 25704]
S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS []
S3 ajm3treq;ajm3treq; C:\Windows\system32\drivers\ajm3treq.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-02-27 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-02-27 25512]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101504]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2009-04-11 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMService;AMService; C:\Windows\TEMP\upxvqy\setup.exe [2011-08-14 32256]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-23 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-23 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 DCPFLICS;DCPFLICS service; C:\Program Files\DCPFLICS\dcpflics.exe [2007-10-24 139268]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MacDrive8Service;MacDrive 8 service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2008-02-14 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-18 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
26 Août 2011 20:53:11

info.txt logfile of random's system information tool 1.09 2011-08-26 20:39:15

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}
Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe kuler-->msiexec /qb /x {E4D41458-B6F7-8363-0AA2-F822E489CA8F}
Adobe kuler-->MsiExec.exe /I{E4D41458-B6F7-8363-0AA2-F822E489CA8F}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove
Apple Application Support-->MsiExec.exe /I{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}
Apple Mobile Device Support-->MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Applian FLV Player-->"C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /X{D03482C5-9AD8-496D-B388-692AE04C93AF}
Camtasia Studio 6-->MsiExec.exe /I{A589DA26-51BD-475D-8C32-E19E34145842}
Carte réseau local sans fil Wireless de Dell-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
CINEMA 4D 11.514-->"C:\Program Files\MAXON\CINEMA 4D R11.5\CINEMA 4D.exe" "C:\Program Files\MAXON\CINEMA 4D R11.5\resource\install20100304_090443.log" -uninstall
CINEMA 4D 12.016-->"C:\Program Files\MAXON\CINEMA 4D R12\CINEMA 4D.exe" "C:\Program Files\MAXON\CINEMA 4D R12\resource\install20110806_120352.log" -uninstall
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c /remove
Extensis Suitcase Fusion 3-->MsiExec.exe /X{1CF1020E-8AD3-4CFA-882C-B683C989F9A6}
FileZilla Client 3.3.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FolderHighlight 2.1-->"C:\Program Files\FolderHighlight\unins000.exe"
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iSkysoft DRM Removal(Build 1.0.0.2)-->"C:\Program Files\iSkysoft\DRM Removal\unins000.exe"
iTunes-->MsiExec.exe /I{C73CA646-73B3-4AEF-A136-C37505745174}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Laptop Integrated Webcam Driver (1.01.01.0529) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM013.uns -plugin OEM13Pin.dll -pluginres OEM13Pin.crl -nodisconprompt -langid 0x040C
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x040c -removeonly /remove
Live! Cam Avatar-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x040c -removeonly /remove
MacDrive 8-->MsiExec.exe /X{53CE99DF-C3D1-41AE-ACD7-2964347AC4FF}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007F-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP
Mozilla Firefox 5.0 (x86 fr)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{372B31CF-77FB-4E29-860C-A0EA2985AB7F}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}
RealFlow Plugin for 3D Studio Max-->C:\Windows\RFMaxPluginUninstall.exe
RealFlow-->MsiExec.exe /I{A1BBC33D-F769-426E-9F83-0F63AD07BB58}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Red Giant PlaneSpace-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\RGPlaneSpaceAE.log
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sony Ericsson Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SynthEyes-->MsiExec.exe /I{FCA96B5D-02D1-40B2-ABAF-E8ED39754AD3}
TELL ME MORE Communication-->"C:\Program Files\Auralog\TELL ME MORE Communication\Bin\unsetup.exe" -file "C:\Program Files\Auralog\TELL ME MORE Communication\unsetup.aui"
Toon Boom Storyboard Pro Trial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52E819E9-C69A-4AF6-B2B3-BC01F8B0ECA3}\setup.exe" -l0x9 UNINSTALL -removeonly
Trapcode 3DStroke-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcode3Dstroke.log
Trapcode Form-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\TRAPCODE\trapcodeform.log
Trapcode Horizon-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcodehorizon.log
Trapcode Lux-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcodelux.log
Trapcode Particular v2-->C:\Windows\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\Plug-ins\trapcodeparticularv2.log
Trapcode Particular-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcodeparticular.log
Trapcode Shine-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcodeShine.log
Trapcode Starglow-->C:\Windows\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\TRAPCODE\trapcodeStarglow.log
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Outlook 2007 Junk Email Filter (KB2553975)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {59D8F1FE-7B08-4F0E-840C-D1BF93D22A6C}
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeecastPlayer-->msiexec /qb /x {2168DA1F-F789-1422-FCAF-DA03FA2C910D}
WeecastPlayer-->MsiExec.exe /I{2168DA1F-F789-1422-FCAF-DA03FA2C910D}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinHTTrack Website Copier 3.43-7-->"C:\Program Files\WinHTTrack\unins000.exe"
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}

Hosts File Missing
======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Arnaud
Event Code: 134
Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x1 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
Record Number: 240134
Source Name: Microsoft-Windows-Time-Service
Time Written: 20110306103042.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Arnaud
Event Code: 1001
Message: L’initialisation de l’application a échoué. Dernière erreur : 0x80070032
Record Number: 240053
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20110305215015.769438-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Arnaud
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
OMCI
Record Number: 240027
Source Name: Service Control Manager
Time Written: 20110305214849.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Arnaud
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Record Number: 240026
Source Name: Service Control Manager
Time Written: 20110305214848.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Arnaud
Event Code: 7000
Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 239992
Source Name: Service Control Manager
Time Written: 20110305214831.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Arnaud
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 22212
Source Name: Microsoft-Windows-WMI
Time Written: 20100114212148.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Arnaud
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2446619971-3811241707-1331887920-1000_Classes:
Process 1744 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2446619971-3811241707-1331887920-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 22191
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100114180815.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Arnaud
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\ARNAUD\DOCUMENTS\PROJETS\CARREPROD VOEUX 2010\NOUVEAU DOSSIER> dans la configuration de hachage.

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

Record Number: 22161
Source Name: Microsoft-Windows-Search
Time Written: 20100114101529.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Arnaud
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\ARNAUD\DOCUMENTS\PROJETS\CARREPROD VOEUX 2010\NOUVEAU DOSSIER> dans la configuration de hachage.

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

Record Number: 22160
Source Name: Microsoft-Windows-Search
Time Written: 20100114101529.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Arnaud
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 22148
Source Name: Microsoft-Windows-WMI
Time Written: 20100114094532.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Arnaud
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 66296
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110105092132.594186-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Arnaud
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ARNAUD$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x274
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 66295
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110105092132.594186-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Arnaud
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ARNAUD$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x274
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 66294
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110105092132.594186-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Arnaud
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0
ID de la stratégie : 0x1146f
Record Number: 66293
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110105092132.126183-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Arnaud
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x4
Nom du processus :

Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : -
Package d’authentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 66292
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110105092131.970182-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Toon Boom Animation\Storyboard Pro Trial\nt\bin;%ProgramFiles%\digieffects\bin;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Extensis\Suitcase Fusion 3\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
26 Août 2011 23:53:12

hum ça fais mal, voici:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7582

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26/08/2011 23:49:58
mbam-log-2011-08-26 (23-49-42).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 192643
Temps écoulé: 25 minute(s), 25 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\390311819 (Trojan.Agent) -> Value: 390311819 -> No action taken.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Dossier(s) infecté(s):
c:\alexej.Bin (Trojan.SpyEyes) -> No action taken.

Fichier(s) infecté(s):
c:\Windows\System32\config\systemprofile\AppData\Local\mwg.exe (Trojan.Agent) -> No action taken.
c:\Users\Arnaud\AppData\Local\Temp\0.18246896848871186.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Arnaud\AppData\Local\Temp\0.6093644594723496.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Arnaud\AppData\Local\Temp\9587f589.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Arnaud\AppData\Local\Temp\3805.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\Arnaud\AppData\Local\Temp\6856.tmp (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\Temp\9E61.tmp (Spyware.Passwords.XGen) -> No action taken.
c:\alexej.Bin\491b57f086f.exe (Trojan.SpyEyes) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11216222.txt (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11216409.txt (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11222477.txt (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11233756.txt (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11242898.txt (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc148.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc181.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc233.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc38.exe (Trojan.Agent.Gen) -> No action taken.


27 Août 2011 09:22:12

Bonjour,

le rapport de MBAM indique Aucune action entreprise
Refais la manip' avec, supprime tout ce qu' il trouve et poste le rapport.

A+
27 Août 2011 12:26:00

Bonjour,

Aucune action entreprise signifie qu'aucun fichier infecté n'a été supprimé?
27 Août 2011 12:50:16

Voici la manipulation avec l'action.
merci

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7582

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27/08/2011 12:47:58
mbam-log-2011-08-27 (12-47-58).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 191697
Temps écoulé: 21 minute(s), 24 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\390311819 (Trojan.Agent) -> Value: 390311819 -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\mwg.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\alexej.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Windows\System32\config\systemprofile\AppData\Local\mwg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Local\Temp\0.18246896848871186.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Local\Temp\0.6093644594723496.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Local\Temp\9587f589.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Local\Temp\3805.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Local\Temp\6856.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\9E61.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\alexej.Bin\491b57f086f.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11216222.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11216409.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11222477.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11233756.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc11242898.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc148.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc181.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc233.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnaud\AppData\Roaming\Adobe\plugs\mmc38.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
29 Août 2011 21:26:24

Bonjour,

télécharge TDSSKiller depuis ce lien : Ici

- Extrais de l' archive téléchargée le fichier TDSSKiller.exe et place-le sur le Bureau
- Fais un double-clic dessus pour le lancer

L' écran s' affiche :


- Clique sur Start scan pour lancer l' analyse
- Lorsque l' outil a terminé son travail et que
des nuisibles auront été trouvés,
vérifie que l' option est sélectionnée
puis clique sur les boutons et
- Poste le rapport (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)

A+
Ps : Merci nickW
31 Août 2011 14:56:01

Bonjour,

où en es-tu?

A+
24 Septembre 2011 13:30:52

13:25:49.0330 4980 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
13:25:49.0408 4980 ============================================================
13:25:49.0408 4980 Current date / time: 2011/09/24 13:25:49.0408
13:25:49.0408 4980 SystemInfo:
13:25:49.0408 4980
13:25:49.0408 4980 OS Version: 6.0.6002 ServicePack: 2.0
13:25:49.0408 4980 Product type: Workstation
13:25:49.0408 4980 ComputerName: PC-DE-ARNAUD
13:25:49.0408 4980 UserName: Arnaud
13:25:49.0408 4980 Windows directory: C:\Windows
13:25:49.0408 4980 System windows directory: C:\Windows
13:25:49.0408 4980 Processor architecture: Intel x86
13:25:49.0408 4980 Number of processors: 2
13:25:49.0408 4980 Page size: 0x1000
13:25:49.0408 4980 Boot type: Normal boot
13:25:49.0408 4980 ============================================================
13:25:50.0484 4980 Initialize success
13:25:53.0558 1844 ============================================================
13:25:53.0558 1844 Scan started
13:25:53.0558 1844 Mode: Manual;
13:25:53.0558 1844 ============================================================
13:25:54.0774 1844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:25:54.0790 1844 ACPI - ok
13:25:54.0852 1844 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
13:25:54.0852 1844 adfs - ok
13:25:54.0930 1844 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:25:54.0946 1844 adp94xx - ok
13:25:54.0977 1844 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:25:54.0993 1844 adpahci - ok
13:25:55.0024 1844 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:25:55.0024 1844 adpu160m - ok
13:25:55.0055 1844 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:25:55.0055 1844 adpu320 - ok
13:25:55.0133 1844 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:25:55.0133 1844 AFD - ok
13:25:55.0164 1844 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:25:55.0164 1844 agp440 - ok
13:25:55.0196 1844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:25:55.0196 1844 aic78xx - ok
13:25:55.0227 1844 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:25:55.0227 1844 aliide - ok
13:25:55.0258 1844 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:25:55.0258 1844 amdagp - ok
13:25:55.0289 1844 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:25:55.0289 1844 amdide - ok
13:25:55.0320 1844 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:25:55.0336 1844 AmdK7 - ok
13:25:55.0352 1844 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:25:55.0352 1844 AmdK8 - ok
13:25:55.0430 1844 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:25:55.0430 1844 arc - ok
13:25:55.0476 1844 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:25:55.0476 1844 arcsas - ok
13:25:55.0492 1844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:55.0492 1844 AsyncMac - ok
13:25:55.0539 1844 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:25:55.0539 1844 atapi - ok
13:25:55.0632 1844 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:25:55.0632 1844 avgio - ok
13:25:55.0664 1844 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
13:25:55.0664 1844 avgntflt - ok
13:25:55.0695 1844 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
13:25:55.0695 1844 avipbb - ok
13:25:55.0742 1844 b2f9e186 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2262956466:1292246649.exe
13:25:55.0742 1844 Suspicious file (Hidden): C:\Windows\2262956466:1292246649.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
13:25:55.0742 1844 b2f9e186 ( HiddenFile.Multi.Generic ) - warning
13:25:55.0742 1844 b2f9e186 - detected HiddenFile.Multi.Generic (1)
13:25:55.0773 1844 BCM42RLY - ok
13:25:55.0851 1844 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:25:55.0882 1844 BCM43XX - ok
13:25:55.0929 1844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:25:55.0929 1844 Beep - ok
13:25:56.0100 1844 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:25:56.0100 1844 blbdrive - ok
13:25:56.0163 1844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:25:56.0163 1844 bowser - ok
13:25:56.0210 1844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:25:56.0210 1844 BrFiltLo - ok
13:25:56.0241 1844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:25:56.0241 1844 BrFiltUp - ok
13:25:56.0272 1844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:25:56.0288 1844 Brserid - ok
13:25:56.0303 1844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:25:56.0303 1844 BrSerWdm - ok
13:25:56.0334 1844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:25:56.0334 1844 BrUsbMdm - ok
13:25:56.0350 1844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:25:56.0350 1844 BrUsbSer - ok
13:25:56.0381 1844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:25:56.0381 1844 BTHMODEM - ok
13:25:56.0428 1844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:25:56.0428 1844 cdfs - ok
13:25:56.0475 1844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:25:56.0475 1844 cdrom - ok
13:25:56.0506 1844 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:25:56.0522 1844 circlass - ok
13:25:56.0553 1844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:25:56.0553 1844 CLFS - ok
13:25:56.0600 1844 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:25:56.0600 1844 CmBatt - ok
13:25:56.0631 1844 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:25:56.0631 1844 cmdide - ok
13:25:56.0646 1844 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:25:56.0662 1844 Compbatt - ok
13:25:56.0678 1844 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:25:56.0678 1844 crcdisk - ok
13:25:56.0693 1844 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:25:56.0693 1844 Crusoe - ok
13:25:56.0771 1844 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:25:56.0771 1844 DfsC - ok
13:25:56.0818 1844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:25:56.0834 1844 disk - ok
13:25:56.0896 1844 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:25:56.0896 1844 Dot4 - ok
13:25:56.0927 1844 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:25:56.0927 1844 Dot4Print - ok
13:25:56.0943 1844 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:25:56.0943 1844 dot4usb - ok
13:25:56.0990 1844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:25:56.0990 1844 drmkaud - ok
13:25:57.0052 1844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:57.0083 1844 DXGKrnl - ok
13:25:57.0114 1844 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:25:57.0130 1844 E1G60 - ok
13:25:57.0177 1844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:25:57.0177 1844 Ecache - ok
13:25:57.0239 1844 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:25:57.0239 1844 elxstor - ok
13:25:57.0270 1844 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:25:57.0286 1844 ErrDev - ok
13:25:57.0364 1844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:25:57.0364 1844 exfat - ok
13:25:57.0426 1844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:25:57.0426 1844 fastfat - ok
13:25:57.0458 1844 fbxusb (504e93682655a7b3af1fb5bff3f44322) C:\Windows\system32\DRIVERS\fbxusb32.sys
13:25:57.0473 1844 fbxusb - ok
13:25:57.0520 1844 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:25:57.0520 1844 fdc - ok
13:25:57.0582 1844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:25:57.0582 1844 FileInfo - ok
13:25:57.0598 1844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:25:57.0598 1844 Filetrace - ok
13:25:57.0629 1844 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:25:57.0629 1844 flpydisk - ok
13:25:57.0676 1844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:25:57.0676 1844 FltMgr - ok
13:25:57.0738 1844 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:25:57.0754 1844 Fs_Rec - ok
13:25:57.0770 1844 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:25:57.0770 1844 gagp30kx - ok
13:25:57.0816 1844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:25:57.0816 1844 GEARAspiWDM - ok
13:25:57.0879 1844 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
13:25:57.0879 1844 ggflt - ok
13:25:57.0910 1844 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
13:25:57.0910 1844 ggsemc - ok
13:25:57.0972 1844 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:25:57.0988 1844 HdAudAddService - ok
13:25:58.0050 1844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:25:58.0082 1844 HDAudBus - ok
13:25:58.0113 1844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:25:58.0113 1844 HidBth - ok
13:25:58.0144 1844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:25:58.0144 1844 HidIr - ok
13:25:58.0191 1844 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:25:58.0191 1844 HidUsb - ok
13:25:58.0222 1844 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:25:58.0238 1844 HpCISSs - ok
13:25:58.0284 1844 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:25:58.0331 1844 HTTP - ok
13:25:58.0378 1844 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:25:58.0378 1844 hwdatacard - ok
13:25:58.0409 1844 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:25:58.0425 1844 i2omp - ok
13:25:58.0456 1844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:25:58.0456 1844 i8042prt - ok
13:25:58.0503 1844 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:25:58.0503 1844 iaStorV - ok
13:25:58.0550 1844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:25:58.0565 1844 iirsp - ok
13:25:58.0628 1844 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:25:58.0628 1844 intelide - ok
13:25:58.0659 1844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:25:58.0659 1844 intelppm - ok
13:25:58.0706 1844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:25:58.0706 1844 IpFilterDriver - ok
13:25:58.0721 1844 IpInIp - ok
13:25:58.0752 1844 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:25:58.0752 1844 IPMIDRV - ok
13:25:58.0784 1844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:25:58.0784 1844 IPNAT - ok
13:25:58.0846 1844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:25:58.0846 1844 IRENUM - ok
13:25:58.0877 1844 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:25:58.0877 1844 isapnp - ok
13:25:58.0924 1844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:25:58.0924 1844 iScsiPrt - ok
13:25:58.0971 1844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:25:58.0971 1844 iteatapi - ok
13:25:59.0033 1844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:25:59.0033 1844 iteraid - ok
13:25:59.0064 1844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:25:59.0080 1844 kbdclass - ok
13:25:59.0111 1844 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:25:59.0111 1844 kbdhid - ok
13:25:59.0158 1844 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:25:59.0174 1844 KSecDD - ok
13:25:59.0205 1844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:25:59.0205 1844 lltdio - ok
13:25:59.0252 1844 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:25:59.0252 1844 LSI_FC - ok
13:25:59.0283 1844 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:25:59.0283 1844 LSI_SAS - ok
13:25:59.0314 1844 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:25:59.0314 1844 LSI_SCSI - ok
13:25:59.0345 1844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:25:59.0345 1844 luafv - ok
13:25:59.0408 1844 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
13:25:59.0408 1844 MBAMProtector - ok
13:25:59.0470 1844 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
13:25:59.0470 1844 MBAMSwissArmy - ok
13:25:59.0548 1844 MDFSYSNT (c7182501e051cc77f1bcaa1832a8c6ea) C:\Windows\system32\drivers\MDFSYSNT.sys
13:25:59.0548 1844 MDFSYSNT - ok
13:25:59.0595 1844 MDPMGRNT (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
13:25:59.0595 1844 MDPMGRNT - ok
13:25:59.0657 1844 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:25:59.0657 1844 megasas - ok
13:25:59.0704 1844 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:25:59.0704 1844 MegaSR - ok
13:25:59.0735 1844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:25:59.0751 1844 Modem - ok
13:26:00.0047 1844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:26:00.0047 1844 monitor - ok
13:26:00.0125 1844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:26:00.0125 1844 mouclass - ok
13:26:00.0203 1844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:26:00.0203 1844 mouhid - ok
13:26:00.0266 1844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:26:00.0281 1844 MountMgr - ok
13:26:00.0344 1844 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:26:00.0344 1844 mpio - ok
13:26:00.0390 1844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:26:00.0390 1844 mpsdrv - ok
13:26:00.0468 1844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:26:00.0468 1844 Mraid35x - ok
13:26:00.0531 1844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:26:00.0531 1844 MRxDAV - ok
13:26:00.0593 1844 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:00.0593 1844 mrxsmb - ok
13:26:00.0687 1844 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:00.0687 1844 mrxsmb10 - ok
13:26:00.0718 1844 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:00.0718 1844 mrxsmb20 - ok
13:26:00.0765 1844 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
13:26:00.0765 1844 msahci - ok
13:26:00.0812 1844 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:26:00.0812 1844 msdsm - ok
13:26:00.0858 1844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:26:00.0858 1844 Msfs - ok
13:26:00.0890 1844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:26:00.0890 1844 msisadrv - ok
13:26:00.0968 1844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:26:00.0968 1844 MSKSSRV - ok
13:26:00.0999 1844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:00.0999 1844 MSPCLOCK - ok
13:26:01.0030 1844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:26:01.0030 1844 MSPQM - ok
13:26:01.0155 1844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:26:01.0155 1844 MsRPC - ok
13:26:01.0186 1844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:26:01.0186 1844 mssmbios - ok
13:26:01.0233 1844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:26:01.0233 1844 MSTEE - ok
13:26:01.0248 1844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:26:01.0248 1844 Mup - ok
13:26:01.0311 1844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:26:01.0311 1844 NativeWifiP - ok
13:26:01.0373 1844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:26:01.0389 1844 NDIS - ok
13:26:01.0436 1844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:01.0436 1844 NdisTapi - ok
13:26:01.0467 1844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:01.0467 1844 Ndisuio - ok
13:26:01.0514 1844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:01.0514 1844 NdisWan - ok
13:26:01.0545 1844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:26:01.0545 1844 NDProxy - ok
13:26:01.0607 1844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:26:01.0607 1844 NetBIOS - ok
13:26:01.0654 1844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:26:01.0670 1844 netbt - ok
13:26:01.0701 1844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:26:01.0716 1844 nfrd960 - ok
13:26:01.0732 1844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:26:01.0748 1844 Npfs - ok
13:26:01.0779 1844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:26:01.0779 1844 nsiproxy - ok
13:26:01.0841 1844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:26:01.0904 1844 Ntfs - ok
13:26:01.0919 1844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:26:01.0919 1844 ntrigdigi - ok
13:26:01.0935 1844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:26:01.0950 1844 Null - ok
13:26:02.0247 1844 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:26:02.0496 1844 nvlddmkm - ok
13:26:02.0528 1844 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:26:02.0543 1844 nvraid - ok
13:26:02.0574 1844 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:26:02.0590 1844 nvstor - ok
13:26:02.0637 1844 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:26:02.0637 1844 nv_agp - ok
13:26:02.0652 1844 NwlnkFlt - ok
13:26:02.0668 1844 NwlnkFwd - ok
13:26:02.0730 1844 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
13:26:02.0730 1844 O2MDRDR - ok
13:26:02.0793 1844 O2SDRDR (602266e7d014d66ed1fc3f062cbcbcb6) C:\Windows\system32\DRIVERS\o2sd.sys
13:26:02.0793 1844 O2SDRDR - ok
13:26:02.0855 1844 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
13:26:02.0855 1844 OEM13Vfx - ok
13:26:02.0902 1844 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\Windows\system32\DRIVERS\OEM13Vid.sys
13:26:02.0918 1844 OEM13Vid - ok
13:26:02.0964 1844 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:26:02.0964 1844 ohci1394 - ok
13:26:02.0996 1844 OMCI - ok
13:26:03.0105 1844 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
13:26:03.0105 1844 PalmUSBD - ok
13:26:03.0183 1844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:26:03.0183 1844 Parport - ok
13:26:03.0214 1844 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:26:03.0230 1844 partmgr - ok
13:26:03.0245 1844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:26:03.0245 1844 Parvdm - ok
13:26:03.0276 1844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:26:03.0292 1844 pci - ok
13:26:03.0308 1844 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:26:03.0308 1844 pciide - ok
13:26:03.0339 1844 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:26:03.0339 1844 pcmcia - ok
13:26:03.0386 1844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:26:03.0432 1844 PEAUTH - ok
13:26:03.0510 1844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:26:03.0510 1844 PptpMiniport - ok
13:26:03.0542 1844 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:26:03.0542 1844 Processor - ok
13:26:03.0588 1844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:26:03.0588 1844 PSched - ok
13:26:03.0620 1844 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:26:03.0620 1844 PxHelp20 - ok
13:26:03.0682 1844 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:26:03.0729 1844 ql2300 - ok
13:26:03.0744 1844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:26:03.0760 1844 ql40xx - ok
13:26:03.0776 1844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:26:03.0776 1844 QWAVEdrv - ok
13:26:03.0807 1844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:26:03.0807 1844 RasAcd - ok
13:26:03.0838 1844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:03.0838 1844 Rasl2tp - ok
13:26:03.0869 1844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:03.0869 1844 RasPppoe - ok
13:26:03.0900 1844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:26:03.0900 1844 RasSstp - ok
13:26:03.0932 1844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:26:03.0947 1844 rdbss - ok
13:26:03.0963 1844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:03.0963 1844 RDPCDD - ok
13:26:03.0994 1844 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:26:03.0994 1844 rdpdr - ok
13:26:04.0010 1844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:26:04.0010 1844 RDPENCDD - ok
13:26:04.0056 1844 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:26:04.0072 1844 RDPWD - ok
13:26:04.0134 1844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:26:04.0134 1844 rspndr - ok
13:26:04.0181 1844 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:26:04.0181 1844 RTL8169 - ok
13:26:04.0228 1844 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
13:26:04.0228 1844 sbp2port - ok
13:26:04.0290 1844 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:26:04.0290 1844 sdbus - ok
13:26:04.0353 1844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:26:04.0353 1844 secdrv - ok
13:26:04.0415 1844 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
13:26:04.0415 1844 seehcri - ok
13:26:04.0446 1844 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:26:04.0446 1844 Serenum - ok
13:26:04.0478 1844 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:26:04.0478 1844 Serial - ok
13:26:04.0509 1844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:26:04.0509 1844 sermouse - ok
13:26:04.0540 1844 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:26:04.0540 1844 sffdisk - ok
13:26:04.0571 1844 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:26:04.0571 1844 sffp_mmc - ok
13:26:04.0602 1844 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:26:04.0602 1844 sffp_sd - ok
13:26:04.0649 1844 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:04.0649 1844 sfloppy - ok
13:26:04.0712 1844 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:26:04.0712 1844 sisagp - ok
13:26:04.0743 1844 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:26:04.0743 1844 SiSRaid2 - ok
13:26:04.0758 1844 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:26:04.0774 1844 SiSRaid4 - ok
13:26:04.0821 1844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:26:04.0821 1844 Smb - ok
13:26:04.0868 1844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:26:04.0868 1844 spldr - ok
13:26:04.0946 1844 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
13:26:04.0946 1844 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
13:26:04.0946 1844 sptd ( LockedFile.Multi.Generic ) - warning
13:26:04.0946 1844 sptd - detected LockedFile.Multi.Generic (1)
13:26:04.0992 1844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:26:04.0992 1844 srv - ok
13:26:05.0039 1844 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:26:05.0039 1844 srv2 - ok
13:26:05.0086 1844 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:26:05.0086 1844 srvnet - ok
13:26:05.0133 1844 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:26:05.0133 1844 ssmdrv - ok
13:26:05.0211 1844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:26:05.0211 1844 swenum - ok
13:26:05.0258 1844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:26:05.0258 1844 Symc8xx - ok
13:26:05.0273 1844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:26:05.0273 1844 Sym_hi - ok
13:26:05.0304 1844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:26:05.0304 1844 Sym_u3 - ok
13:26:05.0336 1844 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
13:26:05.0351 1844 SynTP - ok
13:26:05.0601 1844 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
13:26:05.0648 1844 Tcpip - ok
13:26:05.0694 1844 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
13:26:05.0694 1844 Tcpip6 - ok
13:26:05.0866 1844 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:26:05.0866 1844 tcpipreg - ok
13:26:05.0913 1844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:26:05.0913 1844 TDPIPE - ok
13:26:05.0944 1844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:26:05.0944 1844 TDTCP - ok
13:26:05.0975 1844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:26:05.0991 1844 TermDD - ok
13:26:06.0038 1844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:06.0053 1844 tssecsrv - ok
13:26:06.0069 1844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:26:06.0069 1844 tunmp - ok
13:26:06.0100 1844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:26:06.0100 1844 tunnel - ok
13:26:06.0131 1844 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:26:06.0131 1844 uagp35 - ok
13:26:06.0350 1844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:26:06.0412 1844 udfs - ok
13:26:06.0443 1844 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:26:06.0459 1844 uliagpkx - ok
13:26:06.0490 1844 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:26:06.0490 1844 uliahci - ok
13:26:06.0521 1844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:26:06.0521 1844 UlSata - ok
13:26:06.0552 1844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:26:06.0568 1844 ulsata2 - ok
13:26:06.0599 1844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:26:06.0599 1844 umbus - ok
13:26:06.0630 1844 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
13:26:06.0630 1844 UMPass - ok
13:26:06.0677 1844 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:26:06.0677 1844 USBAAPL - ok
13:26:06.0724 1844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:06.0724 1844 usbccgp - ok
13:26:06.0771 1844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:26:06.0771 1844 usbcir - ok
13:26:06.0802 1844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:26:06.0802 1844 usbehci - ok
13:26:06.0833 1844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:26:06.0849 1844 usbhub - ok
13:26:06.0864 1844 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:26:06.0880 1844 usbohci - ok
13:26:06.0896 1844 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:26:06.0911 1844 usbprint - ok
13:26:06.0942 1844 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:26:06.0958 1844 usbscan - ok
13:26:06.0974 1844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:06.0974 1844 USBSTOR - ok
13:26:07.0176 1844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:26:07.0176 1844 usbuhci - ok
13:26:07.0239 1844 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:26:07.0239 1844 usbvideo - ok
13:26:07.0286 1844 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
13:26:07.0286 1844 USB_RNDIS - ok
13:26:07.0317 1844 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:07.0317 1844 vga - ok
13:26:07.0348 1844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:26:07.0348 1844 VgaSave - ok
13:26:07.0364 1844 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:26:07.0364 1844 viaagp - ok
13:26:07.0395 1844 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:26:07.0395 1844 ViaC7 - ok
13:26:07.0426 1844 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:26:07.0426 1844 viaide - ok
13:26:07.0457 1844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:26:07.0457 1844 volmgr - ok
13:26:07.0504 1844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:26:07.0504 1844 volmgrx - ok
13:26:07.0551 1844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:26:07.0551 1844 volsnap - ok
13:26:07.0598 1844 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:26:07.0598 1844 vsmraid - ok
13:26:07.0676 1844 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
13:26:07.0676 1844 wacommousefilter - ok
13:26:07.0707 1844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:26:07.0707 1844 WacomPen - ok
13:26:07.0738 1844 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
13:26:07.0738 1844 wacomvhid - ok
13:26:07.0754 1844 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
13:26:07.0769 1844 WacomVKHid - ok
13:26:07.0785 1844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:07.0785 1844 Wanarp - ok
13:26:07.0816 1844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:07.0816 1844 Wanarpv6 - ok
13:26:07.0847 1844 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:26:07.0847 1844 Wd - ok
13:26:07.0910 1844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:26:07.0925 1844 Wdf01000 - ok
13:26:08.0019 1844 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:26:08.0019 1844 WmiAcpi - ok
13:26:08.0097 1844 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:26:08.0097 1844 WpdUsb - ok
13:26:08.0112 1844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:26:08.0112 1844 ws2ifsl - ok
13:26:08.0206 1844 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
13:26:08.0206 1844 WsAudio_DeviceS(1) - ok
13:26:08.0222 1844 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
13:26:08.0222 1844 WsAudio_DeviceS(2) - ok
13:26:08.0237 1844 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
13:26:08.0237 1844 WsAudio_DeviceS(3) - ok
13:26:08.0268 1844 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
13:26:08.0268 1844 WsAudio_DeviceS(4) - ok
13:26:08.0315 1844 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
13:26:08.0315 1844 WsAudio_DeviceS(5) - ok
13:26:08.0393 1844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:08.0393 1844 WUDFRd - ok
13:26:08.0440 1844 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
13:26:08.0440 1844 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
13:26:08.0440 1844 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
13:26:08.0456 1844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:26:09.0828 1844 \Device\Harddisk1\DR1 - ok
13:26:09.0844 1844 Boot (0x1200) (ad676138d857ddb99c23033e87298254) \Device\Harddisk0\DR0\Partition0
13:26:09.0844 1844 \Device\Harddisk0\DR0\Partition0 - ok
13:26:09.0844 1844 ============================================================
13:26:09.0844 1844 Scan finished
13:26:09.0844 1844 ============================================================
13:26:09.0875 1848 Detected object count: 3
13:26:09.0875 1848 Actual detected object count: 3
13:27:37.0422 1848 b2f9e186 ( HiddenFile.Multi.Generic ) - skipped by user
13:27:37.0422 1848 b2f9e186 ( HiddenFile.Multi.Generic ) - User select action: Skip
13:27:37.0422 1848 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:27:37.0422 1848 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:37.0438 1848 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
13:27:37.0438 1848 \Device\Harddisk0\DR0 - ok
13:27:37.0438 1848 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
24 Septembre 2011 16:05:11

Bonjour,

refais correctement la manip' de TDSSKiller!

A+
24 Septembre 2011 16:56:50

comme ceci? (j'ai rebouté avant de sortir le rapport)

16:52:42.0204 2400 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
16:52:42.0282 2400 ============================================================
16:52:42.0282 2400 Current date / time: 2011/09/24 16:52:42.0282
16:52:42.0282 2400 SystemInfo:
16:52:42.0282 2400
16:52:42.0282 2400 OS Version: 6.0.6002 ServicePack: 2.0
16:52:42.0282 2400 Product type: Workstation
16:52:42.0282 2400 ComputerName: PC-DE-ARNAUD
16:52:42.0282 2400 UserName: Arnaud
16:52:42.0282 2400 Windows directory: C:\Windows
16:52:42.0282 2400 System windows directory: C:\Windows
16:52:42.0282 2400 Processor architecture: Intel x86
16:52:42.0282 2400 Number of processors: 2
16:52:42.0282 2400 Page size: 0x1000
16:52:42.0282 2400 Boot type: Normal boot
16:52:42.0282 2400 ============================================================
16:52:43.0530 2400 Initialize success
16:52:51.0315 1328 ============================================================
16:52:51.0315 1328 Scan started
16:52:51.0315 1328 Mode: Manual;
16:52:51.0315 1328 ============================================================
16:52:51.0330 1328 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:51.0439 1328 \Device\Harddisk0\DR0 - ok
16:52:51.0439 1328 Boot (0x1200) (ad676138d857ddb99c23033e87298254) \Device\Harddisk0\DR0\Partition0
16:52:51.0439 1328 \Device\Harddisk0\DR0\Partition0 - ok
16:52:51.0455 1328 ============================================================
16:52:51.0455 1328 Scan finished
16:52:51.0455 1328 ============================================================
16:52:51.0471 0732 Detected object count: 0
16:52:51.0471 0732 Actual detected object count: 0
16:52:54.0403 2012 ============================================================
16:52:54.0403 2012 Scan started
16:52:54.0403 2012 Mode: Manual;
16:52:54.0403 2012 ============================================================
16:52:54.0497 2012 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:54.0528 2012 \Device\Harddisk0\DR0 - ok
16:52:54.0528 2012 Boot (0x1200) (ad676138d857ddb99c23033e87298254) \Device\Harddisk0\DR0\Partition0
16:52:54.0544 2012 \Device\Harddisk0\DR0\Partition0 - ok
16:52:54.0544 2012 ============================================================
16:52:54.0544 2012 Scan finished
16:52:54.0544 2012 ============================================================
16:52:54.0559 3604 Detected object count: 0
16:52:54.0559 3604 Actual detected object count: 0
16:52:55.0464 2820 ============================================================
16:52:55.0464 2820 Scan started
16:52:55.0464 2820 Mode: Manual;
16:52:55.0464 2820 ============================================================
16:52:55.0495 2820 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:55.0527 2820 \Device\Harddisk0\DR0 - ok
16:52:55.0542 2820 Boot (0x1200) (ad676138d857ddb99c23033e87298254) \Device\Harddisk0\DR0\Partition0
16:52:55.0542 2820 \Device\Harddisk0\DR0\Partition0 - ok
16:52:55.0542 2820 ============================================================
16:52:55.0542 2820 Scan finished
16:52:55.0542 2820 ============================================================
16:52:55.0558 2836 Detected object count: 0
16:52:55.0558 2836 Actual detected object count: 0
16:52:56.0041 0796 ============================================================
16:52:56.0041 0796 Scan started
16:52:56.0041 0796 Mode: Manual;
16:52:56.0041 0796 ============================================================
16:52:56.0057 0796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:56.0166 0796 \Device\Harddisk0\DR0 - ok
16:52:56.0182 0796 Boot (0x1200) (ad676138d857ddb99c23033e87298254) \Device\Harddisk0\DR0\Partition0
16:52:56.0182 0796 \Device\Harddisk0\DR0\Partition0 - ok
16:52:56.0182 0796 ============================================================
16:52:56.0182 0796 Scan finished
16:52:56.0182 0796 ============================================================
16:52:56.0197 3316 Detected object count: 0
16:52:56.0197 3316 Actual detected object count: 0
25 Septembre 2011 12:27:27

Bonjour,

fais la manip' de ComboFix (merci sUBs) et poste le rapport : Ici

A+
26 Septembre 2011 10:47:48

voici,
merci :) 

ComboFix 11-09-24.04 - Arnaud 26/09/2011 10:18:30.1.2 - x86
MicrosoftÆ Windows Vistaô …dition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1882 [GMT 2:00]
LancÈ depuis: c:\users\Arnaud\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\jK04903CjFbB04903
c:\programdata\jK04903CjFbB04903\jK04903CjFbB04903
c:\programdata\jK04903CjFbB04903\jK04903CjFbB04903.exe
c:\users\Arnaud\AppData\Roaming\Adobe\plugs
c:\users\Arnaud\AppData\Roaming\Adobe\plugs\mmc38
c:\users\Arnaud\AppData\Roaming\Adobe\shed
c:\users\Arnaud\AppData\Roaming\desktop.ini
c:\windows\$xntuninstall643$
c:\windows\$xntuninstall643$\apUninstall.exe
c:\windows\jestertb.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\AppData\Local\diocfso.dll
.
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2011-08-26 au 2011-09-26 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-26 08:32 . 2011-09-26 08:33 -------- d-----w- c:\users\Arnaud\AppData\Local\temp
2011-09-26 08:32 . 2011-09-26 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-24 14:36 . 2011-09-24 14:38 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-29 20:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-29 20:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-29 20:45 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-29 20:45 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-29 20:45 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-29 20:45 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-29 20:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-29 20:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-28 00:07 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8294455A-5BC2-4BE0-ABC3-40DA13DAE794}\mpengine.dll
2011-08-27 19:29 . 2011-08-27 19:29 -------- d-----w- c:\users\Arnaud\AppData\Local\Google
2011-08-27 19:29 . 2011-08-27 19:29 -------- d-----w- c:\program files\Conduit
2011-08-27 19:29 . 2011-08-27 19:29 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-27 19:29 . 2011-08-27 19:29 -------- d-----w- c:\users\Arnaud\AppData\Local\Conduit
2011-08-27 19:28 . 2011-08-28 14:55 -------- d-----w- c:\program files\uTorrent
2011-08-27 19:28 . 2011-08-28 23:25 -------- d-----w- c:\users\Arnaud\AppData\Roaming\uTorrent
2011-08-27 19:28 . 2011-08-27 19:28 -------- d-----w- c:\users\Arnaud\AppData\Local\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-07 15:18 . 2011-08-07 15:18 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-07 15:18 . 2011-08-07 15:18 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-07 15:18 . 2011-08-07 15:18 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-07 15:18 . 2011-08-07 15:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-07 15:18 . 2011-08-07 15:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-07 15:18 . 2011-08-07 15:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-07 15:18 . 2011-08-07 15:18 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-07 15:18 . 2011-08-07 15:18 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-07 15:18 . 2011-08-07 15:18 367104 ----a-w- c:\windows\system32\html.iec
2011-08-07 15:18 . 2011-08-07 15:18 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-07 15:18 . 2011-08-07 15:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-07 15:18 . 2011-08-07 15:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-07 15:18 . 2011-08-07 15:18 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-07 15:18 . 2011-08-07 15:18 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-07 15:18 . 2011-08-07 15:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-07 15:18 . 2011-08-07 15:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-07 15:18 . 2011-08-07 15:18 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-07 15:18 . 2011-08-07 15:18 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-07 15:18 . 2011-08-07 15:18 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-07 15:18 . 2011-08-07 15:18 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-07 15:18 . 2011-08-07 15:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-06 17:52 . 2011-08-26 21:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-08-26 21:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-10-21 12:05 . 2009-10-21 12:05 8801704 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2009-10-21 12:02 . 2009-10-21 12:02 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2011-08-27 20:19 . 2011-05-08 09:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar_FR\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2446619971-3811241707-1331887920-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 AMService;AMService;c:\windows\TEMP\upxvqy\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 fbxusb;Carte rÈseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-02-27 13224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-12 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-23 108289]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-02-27 27632]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-04-13 25704]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Examen supplÈmentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien ‡ un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter ‡ un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 109.0.66.20 109.0.66.10
FF - ProfilePath - c:\users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\dngwjv7f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentBar_FR Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKU-Default-Run-{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3} - c:\windows\system32\sshnas21.dll
HKU-Default-RunOnce-KB1687447 - c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs\KB1687447.exe
HKU-Default-RunOnce-jK04903CjFbB04903 - c:\programdata\jK04903CjFbB04903\jK04903CjFbB04903.exe
HKU-Default-RunOnce-KB1689412 - c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs\KB1689412.exe
SafeBoot-60160469.sys
AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 10:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachÈs ...
.
Recherche d'ÈlÈments en dÈmarrage automatique cachÈs ...
.
Recherche de fichiers cachÈs ...
.
Scan terminÈ avec succËs
Fichiers cachÈs: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:D a,00,1b,14,36,5a,cc,01
.
[HKEY_USERS\S-1-5-21-2446619971-3811241707-1331887920-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*é°_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2446619971-3811241707-1331887920-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*é°_\OpenWithList]
@Class="Shell"
.
Heure de fin: 2011-09-26 10:44:46
ComboFix-quarantined-files.txt 2011-09-26 08:44
.
Avant-CF: 84†322†430†976 octets libres
AprËs-CF: 85†891†379†200 octets libres
.
- - End Of File - - B3E06CB1AD478E6361B33AA405E60C7B
27 Septembre 2011 15:46:37

Bonjour,

¤ Télécharge Ad-Remover (merci C_XX) sur ton Bureau : Ici
- Double-clique dessus pour le démarrer (Vista/7, clic-droit>Exécuter en tant qu' Administrateur)
- Lance la recherche et poste le rapport généré

;) 

A+
27 Septembre 2011 16:30:16

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis ‡ jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> LancÈ ‡ 16:21:36 le 27/09/2011, Mode normal

MicrosoftÆ Windows Vistaô …dition Familiale Premium Service Pack 2 (X86)
Arnaud@PC-DE-ARNAUD (Dell Inc. Vostro1710)

============== RECHERCHE ==============


Fichier trouvÈ: C:\Windows\system32\ConduitEngine.tmp
Fichier trouvÈ: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\searchplugins\conduit.xml
Dossier trouvÈ: C:\Users\Arnaud\AppData\Local\Conduit
Dossier trouvÈ: C:\Users\Arnaud\AppData\LocalLow\Conduit
Dossier trouvÈ: C:\Program Files\Conduit
Dossier trouvÈ: C:\Users\Arnaud\AppData\LocalLow\ConduitEngine
Dossier trouvÈ: C:\Program Files\ConduitEngine

-- Fichier ouvert: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\Prefs.js --
Ligne trouvÈe: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&Sea...
-- Fichier FermÈ --


ClÈ trouvÈe: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ trouvÈe: HKLM\Software\Classes\Conduit.Engine
ClÈ trouvÈe: HKLM\Software\Classes\Toolbar.CT2851639
ClÈ trouvÈe: HKLM\Software\Conduit
ClÈ trouvÈe: HKLM\Software\conduitEngine
ClÈ trouvÈe: HKCU\Software\AppDataLow\Toolbar
ClÈ trouvÈe: HKCU\Software\AppDataLow\Software\Conduit
ClÈ trouvÈe: HKCU\Software\AppDataLow\Software\conduitEngine
ClÈ trouvÈe: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ trouvÈe: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ trouvÈe: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66E2A5D1-248F-41E5-A6CE-84284B89DE89}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur trouvÈe: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

-- C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\moveplayer@movenetworks.com (Move Media Player)
Extensions\support@lastpass.com (LastPass)
Extensions\vgplugin@visioglobe.com (Visioglobe plugin)
Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)
Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} (BabelFish)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms} /)
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, uTorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll)
HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
HKLM_ElevationPolicy\{5087682B-5F47-4A19-8190-9BC03CA85A0B} - C:\Users\Arnaud\AppData\Local\Conduit\CT2851639\uTorrentBar_FRAutoUpdateHelper.exe (?)
HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?)
HKLM_ElevationPolicy\{66E2A5D1-248F-41E5-A6CE-84284B89DE89} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{698EC134-64D9-4A14-A293-0D45F7015504} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 27/09/2011 16:21:55 (7087 Octet(s))

Fin ‡: 16:23:08, 27/09/2011

============== E.O.F ==============

merci
27 Septembre 2011 16:45:10

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis ‡ jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> LancÈ ‡ 16:21:36 le 27/09/2011, Mode normal

MicrosoftÆ Windows Vistaô …dition Familiale Premium Service Pack 2 (X86)
Arnaud@PC-DE-ARNAUD (Dell Inc. Vostro1710)

============== RECHERCHE ==============


Fichier trouvÈ: C:\Windows\system32\ConduitEngine.tmp
Fichier trouvÈ: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\searchplugins\conduit.xml
Dossier trouvÈ: C:\Users\Arnaud\AppData\Local\Conduit
Dossier trouvÈ: C:\Users\Arnaud\AppData\LocalLow\Conduit
Dossier trouvÈ: C:\Program Files\Conduit
Dossier trouvÈ: C:\Users\Arnaud\AppData\LocalLow\ConduitEngine
Dossier trouvÈ: C:\Program Files\ConduitEngine

-- Fichier ouvert: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\Prefs.js --
Ligne trouvÈe: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&Sea...
-- Fichier FermÈ --


ClÈ trouvÈe: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ trouvÈe: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ trouvÈe: HKLM\Software\Classes\Conduit.Engine
ClÈ trouvÈe: HKLM\Software\Classes\Toolbar.CT2851639
ClÈ trouvÈe: HKLM\Software\Conduit
ClÈ trouvÈe: HKLM\Software\conduitEngine
ClÈ trouvÈe: HKCU\Software\AppDataLow\Toolbar
ClÈ trouvÈe: HKCU\Software\AppDataLow\Software\Conduit
ClÈ trouvÈe: HKCU\Software\AppDataLow\Software\conduitEngine
ClÈ trouvÈe: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ trouvÈe: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ trouvÈe: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66E2A5D1-248F-41E5-A6CE-84284B89DE89}
ClÈ trouvÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur trouvÈe: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

-- C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\moveplayer@movenetworks.com (Move Media Player)
Extensions\support@lastpass.com (LastPass)
Extensions\vgplugin@visioglobe.com (Visioglobe plugin)
Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)
Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} (BabelFish)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms} /)
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, uTorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll)
HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
HKLM_ElevationPolicy\{5087682B-5F47-4A19-8190-9BC03CA85A0B} - C:\Users\Arnaud\AppData\Local\Conduit\CT2851639\uTorrentBar_FRAutoUpdateHelper.exe (?)
HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?)
HKLM_ElevationPolicy\{66E2A5D1-248F-41E5-A6CE-84284B89DE89} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{698EC134-64D9-4A14-A293-0D45F7015504} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 27/09/2011 16:21:55 (7087 Octet(s))

Fin ‡: 16:23:08, 27/09/2011

============== E.O.F ==============

merci
27 Septembre 2011 19:29:07

Re,

- Double-clique sur Ad-Remover pour l' exécuter
- Lance le nettoyage et poste le rapport
28 Septembre 2011 10:30:54

voilou :) 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis ‡ jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> LancÈ ‡ 09:50:42 le 28/09/2011, Mode normal

MicrosoftÆ Windows Vistaô …dition Familiale Premium Service Pack 2 (X86)
Arnaud@PC-DE-ARNAUD (Dell Inc. Vostro1710)

============== ACTION(S) ==============


Fichier supprimÈ: C:\Windows\system32\ConduitEngine.tmp
Fichier supprimÈ: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\searchplugins\conduit.xml
Dossier supprimÈ: C:\Users\Arnaud\AppData\Local\Conduit
Dossier supprimÈ: C:\Users\Arnaud\AppData\LocalLow\Conduit
Dossier supprimÈ: C:\Program Files\Conduit
Dossier supprimÈ: C:\Users\Arnaud\AppData\LocalLow\ConduitEngine
Dossier supprimÈ: C:\Program Files\ConduitEngine

(!) -- Fichiers temporaires supprimÈs.


-- Fichier ouvert: C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default\Prefs.js --
Ligne supprimÈe: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&Sea...
-- Fichier FermÈ --


ClÈ supprimÈe: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ supprimÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ supprimÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ supprimÈe: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
ClÈ supprimÈe: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ supprimÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}
ClÈ supprimÈe: HKLM\Software\Classes\Conduit.Engine
ClÈ supprimÈe: HKLM\Software\Classes\Toolbar.CT2851639
ClÈ supprimÈe: HKLM\Software\Conduit
ClÈ supprimÈe: HKLM\Software\conduitEngine
ClÈ supprimÈe: HKCU\Software\AppDataLow\Toolbar
ClÈ supprimÈe: HKCU\Software\AppDataLow\Software\Conduit
ClÈ supprimÈe: HKCU\Software\AppDataLow\Software\conduitEngine
ClÈ supprimÈe: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ supprimÈe: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ClÈ supprimÈe: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66E2A5D1-248F-41E5-A6CE-84284B89DE89}
ClÈ supprimÈe: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur supprimÈe: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

-- C:\Users\Arnaud\AppData\Roaming\Mozilla\FireFox\Profiles\dngwjv7f.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\moveplayer@movenetworks.com (Move Media Player)
Extensions\support@lastpass.com (LastPass)
Extensions\vgplugin@visioglobe.com (Visioglobe plugin)
Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)
Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} (BabelFish)
Prefs.js - browser.search.selectedEngine, uTorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll)
HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)
HKLM_ElevationPolicy\{5087682B-5F47-4A19-8190-9BC03CA85A0B} - C:\Users\Arnaud\AppData\Local\Conduit\CT2851639\uTorrentBar_FRAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?)
HKLM_ElevationPolicy\{698EC134-64D9-4A14-A293-0D45F7015504} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\prxtbuTor.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 17 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 28/09/2011 09:50:49 (6449 Octet(s))
C:\Ad-Report-SCAN[1].txt - 27/09/2011 16:21:55 (7225 Octet(s))

Fin ‡: 09:52:17, 28/09/2011

============== E.O.F ==============
28 Septembre 2011 18:26:32

hello,
je n'ai pas de connexion internet...
29 Septembre 2011 12:59:09

Astroman7 a dit :
> je n'ai pas de connexion internet...


Bonjour,

> Ici

A+

29 Septembre 2011 13:54:07

bonjour,
cette manipulation de marche pas, je parviens a me connecter cad que j'ai l'info disant connecté au réseau mais j'ai page blanche sur le navigateur Firefox comme ie :( 
4 Octobre 2011 11:33:25

hello,
j'ai pu faire un scan avec kaspersky et aucun virus ou quoi que ce soit de trouvé, je pense, comme lui, qu'il y en a plus.
par contre dans des nettoyages précédant d'alerte virus j'ai du supprimer certains fichiers plutôt important d’où mon problème actuel.
je pense qu'un formatage serai plus simple. cest un vieux pc dell vostro 1710 mais je n'ai plus le cd d'install .

merci
+
4 Octobre 2011 22:04:09

Bonsoir,

:heink: 

A+
10 Octobre 2011 13:13:53

Bonjour,

où en es-tu?

A+
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS