Se connecter / S'enregistrer
Votre question

[RESOLU] Redirections intempestive

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Mai 2011 13:16:56

bonjour

je solicite votre aide pour debarrasser mon pc de se probleme de redirection intempestive .


j'attend vos instructions !

merci par avance

Autres pages sur : resolu redirections intempestive

4 Mai 2011 15:37:25

Salut,

Bienvenue sur le forum.
Voici la procédure à suivre.
Prière de lire attentivement les instructions pour les suivre correctement.
Bien poster les rapports comme demandés afin de pouvoir les analyser.

ETAPE 1 :
Télécharge sur ton bureau: http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller.exe

execute le , La fenêtre suivante va s'ouvrir::



Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

Si TDSS.tdl3 est détecté assure toi que Cure est bien coché.

Si TDSS.tdl4(mbr) est détecté assure toi que Cure est bien coché.

Si Suspicious file est indiqué, laisse l'option cochée sur Skip

Clique sur Continue puis sur Reboot now pour redémarrer le PC.

Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).
.

ETAPE 2 :

Si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour

Télécharge MalwareByte's Anti-Malware sur ton Bureau.



  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :



  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen rapide".
  • Afin de lancer la recherche, clic sur " Rechercher ".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
  • Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
  • Si des infections sont présentes, clic sur "Afficher les résultats"
    puis sur "Supprimer la sélection".

    Enregistre le rapport sur ton Bureau.
  • Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.


    ETAPE 3 :

    Télécharge OTL sur ton Bureau.

  • Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.
  • Double-clique sur OTL.exe pour le lancer.Sous Windows Vista/7, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
  • L'écran principal de OTL s'affiche:



    (1) Si ce n'est déjà fait, dans le paragraphe Registre: Approfondi, cocher le bouton-radio Avec liste blanche

    (2) Coche (en haut) la case située devant Tous les utilisateurs

    (3) Coche également les cases à côté de Recherche Lop et Recherche purity.

    (4) Sélectionne très précisément tout ce qui est en gras avec la souris et copie/colle le contenu dans la zone Personnalisation de la fenêtre OTL


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop



    (5) Puis cliquer sur le bouton Analyse

    - Laisser l'outil travailler sans l'interrompre.

  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)

    Utilise le site http://pjjoint.malekal.com/ pour envoyer tes rapports, et poste le lien dans ta prochaine réponse.
    4 Mai 2011 16:10:03

    voila le rapport tdss :

    2011/05/04 15:57:11.0115 5472 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/04 15:57:11.0349 5472 ================================================================================
    2011/05/04 15:57:11.0349 5472 SystemInfo:
    2011/05/04 15:57:11.0349 5472
    2011/05/04 15:57:11.0349 5472 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/04 15:57:11.0349 5472 Product type: Workstation
    2011/05/04 15:57:11.0349 5472 ComputerName: PC-DE-MOHA
    2011/05/04 15:57:11.0350 5472 UserName: moha
    2011/05/04 15:57:11.0350 5472 Windows directory: C:\Windows
    2011/05/04 15:57:11.0350 5472 System windows directory: C:\Windows
    2011/05/04 15:57:11.0350 5472 Processor architecture: Intel x86
    2011/05/04 15:57:11.0350 5472 Number of processors: 2
    2011/05/04 15:57:11.0350 5472 Page size: 0x1000
    2011/05/04 15:57:11.0350 5472 Boot type: Normal boot
    2011/05/04 15:57:11.0350 5472 ================================================================================
    2011/05/04 15:57:11.0772 5472 Initialize success
    2011/05/04 15:57:23.0225 5992 ================================================================================
    2011/05/04 15:57:23.0225 5992 Scan started
    2011/05/04 15:57:23.0225 5992 Mode: Manual;
    2011/05/04 15:57:23.0225 5992 ================================================================================
    2011/05/04 15:57:23.0901 5992 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/04 15:57:23.0947 5992 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/04 15:57:24.0010 5992 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/04 15:57:24.0087 5992 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/04 15:57:24.0116 5992 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/04 15:57:24.0143 5992 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/04 15:57:24.0207 5992 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/04 15:57:24.0250 5992 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/04 15:57:24.0357 5992 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/04 15:57:24.0483 5992 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/04 15:57:24.0548 5992 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/04 15:57:24.0608 5992 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/04 15:57:24.0695 5992 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/04 15:57:24.0870 5992 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/05/04 15:57:25.0046 5992 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/05/04 15:57:25.0159 5992 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/04 15:57:25.0212 5992 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/04 15:57:25.0236 5992 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/04 15:57:25.0404 5992 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/04 15:57:25.0502 5992 AnyDVD (2221728114fdd1b6a790cfcb8f10acfa) C:\Windows\system32\Drivers\AnyDVD.sys
    2011/05/04 15:57:25.0578 5992 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/04 15:57:25.0798 5992 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/04 15:57:25.0837 5992 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/04 15:57:26.0114 5992 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/05/04 15:57:26.0188 5992 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/05/04 15:57:26.0289 5992 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
    2011/05/04 15:57:26.0377 5992 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
    2011/05/04 15:57:26.0450 5992 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
    2011/05/04 15:57:26.0524 5992 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/04 15:57:26.0579 5992 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/04 15:57:26.0662 5992 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/05/04 15:57:26.0863 5992 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/04 15:57:26.0938 5992 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/04 15:57:27.0013 5992 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/04 15:57:27.0093 5992 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/04 15:57:27.0163 5992 BlueletAudio (bc0e1c15e6fb3e20cd558f496ea684a0) C:\Windows\system32\DRIVERS\blueletaudio.sys
    2011/05/04 15:57:27.0180 5992 BlueletSCOAudio (5f81a2d1abc1e480c6152f7b9e446bfa) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
    2011/05/04 15:57:27.0294 5992 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/04 15:57:27.0372 5992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/04 15:57:27.0398 5992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/04 15:57:27.0532 5992 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/04 15:57:27.0551 5992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/04 15:57:27.0582 5992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/04 15:57:27.0682 5992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/04 15:57:27.0795 5992 Btcsrusb (942c602296119d758547808221c85a2c) C:\Windows\system32\Drivers\btcusb.sys
    2011/05/04 15:57:27.0864 5992 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/04 15:57:27.0961 5992 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    2011/05/04 15:57:28.0117 5992 c2scsi (f07baaa5447980beb357239da05e74b3) C:\Windows\system32\DRIVERS\c2scsi.sys
    2011/05/04 15:57:28.0234 5992 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/04 15:57:28.0322 5992 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/04 15:57:28.0577 5992 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/04 15:57:28.0656 5992 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/04 15:57:28.0790 5992 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/04 15:57:28.0816 5992 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/04 15:57:28.0840 5992 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/04 15:57:28.0871 5992 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/04 15:57:28.0937 5992 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/04 15:57:29.0009 5992 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/04 15:57:29.0080 5992 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/04 15:57:29.0181 5992 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/04 15:57:29.0296 5992 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/04 15:57:29.0388 5992 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/04 15:57:29.0546 5992 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    2011/05/04 15:57:29.0691 5992 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/04 15:57:29.0737 5992 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/04 15:57:29.0918 5992 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/04 15:57:30.0112 5992 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/05/04 15:57:30.0201 5992 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/04 15:57:30.0249 5992 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/04 15:57:30.0314 5992 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/04 15:57:30.0357 5992 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/04 15:57:30.0419 5992 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/04 15:57:30.0491 5992 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/04 15:57:30.0529 5992 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/04 15:57:30.0592 5992 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/04 15:57:30.0639 5992 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/04 15:57:30.0896 5992 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/04 15:57:31.0255 5992 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/05/04 15:57:31.0606 5992 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/04 15:57:31.0712 5992 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/04 15:57:31.0780 5992 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/04 15:57:31.0871 5992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/05/04 15:57:31.0925 5992 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/05/04 15:57:32.0125 5992 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/04 15:57:32.0207 5992 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/04 15:57:32.0303 5992 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/04 15:57:32.0353 5992 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/04 15:57:32.0403 5992 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/04 15:57:32.0462 5992 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/04 15:57:32.0537 5992 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/04 15:57:32.0627 5992 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/04 15:57:32.0687 5992 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/04 15:57:32.0741 5992 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/04 15:57:32.0792 5992 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/04 15:57:32.0845 5992 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/04 15:57:32.0970 5992 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/04 15:57:33.0147 5992 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/04 15:57:33.0233 5992 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/04 15:57:33.0278 5992 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/04 15:57:33.0342 5992 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/04 15:57:33.0439 5992 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/04 15:57:33.0598 5992 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/04 15:57:33.0691 5992 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/04 15:57:33.0735 5992 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/04 15:57:33.0788 5992 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/04 15:57:33.0891 5992 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
    2011/05/04 15:57:33.0943 5992 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/04 15:57:34.0033 5992 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/04 15:57:34.0080 5992 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/04 15:57:34.0133 5992 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/04 15:57:34.0305 5992 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/05/04 15:57:34.0432 5992 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/04 15:57:34.0506 5992 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/04 15:57:34.0560 5992 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/04 15:57:34.0624 5992 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/04 15:57:34.0658 5992 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/04 15:57:34.0718 5992 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/04 15:57:34.0786 5992 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/04 15:57:34.0842 5992 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/04 15:57:34.0942 5992 mf (26f4ca8a0b33658382424bf0b4326c0a) C:\Windows\system32\DRIVERS\mf.sys
    2011/05/04 15:57:35.0033 5992 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/04 15:57:35.0101 5992 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/04 15:57:35.0149 5992 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/04 15:57:35.0200 5992 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/04 15:57:35.0256 5992 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/04 15:57:35.0302 5992 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/04 15:57:35.0375 5992 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/04 15:57:35.0408 5992 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/04 15:57:35.0608 5992 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/04 15:57:35.0732 5992 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/04 15:57:35.0797 5992 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/04 15:57:35.0875 5992 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/04 15:57:36.0079 5992 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/04 15:57:36.0144 5992 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/04 15:57:36.0178 5992 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/04 15:57:36.0224 5992 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/04 15:57:36.0280 5992 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/04 15:57:36.0322 5992 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/04 15:57:36.0374 5992 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/04 15:57:36.0432 5992 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/04 15:57:36.0521 5992 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/04 15:57:36.0603 5992 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/04 15:57:36.0673 5992 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/04 15:57:36.0715 5992 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/04 15:57:36.0782 5992 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/04 15:57:36.0839 5992 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/04 15:57:36.0889 5992 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/04 15:57:36.0945 5992 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/04 15:57:36.0983 5992 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/04 15:57:37.0027 5992 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/04 15:57:37.0083 5992 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/04 15:57:37.0122 5992 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/04 15:57:37.0157 5992 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/04 15:57:37.0229 5992 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/04 15:57:37.0307 5992 NmPar (b7fcd3c47ce49ac279f6b5d1874d7432) C:\Windows\system32\DRIVERS\NmPar.sys
    2011/05/04 15:57:37.0363 5992 nmserial (3712070147f8fa20c15beedc8b4aec50) C:\Windows\system32\DRIVERS\nmserial.sys
    2011/05/04 15:57:37.0472 5992 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
    2011/05/04 15:57:37.0559 5992 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/04 15:57:37.0603 5992 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/04 15:57:37.0667 5992 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/04 15:57:37.0731 5992 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/04 15:57:37.0806 5992 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    2011/05/04 15:57:38.0166 5992 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/04 15:57:38.0801 5992 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/04 15:57:38.0858 5992 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/04 15:57:38.0921 5992 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
    2011/05/04 15:57:39.0005 5992 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/04 15:57:39.0083 5992 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/04 15:57:39.0242 5992 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/04 15:57:39.0294 5992 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/04 15:57:39.0346 5992 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/04 15:57:39.0403 5992 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    2011/05/04 15:57:39.0436 5992 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/04 15:57:39.0481 5992 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/04 15:57:39.0524 5992 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/04 15:57:39.0612 5992 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/04 15:57:39.0689 5992 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/04 15:57:39.0893 5992 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/04 15:57:39.0917 5992 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/04 15:57:39.0964 5992 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS
    2011/05/04 15:57:40.0016 5992 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/04 15:57:40.0076 5992 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/04 15:57:40.0146 5992 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/04 15:57:40.0235 5992 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/04 15:57:40.0288 5992 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/04 15:57:40.0338 5992 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/04 15:57:40.0400 5992 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/04 15:57:40.0440 5992 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/04 15:57:40.0474 5992 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/04 15:57:40.0501 5992 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/04 15:57:40.0529 5992 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/04 15:57:40.0573 5992 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/04 15:57:40.0624 5992 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/04 15:57:40.0723 5992 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/04 15:57:41.0014 5992 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/04 15:57:41.0255 5992 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/04 15:57:41.0335 5992 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/04 15:57:41.0394 5992 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/04 15:57:41.0701 5992 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/04 15:57:41.0828 5992 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\Windows\system32\DRIVERS\RxFilter.sys
    2011/05/04 15:57:41.0912 5992 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/04 15:57:42.0002 5992 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/04 15:57:42.0069 5992 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/04 15:57:42.0148 5992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/04 15:57:42.0234 5992 Ser2pl (ac1f2a09b76b57356f906eeda43ccc2a) C:\Windows\system32\DRIVERS\ser2pl.sys
    2011/05/04 15:57:42.0329 5992 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/04 15:57:42.0359 5992 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/04 15:57:42.0408 5992 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/04 15:57:42.0477 5992 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/04 15:57:42.0525 5992 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/04 15:57:42.0576 5992 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/04 15:57:42.0601 5992 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/04 15:57:42.0656 5992 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/04 15:57:42.0690 5992 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/04 15:57:42.0723 5992 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/04 15:57:42.0757 5992 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/04 15:57:42.0815 5992 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2011/05/04 15:57:42.0959 5992 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/04 15:57:43.0089 5992 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/05/04 15:57:43.0089 5992 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/05/04 15:57:43.0098 5992 sptd - detected LockedFile.Multi.Generic (1)
    2011/05/04 15:57:43.0157 5992 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/04 15:57:43.0213 5992 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/04 15:57:43.0270 5992 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/04 15:57:43.0369 5992 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/04 15:57:43.0611 5992 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/04 15:57:43.0678 5992 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/04 15:57:43.0749 5992 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/04 15:57:43.0871 5992 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/04 15:57:43.0971 5992 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/04 15:57:44.0030 5992 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/04 15:57:44.0083 5992 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/04 15:57:44.0134 5992 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/04 15:57:44.0180 5992 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/04 15:57:44.0274 5992 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/04 15:57:44.0389 5992 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/04 15:57:44.0434 5992 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/04 15:57:44.0485 5992 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/04 15:57:44.0552 5992 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/04 15:57:44.0621 5992 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/04 15:57:44.0673 5992 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/04 15:57:44.0713 5992 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/04 15:57:44.0804 5992 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/04 15:57:44.0884 5992 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/05/04 15:57:44.0968 5992 usbbus (6e2f566de8b0adf756385195071e7a69) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2011/05/04 15:57:45.0015 5992 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/04 15:57:45.0080 5992 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/04 15:57:45.0118 5992 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/04 15:57:45.0185 5992 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/04 15:57:45.0237 5992 USBModem (b013b5f6a290a148f00f988a19175a03) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2011/05/04 15:57:45.0281 5992 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/04 15:57:45.0354 5992 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/04 15:57:45.0402 5992 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/04 15:57:45.0466 5992 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/04 15:57:45.0563 5992 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/04 15:57:45.0656 5992 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/04 15:57:45.0692 5992 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/04 15:57:45.0733 5992 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/04 15:57:45.0781 5992 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/04 15:57:45.0800 5992 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/04 15:57:45.0836 5992 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/04 15:57:45.0935 5992 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/04 15:57:46.0303 5992 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/04 15:57:46.0351 5992 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/04 15:57:46.0402 5992 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/04 15:57:46.0455 5992 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/04 15:57:46.0520 5992 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/04 15:57:46.0586 5992 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/04 15:57:46.0756 5992 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
    2011/05/04 15:57:46.0911 5992 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/04 15:57:46.0937 5992 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/04 15:57:46.0952 5992 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/04 15:57:47.0100 5992 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/04 15:57:47.0160 5992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/04 15:57:47.0250 5992 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/04 15:57:47.0316 5992 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/04 15:57:47.0524 5992 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/05/04 15:57:47.0622 5992 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/04 15:57:47.0698 5992 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/04 15:57:47.0752 5992 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/04 15:57:48.0624 5992 ================================================================================
    2011/05/04 15:57:48.0624 5992 Scan finished
    2011/05/04 15:57:48.0625 5992 ================================================================================
    2011/05/04 15:57:48.0654 4984 Detected object count: 1
    2011/05/04 15:59:47.0690 4984 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/05/04 16:00:10.0925 2896 Deinitialize success
    Contenus similaires
    4 Mai 2011 16:26:26

    voici maintenant le rapport MBAM :

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6504

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    04/05/2011 16:19:58
    mbam-log-2011-05-04 (16-19-58).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 198173
    Temps écoulé: 7 minute(s), 8 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    4 Mai 2011 18:42:12

    hackinginterdit a dit :
    Tu te fais aider sur un autre forum ?

    Supprimes un max de toolbars via programmes et fonctionnalités c'est un vrai sapin de Noël
    http://forum.malekal.com/les-toolbars-est-pas-obligatoi...

    Tu as mis un proxy sur firefox ?
    Si ce n'est pas toi Fais ceci http://www.malekal.com/2010/11/14/desactiver-proxy-sur-...

    Tu me fais signe une fois fait



    re

    oui effectivement j'avais demander de l'aide sur un autre forum pour des pub intempestive ,mais malheursement ils non pas pu m'aider a 100% ,donc je viens tenter ma chance ici .

    pour les tooblars j'en est qu'une qui est active sur mon navigateur (google) j'ai quand meme desinstaller 2 ou 3 (j'espere).

    pour le proxy je l'ai desactiver .

    merci
    4 Mai 2011 18:50:23

    Ok fais ce qui suit

    Relance OTL.exe.

    Fais un double clic sur l'icône pour le lancer.Sous Windows Vista/7, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

    Sélectionne très précisément tout ce qui est dans le cadre ci dessous , avec la souris et copie le contenu dans la zone "Personnalisation" de la fenêtre OTL

    RAS

    :Files
    C:\Windows\tasks\fkcp.job
    C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
    C:\Windows\tasks\fkcp.job
    C:\UsbFix.txt
    C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
    C:\UsbFix
    ipconfig /flushdns /c

    :OTL
    O1 - Hosts: ::1 localhost
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [psastart] File not found
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237168450039 (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\UDC Output Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Revue Technique RENAULT SCENIC 2:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture payment carte bancaire tele samsung cz ubladi 06032011.PNG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\tdsskiller:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Applications & Jeux 2009 Pour iPhone & iPod Touch:Roxio EMC Stream

    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler sans te servir du PC!!!!!
  • Copie et colle le rapport dans ta réponse stp
    4 Mai 2011 19:03:26

    voila :

    All processes killed
    Error: Unable to interpret <RAS > in the current context!
    ========== FILES ==========
    C:\Windows\tasks\fkcp.job moved successfully.
    C:\UsbFix_Upload_Me_PC-DE-MOHA.zip moved successfully.
    File\Folder C:\Windows\tasks\fkcp.job not found.
    C:\UsbFix.txt moved successfully.
    File\Folder C:\UsbFix_Upload_Me_PC-DE-MOHA.zip not found.
    C:\UsbFix\Tools folder moved successfully.
    C:\UsbFix\Res folder moved successfully.
    C:\UsbFix\Quarantine\C\tmp folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RPZGLCY.12 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RKYTJH1 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RJALFB4 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RIJ8UIQ.0\tools folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RIJ8UIQ.0\filters folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RIJ8UIQ.0 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RHZIJWY folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$RDLHTXT folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002\$R4B8K7Y folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-1026319779-3202175374-426762610-500 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-20 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-18 folder moved successfully.
    C:\UsbFix\Quarantine\C\$RECYCLE.BIN folder moved successfully.
    C:\UsbFix\Quarantine\C folder moved successfully.
    C:\UsbFix\Quarantine folder moved successfully.
    C:\UsbFix\Erunt folder moved successfully.
    C:\UsbFix\BACKUP\Registry-30-04-2011\Users\00000002 folder moved successfully.
    C:\UsbFix\BACKUP\Registry-30-04-2011\Users\00000001 folder moved successfully.
    C:\UsbFix\BACKUP\Registry-30-04-2011\Users folder moved successfully.
    C:\UsbFix\BACKUP\Registry-30-04-2011 folder moved successfully.
    C:\UsbFix\BACKUP\Registry-02-05-2011\Users\00000002 folder moved successfully.
    C:\UsbFix\BACKUP\Registry-02-05-2011\Users\00000001 folder moved successfully.
    C:\UsbFix\BACKUP\Registry-02-05-2011\Users folder moved successfully.
    C:\UsbFix\BACKUP\Registry-02-05-2011 folder moved successfully.
    C:\UsbFix\BACKUP folder moved successfully.
    C:\UsbFix folder moved successfully.
    < ipconfig /flushdns /c >
    Configuration IP de Windows
    Cache de r‚solution DNS vid‚.
    C:\Users\moha\Desktop\cmd.bat deleted successfully.
    C:\Users\moha\Desktop\cmd.txt deleted successfully.
    ========== OTL ==========
    ::1 localhost removed from HOSTS file successfully
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\psastart deleted successfully.
    Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
    C:\Windows\Downloaded Program Files\wuweb.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1003\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Unable to delete ADS C:\Users\moha\Documents\UDC Output Files:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Revue Technique RENAULT SCENIC 2:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Capture payment carte bancaire tele samsung cz ubladi 06032011.PNG:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Desktop\tdsskiller:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Desktop\Applications & Jeux 2009 Pour iPhone & iPod Touch:Roxio EMC Stream .
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: freenet
    ->Temp folder emptied: 6757162 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: moha
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 52617240 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 18346610 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 1355 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 511946 bytes
    RecycleBin emptied: 7029035 bytes

    Total Files Cleaned = 81,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: freenet

    User: moha
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05042011_185345

    Files\Folders moved on Reboot...
    File\Folder C:\Users\freenet\AppData\Local\Temp\hsperfdata_SYSTEM\2928 not found!
    C:\Users\freenet\AppData\Local\Temp\jbigi955175394932744383lib.tmp moved successfully.
    C:\Users\freenet\AppData\Local\Temp\jcpuid1267596887675983045lib.tmp moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3OWNSAD\formulaireUtilisateur[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3OWNSAD\like[1].htm moved successfully.
    File\Folder C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3OWNSAD\raster.jsp[1].htm not found!
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O56DUKRC\ads[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O56DUKRC\Sync[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXNZ5BYC\formulaireUtilisateur[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXNZ5BYC\rechercheItineraire[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXNZ5BYC\sytadin_fr[1].htm moved successfully.
    File\Folder C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTAVSTTT\iframe-direct.jsp[1].htm not found!
    File\Folder C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZJ5NDWJ\iframe-messages.jsp[1].htm not found!
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZJ5NDWJ\Include[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\adsCATOHI8Z.htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\dishpointer_com[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\home3[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\openhand_8_8[1].bmp moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\search[2].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WYS4M4W\sytadin_fr[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\298558-11-redirections-intempestive[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\ads[8].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\fr_msn_com[2].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\likebox[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\maps_google_fr[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\openhand_8_8[1].bmp moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410NJY74\search[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    C:\Windows\temp\JETFF16.tmp moved successfully.

    Registry entries deleted on Reboot...
    4 Mai 2011 19:07:22

    le PC a rebooté ? Fais un essai pour voir si tu as toujours des redirections !
    4 Mai 2011 19:11:01

    oui le pc a rebooté et il ya toujours des redirections .

    merci
    4 Mai 2011 19:13:21

    ComboFix est un outil puissant qui ne doit pas être employé à la légère. Cette procédure a été créée spécifiquement pour cet utilisateur. Si vous n'êtes pas cet utilisateur, ne la lancez pas au risque d'endommager sérieusement votre installation de Windows

    Branche tes clés USB sur le PC.

  • Désactive tous tes logiciels de sécurité le temps de télécharger et exécuter ComboFix. Ceci afin qu'ils ne gênent pas l'outil quand il travaille.

  • Télécharge ComboFix de sUBs sur ton bureau.

  • IMPORTANT Consulte ce tuto détaillé sur l'utilisation du logiciel. Il t'explique dans le détail ce que tu dois faire et ne pas faire durant le scan.

  • Ferme toutes les fenêtres de tous les programmes en cours d'exécution.

  • Double-clique sur ComboFix.exe pour le lancer. Les conditions d'utilisations du programme vont s'afficher. Accepte les en cliquant sur OK.

    /!\Utilisateur de Vista, Seven : Clique droit sur le logo de Combofix, « exécuter en tant qu'Administrateur»/!\

  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  • Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

    Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.



    Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:



    Tape sur le bouton (Yes) pour poursuivre la recherche de nuisibles.

  • Suite à ça, le scan va commencer. Patiente le temps que l'outil travaille sans l'interrompre et sans rien toucher. (Ne clique pas dans la fenêtre de ComboFix quand il est en train de s'exécuter: Ça pourrait planter Windows)

  • A la fin du scan, un rapport va être généré: C:\ComboFix.txt
    Poste ce rapport dans ta prochaine réponse.
    4 Mai 2011 22:58:07

    voila le rapport comcofix :

    ComboFix 11-05-04.02 - moha 04/05/2011 22:44:29.1.2 - x86
    Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3072.1805 [GMT 2:00]
    Lancé depuis: c:\users\moha\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\moha\AppData\Roaming\Dealio
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\alerts.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\alerts_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\alerts_rec.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\alerts_rec_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\chevron-small.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\deal_report.jpg
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\DealioSearch.html
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\deals-leftcap.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\ebay_login.jpg
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\err_mainwindow.html
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\err_toolbar.html
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\global_scripts.js
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\headerbgthin.jpg
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\highlight-bg.png
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\logo.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\logo_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\man_toolbar.css
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\man_toolbar.html
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\man_toolbar.js
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\man_toolbarl.js
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\post-this-deal.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\post-this-deal_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\scripts.js
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\scroller.js
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\search-chevron.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\search-chevron_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\search_bg_blink.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\separator.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\settings.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\settings_over.gif
    c:\users\moha\AppData\Roaming\Dealio\kb127\res\yahoo-search.png
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\index.76.35
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.10.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.109.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.110.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.12.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.13.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.130.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.135.50
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.153.44
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.155.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.156.49
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.16.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.161.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.178.66
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.184.55
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.188.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.189.45
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.196.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.198.56
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.199.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.200.53
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.201.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.202.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.203.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.205.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.213.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.214.49
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.215.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.216.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.217.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.218.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.219.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.220.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.221.57
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.222.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.223.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.226.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.227.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.228.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.229.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.23.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.239.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.24.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.240.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.241.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.242.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.243.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.244.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.245.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.247.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.248.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.249.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.250.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.251.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.252.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.253.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.254.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.255.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.256.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.257.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.279.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.28.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.282.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.283.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.284.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.289.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.290.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.291.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.296.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.297.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.304.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.307.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.308.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.31.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.310.46
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.311.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.315.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.316.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.317.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.318.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.319.49
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.32.48
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.334.44
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.335.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.336.44
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.337.44
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.338.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.339.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.34.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.340.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.341.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.349.50
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.35.48
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.350.50
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.351.51
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.352.54
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.353.51
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.354.51
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.357.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.358.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.359.52
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.360.53
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.361.54
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.362.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.363.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.364.54
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.365.53
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.367.56
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.368.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.369.55
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.370.56
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.371.56
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.372.57
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.373.55
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.375.56
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.376.57
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.377.55
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.378.65
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.384.58
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.386.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.387.59
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.388.59
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.389.59
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.390.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.391.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.392.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.393.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.394.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.396.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.397.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.398.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.399.60
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.403.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.404.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.405.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.406.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.407.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.408.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.409.61
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.412.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.413.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.414.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.415.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.416.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.417.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.418.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.419.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.420.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.421.62
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.423.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.424.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.425.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.426.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.427.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.428.65
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.429.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.430.63
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.432.65
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.433.64
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.434.65
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.435.64
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.436.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.437.64
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.438.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.439.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.440.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.442.73
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.443.73
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.444.73
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.445.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.446.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.450.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.451.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.452.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.453.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.454.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.456.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.457.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.458.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.459.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.460.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.462.74
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.463.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.464.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.465.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.468.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.469.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.470.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.471.73
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.472.70
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.478.74
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.479.73
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.480.68
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.481.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.482.74
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.49.67
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.50.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.500.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.501.74
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.502.71
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.51.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.52.72
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.520.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.521.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.522.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.53.51
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.531.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.532.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.534.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.54.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.55.45
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.56.69
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.57.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.58.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.593.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.595.76
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.63.57
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.66.47
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.70.75
    c:\users\moha\AppData\Roaming\Dealio\kb127\rules\rules.1.71.43
    c:\users\moha\AppData\Roaming\Dealio\kb127\temp\_toolbar_tmp_4724_6080_3.html
    c:\users\moha\AppData\Roaming\Dealio\kb127\temp\dealio-14488.log
    c:\users\moha\AppData\Roaming\Dealio\kb127\temp\dod_cache.xml
    c:\windows\ST6UNST.000
    c:\windows\system32\Temp
    c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
    c:\windows\system32\Temp\cumwnoyriaszutfdxupw.list
    c:\windows\system32\Temp\ddnapauqusofrpyqzgrh.list
    c:\windows\system32\Temp\svsheimgvhmdwhuzmxva.list
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-04 au 2011-05-04 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-04 16:25 . 2011-05-04 16:25 -------- d-----w- C:\ToolBar SD
    2011-05-04 10:31 . 2011-05-04 10:31 -------- d-----w- c:\users\moha\AppData\Local\{90EF5417-4C3B-4B84-8E26-85E135AC92FC}
    2011-05-03 09:33 . 2011-05-03 09:33 -------- d-----w- c:\users\moha\AppData\Local\{2FEEE368-731E-431D-9949-F80150F90362}
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\users\moha\AppData\LEA
    2011-05-02 19:59 . 2011-05-02 20:01 -------- d-----w- c:\users\moha\AppData\SoftPlug
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\program files\WinPcap
    2011-05-02 09:55 . 2011-05-02 09:56 -------- d-----w- c:\users\moha\AppData\Local\{0DE14A63-FD21-4551-85B0-03283981F26E}
    2011-05-01 17:19 . 2011-05-01 21:07 -------- d-----w- c:\windows\NgrabLite
    2011-05-01 17:19 . 2011-05-01 17:19 -------- d-----w- c:\program files\NgrabLite
    2011-05-01 17:02 . 2011-05-01 17:02 -------- d-----w- c:\users\moha\AppData\Local\{5402D31B-6224-491D-99DA-A66CE3279253}
    2011-05-01 10:15 . 2011-05-01 10:15 512 ------w- C:\PhysicalMBR.bin
    2011-04-30 14:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-30 14:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-30 11:19 . 2011-04-30 11:19 -------- d-----w- C:\_OTL
    2011-04-29 23:14 . 2011-04-29 23:14 -------- d-----w- c:\users\moha\AppData\Malwarebytes
    2011-04-29 19:20 . 2011-04-29 19:20 135168 --sha-r- c:\windows\system32\tsdisconc.dll
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\programdata\VOWSoft
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\program files\iPodRobot
    2011-04-13 21:31 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-13 21:31 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-13 21:31 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-13 21:31 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-13 21:31 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-13 21:31 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-13 21:31 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-13 21:31 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-06 12:56 . 2011-05-04 12:05 -------- d--h--w- c:\program files\InstallJammer Registry
    2011-04-06 12:56 . 2011-04-06 12:57 -------- d-----w- c:\users\moha\.gstreamer-0.10
    2011-04-06 12:56 . 2011-05-04 12:05 -------- d-----w- c:\program files\DreamStream-E2
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-11 13:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2008-09-28 20:00 . 2009-05-21 22:41 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
    2011-03-18 17:58 . 2011-03-31 01:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-11-18 19:34 . 2007-11-18 19:34 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ------- Sigcheck -------
    .
    [-] 2010-09-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-18 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
    "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\Nouveau dossier\bin\jusched.exe" [2009-07-31 149280]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-16 202256]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
    backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^e-Carte Bleue LCL.lnk]
    backup=c:\windows\pss\e-Carte Bleue LCL.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2010.lnk]
    backup=c:\windows\pss\Hyperappel du Petit Larousse 2010.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^moha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-02-27 15:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 02:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
    2006-10-06 14:04 19091456 ----a-w- c:\program files\CounterPath\X-Lite\x-lite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    2006-03-22 23:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2009-05-19 14:57 2811312 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-06-07 15:47 13917800 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-08-24 14:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    2007-07-19 13:32 1120568 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-02-16 01:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "VX1000"=c:\windows\vVX1000.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 freenet-darknet-8888;Freenet 0.7 darknet-8888;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [2007-04-06 204800]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-20 1181328]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-06-10 253808]
    R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-31 691696]
    S1 aswSP;aswSP; [x]
    S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
    S3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-12-19 81408]
    S3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [2006-12-19 63488]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002Core.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002UA.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
    TCP: {B7B5F861-EF27-4EB9-85D5-C002D5CDE21B} = 8.8.8.8,8.8.4.4
    DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.singlehoteleden.ch/activex/AMC.cab
    FF - ProfilePath - c:\users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\
    FF - prefs.js: network.proxy.ftp - 201.219.17.29
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 201.219.17.29
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 201.219.17.29
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 201.219.17.29
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Notify-klogon - (no file)
    MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
    AddRemove-Net Detective - c:\program files\Net Detective\DeIsL1.isu
    AddRemove-Usbfix - c:\usbfix\Un-UsbFix.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.032"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.abr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ani"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.arw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bay"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.crw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cs1"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cur"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dib"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dng"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.emf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.eps"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.erf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.gif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.hdr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icl"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icn"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ilbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.int"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.inta"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iw4"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2c"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2k"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jfif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jp2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpe"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpeg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpk"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.kdc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.lbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mos"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mrw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.nef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.orf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pct"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pgm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pic"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pict"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pix"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.png"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ppm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspimage"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ras"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgba"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rle"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rsb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sgi"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.srf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tga"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.thm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tiff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wmf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xpm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):7f,57,9f,34,be,66,fd,29,84,9a,70,4f,75,e4,6a,e0,b5,88,91,bc,e1,
    4b,ea,79,c4,9a,83,4e,0e,c9,35,71,f9,9c,c3,59,5d,0a,ff,dc,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{bb236883-f1f3-4e1e-a250-aa0551b07a87}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000109
    "Therad"=dword:0000001f
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2011-05-04 22:55:31
    ComboFix-quarantined-files.txt 2011-05-04 20:55
    .
    Avant-CF: 119 188 787 200 octets libres
    Après-CF: 119 147 515 904 octets libres
    .
    - - End Of File - - 6910CB545DBF67BB7BBCC51869836F41
    5 Mai 2011 07:39:50

    Bonjour

    Comment se comporte ton PC maintenant ?
    5 Mai 2011 11:46:20

    hackinginterdit a dit :
    Bonjour

    Comment se comporte ton PC maintenant ?



    salut hackinginter

    je n'est qu'un mot a dire :BRAVO ET UN GRAND [:bryan01:1]

    le probleme de redirection a disparu ainsi que deux autres ,le centre de securite qui ete blocquer et un probleme avec ie sur certains sites auquels je ne pouvais plus acceder car ils considerait que je navigais avec ie6.


    merci

    ps.le probeme de centre de securite viens de reaparaitre est impossible de le lancer :fou: 

    edit :
    fausse joie les redirections vienne de reprendre de plus belle . :cry: 

    edit 2:

    voila un message d'erreur quand j'essaye d'aller sur un de mes favoris :livefoot.fr

    Cette page Web présente une boucle de redirection.
    La page Web à l'adresse http://www.livefoot.fr/ a déclenché trop de redirections. Pour résoudre le problème, effacez les cookies de ce site ou autorisez les cookies tiers. Si le problème persiste, il peut être dû à une mauvaise configuration du serveur et n'être aucunement lié à votre ordinateur.
    Voici quelques suggestions :
    Actualisez cette page Web ultérieurement.
    En savoir plus sur ce problème.
    Erreur 310 (net::ERR_TOO_MANY_REDIRECTS) : Trop de redirections
    5 Mai 2011 14:45:44

    sur tout les navigateurs .

    est pour les proxy je l'avais deja fait hier ,ils so,t toujours desactiver.
    5 Mai 2011 14:52:16

    Tu as fait ce qu'il te demandait
    effacez les cookies de ce site ou autorisez les cookies tiers. Si le problème persiste Blablabla


    Télécharge TFC par OldTimer impérativement sur ton Bureau:

  • Faites un double clic sur TFC.exe pour le lancer.
  • L'outil va fermer tous les programmes lors de son exécution, donc vérifiez que vous avez sauvegardé tout votre travail en cours avant de commencer.
  • Cliquez sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle vous supprimez vos fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laissez le programme s'exécuter sans l'interrompre.
  • Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système.


    PureRa est un outil très simple qui supprime des fichiers que d'autres nettoyeurs ignorent et permet ainsi un gain d'espace intéressant pour un fonctionnement optimal de votre PC.

  • Cliquer ICI,descendre jusqu'à PureRa et cliquer sur Download Windows Binary pour télécharger le fichier (.zip) sur le Bureau.

  • Cliquer-droit sur le nouveau fichier => "Extraire ici".

  • Fermer toutes les fenêtres et applications ouvertes et double-cliquer sur PureRa.exe (Vista et Windows 7, cliquer-droit dessus => "Exécuter en tant qu'administrateur")

    puis cliquer sur Next.



  • Cocher la case 1UNCheck All et cliquer sur le bouton 2 Clean



    Un rapport sera créé. Inutile de le poster sur le forum
    5 Mai 2011 15:18:48

    voila c'est fait mais les problemes sont toujours la :( 
    5 Mai 2011 15:28:56

    Télécharge OTL sur ton Bureau.

    Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport standard
    Coche également les cases à côté de Recherche Lop et Recherche Purity
    Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
    Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Utilise le site http://pjjoint.malekal.com/ pour envoyer tes rapports, et poste les liens dans ta prochaine réponse.
    5 Mai 2011 16:39:45

    Relance OTL.exe.

    Fais un double clic sur l'icône pour le lancer.Sous Windows Vista/7, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

    Sélectionne très précisément tout ce qui est dans le cadre ci dessous , avec la souris et copie le contenu dans la zone "Personnalisation" de la fenêtre OTL

    RAS
    :Files
    C:\Windows\PEV.exe
    C:\Windows\MBR.exe
    C:\PhysicalMBR.bin
    C:\Users\moha\Desktop\PureRa
    C:\Qoobox
    C:\ToolBar SD
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-05-05-03h13m17s-http___192.168.0.12_8001_1_0_1_20FB_1F4_13E_820000_0_0_0__AL JAZEERA SPORT +7-.ts:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\vlc-record-2011-05-05-02h47m07s-http___192.168.0.12_8001_1_0_19_2275_438_1_C00000_0_0_0_-.ts:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\UDC Output Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Revue Technique RENAULT SCENIC 2:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture payment carte bancaire tele samsung cz ubladi 06032011.PNG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\PureRa:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\outills securite:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\moha\Desktop\Applications & Jeux 2009 Pour iPhone & iPod Touch:Roxio EMC Stream

    :OTL
    FF - prefs.js..network.proxy.ftp: %µ£201.219.17.29%µ£
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.http: %µ£201.219.17.29%µ£
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.no_proxies_on: %µ£*.local%µ£
    FF - prefs.js..network.proxy.socks: %µ£201.219.17.29%µ£
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: %µ£201.219.17.29%µ£
    FF - prefs.js..network.proxy.ssl_port: 3128
    FF - prefs.js..network.proxy.type: 0
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

    :Commands
    [emptytemp]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler sans te servir du PC!!!!!
  • Copie et colle le rapport dans ta réponse stp
    5 Mai 2011 19:32:10

    re , voila le rapport otl :


    All processes killed
    Error: Unable to interpret <RAS > in the current context!
    ========== FILES ==========
    C:\Windows\PEV.exe moved successfully.
    C:\Windows\MBR.exe moved successfully.
    C:\PhysicalMBR.bin moved successfully.
    C:\Users\moha\Desktop\PureRa folder moved successfully.
    C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
    C:\Qoobox\Quarantine\C\Windows\System32\temp folder moved successfully.
    C:\Qoobox\Quarantine\C\Windows\System32 folder moved successfully.
    C:\Qoobox\Quarantine\C\Windows folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming\Dealio\kb127\temp folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming\Dealio\kb127\rules folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming\Dealio\kb127\res folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming\Dealio\kb127 folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming\Dealio folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData\Roaming folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha\AppData folder moved successfully.
    C:\Qoobox\Quarantine\C\Users\moha folder moved successfully.
    C:\Qoobox\Quarantine\C\Users folder moved successfully.
    C:\Qoobox\Quarantine\C folder moved successfully.
    C:\Qoobox\Quarantine folder moved successfully.
    Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
    C:\Qoobox folder moved successfully.
    C:\ToolBar SD folder moved successfully.
    ADS C:\Users\moha\Documents\vlc-record-2011-05-05-03h13m17s-http___192.168.0.12_8001_1_0_1_20FB_1F4_13E_820000_0_0_0__AL JAZEERA SPORT +7-.ts:Roxio EMC Stream deleted successfully.
    ADS C:\Users\moha\Documents\vlc-record-2011-05-05-02h47m07s-http___192.168.0.12_8001_1_0_19_2275_438_1_C00000_0_0_0_-.ts:Roxio EMC Stream deleted successfully.
    Unable to delete ADS C:\Users\moha\Documents\UDC Output Files:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Revue Technique RENAULT SCENIC 2:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Capture payment carte bancaire tele samsung cz ubladi 06032011.PNG:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Documents\Capture lcl 20112010.PNG:Roxio EMC Stream .
    Unable to delete ADS C:\Users\moha\Desktop\PureRa:Roxio EMC Stream .
    ADS C:\Users\moha\Desktop\outills securite:Roxio EMC Stream deleted successfully.
    Unable to delete ADS C:\Users\moha\Desktop\Applications & Jeux 2009 Pour iPhone & iPod Touch:Roxio EMC Stream .
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: freenet
    ->Temp folder emptied: 5970462 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: moha
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 9214844 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1216 bytes
    RecycleBin emptied: 129352 bytes

    Total Files Cleaned = 15,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05052011_192536

    Files\Folders moved on Reboot...
    File\Folder C:\Qoobox\BackEnv not found!
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JODCZUVJ\ads[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1P76KC\298558-11-redirections-intempestive[2].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1P76KC\ads[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1P76KC\like[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1P76KC\pjjoint_malekal_com[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPSU41SB\ads[1].htm moved successfully.
    C:\Users\moha\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    5 Mai 2011 19:39:48

    Hello

    Toujours des redirections? Je pense que oui
    5 Mai 2011 21:08:35

    hackinginterdit a dit :
    Hello

    Toujours des redirections? Je pense que oui



    oui toujours malheuresement.
    5 Mai 2011 21:23:44

    çà te le fait avec quel moteur IE, firefox ?

    Refais voir TDSkiller

    Télécharge sur ton bureau: http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller.exe

    execute le , La fenêtre suivante va s'ouvrir::



    Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    Si TDSS.tdl3 est détecté assure toi que Cure est bien coché.

    Si TDSS.tdl4(mbr) est détecté assure toi que Cure est bien coché.

    Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).
    5 Mai 2011 23:34:49

    voila le rapport tds :

    2011/05/05 23:32:24.0362 4372 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/05 23:32:24.0628 4372 ================================================================================
    2011/05/05 23:32:24.0629 4372 SystemInfo:
    2011/05/05 23:32:24.0629 4372
    2011/05/05 23:32:24.0629 4372 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/05 23:32:24.0629 4372 Product type: Workstation
    2011/05/05 23:32:24.0629 4372 ComputerName: PC-DE-MOHA
    2011/05/05 23:32:24.0629 4372 UserName: moha
    2011/05/05 23:32:24.0629 4372 Windows directory: C:\Windows
    2011/05/05 23:32:24.0629 4372 System windows directory: C:\Windows
    2011/05/05 23:32:24.0629 4372 Processor architecture: Intel x86
    2011/05/05 23:32:24.0629 4372 Number of processors: 2
    2011/05/05 23:32:24.0629 4372 Page size: 0x1000
    2011/05/05 23:32:24.0629 4372 Boot type: Normal boot
    2011/05/05 23:32:24.0629 4372 ================================================================================
    2011/05/05 23:32:25.0045 4372 Initialize success
    2011/05/05 23:32:29.0220 5068 ================================================================================
    2011/05/05 23:32:29.0220 5068 Scan started
    2011/05/05 23:32:29.0220 5068 Mode: Manual;
    2011/05/05 23:32:29.0220 5068 ================================================================================
    2011/05/05 23:32:30.0035 5068 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/05 23:32:30.0114 5068 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/05 23:32:30.0169 5068 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/05 23:32:30.0229 5068 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/05 23:32:30.0282 5068 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/05 23:32:30.0322 5068 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/05 23:32:30.0458 5068 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/05 23:32:30.0517 5068 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/05 23:32:30.0632 5068 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/05 23:32:30.0767 5068 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/05 23:32:30.0848 5068 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/05 23:32:30.0909 5068 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/05 23:32:30.0978 5068 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/05 23:32:31.0226 5068 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/05/05 23:32:31.0431 5068 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/05/05 23:32:31.0501 5068 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/05 23:32:31.0552 5068 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/05 23:32:31.0605 5068 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/05 23:32:31.0636 5068 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/05 23:32:31.0703 5068 AnyDVD (2221728114fdd1b6a790cfcb8f10acfa) C:\Windows\system32\Drivers\AnyDVD.sys
    2011/05/05 23:32:31.0778 5068 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/05 23:32:32.0082 5068 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/05 23:32:32.0129 5068 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/05 23:32:32.0323 5068 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/05/05 23:32:32.0531 5068 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/05/05 23:32:32.0689 5068 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
    2011/05/05 23:32:32.0768 5068 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
    2011/05/05 23:32:32.0834 5068 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
    2011/05/05 23:32:32.0908 5068 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/05 23:32:32.0954 5068 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/05 23:32:33.0054 5068 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/05/05 23:32:33.0264 5068 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/05 23:32:33.0362 5068 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/05 23:32:33.0438 5068 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/05 23:32:33.0543 5068 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/05 23:32:33.0605 5068 BlueletAudio (bc0e1c15e6fb3e20cd558f496ea684a0) C:\Windows\system32\DRIVERS\blueletaudio.sys
    2011/05/05 23:32:33.0636 5068 BlueletSCOAudio (5f81a2d1abc1e480c6152f7b9e446bfa) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
    2011/05/05 23:32:33.0802 5068 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/05 23:32:33.0881 5068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/05 23:32:34.0023 5068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/05 23:32:34.0090 5068 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/05 23:32:34.0129 5068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/05 23:32:34.0173 5068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/05 23:32:34.0224 5068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/05 23:32:34.0296 5068 Btcsrusb (942c602296119d758547808221c85a2c) C:\Windows\system32\Drivers\btcusb.sys
    2011/05/05 23:32:34.0373 5068 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/05 23:32:34.0487 5068 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    2011/05/05 23:32:34.0668 5068 c2scsi (f07baaa5447980beb357239da05e74b3) C:\Windows\system32\DRIVERS\c2scsi.sys
    2011/05/05 23:32:35.0026 5068 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/05 23:32:35.0089 5068 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/05 23:32:35.0178 5068 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/05 23:32:35.0248 5068 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/05 23:32:35.0390 5068 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/05 23:32:35.0424 5068 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/05 23:32:35.0482 5068 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/05 23:32:35.0521 5068 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/05 23:32:35.0588 5068 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/05 23:32:35.0692 5068 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/05 23:32:35.0856 5068 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/05 23:32:36.0055 5068 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/05 23:32:36.0121 5068 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/05 23:32:36.0180 5068 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/05 23:32:36.0321 5068 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    2011/05/05 23:32:36.0474 5068 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/05 23:32:36.0546 5068 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/05 23:32:36.0718 5068 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/05 23:32:36.0871 5068 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/05/05 23:32:36.0984 5068 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/05 23:32:37.0058 5068 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/05 23:32:37.0130 5068 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/05 23:32:37.0217 5068 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/05 23:32:37.0286 5068 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/05 23:32:37.0341 5068 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/05 23:32:37.0380 5068 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/05 23:32:37.0434 5068 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/05 23:32:37.0489 5068 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/05 23:32:37.0555 5068 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/05 23:32:37.0622 5068 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/05/05 23:32:37.0698 5068 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/05 23:32:37.0778 5068 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/05 23:32:37.0822 5068 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/05 23:32:37.0889 5068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/05/05 23:32:37.0959 5068 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/05/05 23:32:38.0201 5068 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/05 23:32:38.0400 5068 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/05 23:32:38.0495 5068 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/05 23:32:38.0537 5068 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/05 23:32:38.0579 5068 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/05 23:32:38.0630 5068 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/05 23:32:38.0704 5068 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/05 23:32:38.0778 5068 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/05 23:32:38.0863 5068 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/05 23:32:38.0958 5068 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/05 23:32:39.0018 5068 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/05 23:32:39.0096 5068 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/05 23:32:39.0162 5068 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/05 23:32:39.0279 5068 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/05 23:32:39.0376 5068 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/05 23:32:39.0403 5068 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/05 23:32:39.0468 5068 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/05 23:32:39.0523 5068 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/05 23:32:39.0572 5068 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/05 23:32:39.0658 5068 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/05 23:32:39.0702 5068 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/05 23:32:39.0755 5068 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/05 23:32:39.0842 5068 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
    2011/05/05 23:32:39.0952 5068 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/05 23:32:40.0001 5068 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/05 23:32:40.0048 5068 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/05 23:32:40.0117 5068 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/05 23:32:40.0330 5068 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/05/05 23:32:40.0408 5068 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/05 23:32:40.0583 5068 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/05 23:32:40.0652 5068 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/05 23:32:40.0708 5068 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/05 23:32:40.0768 5068 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/05 23:32:40.0827 5068 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/05 23:32:40.0895 5068 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/05 23:32:40.0951 5068 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/05 23:32:41.0033 5068 mf (26f4ca8a0b33658382424bf0b4326c0a) C:\Windows\system32\DRIVERS\mf.sys
    2011/05/05 23:32:41.0092 5068 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/05 23:32:41.0160 5068 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/05 23:32:41.0266 5068 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/05 23:32:41.0350 5068 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/05 23:32:41.0390 5068 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/05 23:32:41.0444 5068 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/05 23:32:41.0492 5068 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/05 23:32:41.0525 5068 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/05 23:32:41.0599 5068 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/05 23:32:41.0657 5068 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/05 23:32:41.0706 5068 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/05 23:32:41.0759 5068 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/05 23:32:41.0838 5068 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/05 23:32:41.0912 5068 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/05 23:32:41.0945 5068 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/05 23:32:41.0966 5068 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/05 23:32:42.0006 5068 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/05 23:32:42.0040 5068 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/05 23:32:42.0225 5068 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/05 23:32:42.0274 5068 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/05 23:32:42.0322 5068 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/05 23:32:42.0378 5068 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/05 23:32:42.0432 5068 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/05 23:32:42.0491 5068 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/05 23:32:42.0549 5068 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/05 23:32:42.0607 5068 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/05 23:32:42.0656 5068 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/05 23:32:42.0687 5068 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/05 23:32:42.0717 5068 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/05 23:32:42.0744 5068 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/05 23:32:42.0792 5068 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/05 23:32:42.0881 5068 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/05 23:32:42.0950 5068 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/05 23:32:43.0130 5068 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/05 23:32:43.0216 5068 NmPar (b7fcd3c47ce49ac279f6b5d1874d7432) C:\Windows\system32\DRIVERS\NmPar.sys
    2011/05/05 23:32:43.0280 5068 nmserial (3712070147f8fa20c15beedc8b4aec50) C:\Windows\system32\DRIVERS\nmserial.sys
    2011/05/05 23:32:43.0364 5068 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
    2011/05/05 23:32:43.0426 5068 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/05 23:32:43.0470 5068 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/05 23:32:43.0542 5068 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/05 23:32:43.0623 5068 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/05 23:32:43.0709 5068 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    2011/05/05 23:32:44.0110 5068 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/05 23:32:44.0485 5068 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/05 23:32:44.0534 5068 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/05 23:32:44.0624 5068 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
    2011/05/05 23:32:44.0723 5068 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/05 23:32:44.0792 5068 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/05 23:32:44.0958 5068 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/05 23:32:44.0995 5068 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/05 23:32:45.0039 5068 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/05 23:32:45.0104 5068 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    2011/05/05 23:32:45.0153 5068 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/05 23:32:45.0191 5068 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/05 23:32:45.0233 5068 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/05 23:32:45.0270 5068 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/05 23:32:45.0319 5068 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/05 23:32:45.0561 5068 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/05 23:32:45.0617 5068 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/05 23:32:45.0673 5068 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS
    2011/05/05 23:32:45.0775 5068 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/05 23:32:45.0827 5068 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/05 23:32:45.0914 5068 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/05 23:32:46.0010 5068 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/05 23:32:46.0064 5068 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/05 23:32:46.0130 5068 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/05 23:32:46.0192 5068 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/05 23:32:46.0257 5068 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/05 23:32:46.0327 5068 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/05 23:32:46.0385 5068 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/05 23:32:46.0446 5068 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/05 23:32:46.0490 5068 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/05 23:32:46.0533 5068 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/05 23:32:46.0597 5068 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/05 23:32:46.0673 5068 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/05 23:32:46.0706 5068 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/05 23:32:46.0735 5068 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/05 23:32:46.0778 5068 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/05 23:32:47.0044 5068 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/05 23:32:47.0186 5068 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\Windows\system32\DRIVERS\RxFilter.sys
    2011/05/05 23:32:47.0363 5068 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/05 23:32:47.0470 5068 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/05 23:32:47.0503 5068 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/05 23:32:47.0558 5068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/05 23:32:47.0752 5068 Ser2pl (ac1f2a09b76b57356f906eeda43ccc2a) C:\Windows\system32\DRIVERS\ser2pl.sys
    2011/05/05 23:32:47.0830 5068 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/05 23:32:47.0877 5068 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/05 23:32:47.0909 5068 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/05 23:32:47.0986 5068 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/05 23:32:48.0003 5068 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/05 23:32:48.0035 5068 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/05 23:32:48.0069 5068 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/05 23:32:48.0174 5068 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/05 23:32:48.0241 5068 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/05 23:32:48.0299 5068 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/05 23:32:48.0350 5068 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/05 23:32:48.0491 5068 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2011/05/05 23:32:48.0593 5068 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/05 23:32:48.0680 5068 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/05/05 23:32:48.0680 5068 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/05/05 23:32:48.0689 5068 sptd - detected LockedFile.Multi.Generic (1)
    2011/05/05 23:32:48.0749 5068 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/05 23:32:48.0789 5068 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/05 23:32:48.0829 5068 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/05 23:32:49.0020 5068 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/05 23:32:49.0178 5068 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/05 23:32:49.0229 5068 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/05 23:32:49.0291 5068 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/05 23:32:49.0455 5068 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/05 23:32:49.0563 5068 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/05 23:32:49.0648 5068 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/05 23:32:49.0684 5068 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/05 23:32:49.0710 5068 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/05 23:32:49.0739 5068 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/05 23:32:49.0908 5068 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/05 23:32:50.0123 5068 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/05 23:32:50.0177 5068 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/05 23:32:50.0227 5068 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/05 23:32:50.0294 5068 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/05 23:32:50.0355 5068 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/05 23:32:50.0415 5068 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/05 23:32:50.0464 5068 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/05 23:32:50.0564 5068 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/05 23:32:50.0652 5068 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/05/05 23:32:50.0728 5068 usbbus (6e2f566de8b0adf756385195071e7a69) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2011/05/05 23:32:50.0782 5068 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/05 23:32:50.0839 5068 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/05 23:32:50.0877 5068 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/05 23:32:50.0935 5068 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/05 23:32:51.0013 5068 USBModem (b013b5f6a290a148f00f988a19175a03) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2011/05/05 23:32:51.0074 5068 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/05 23:32:51.0130 5068 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/05 23:32:51.0178 5068 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/05 23:32:51.0209 5068 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/05 23:32:51.0272 5068 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/05 23:32:51.0307 5068 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/05 23:32:51.0334 5068 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/05 23:32:51.0367 5068 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/05 23:32:51.0424 5068 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/05 23:32:51.0442 5068 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/05 23:32:51.0479 5068 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/05 23:32:51.0546 5068 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/05 23:32:51.0621 5068 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/05 23:32:51.0711 5068 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/05 23:32:51.0761 5068 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/05 23:32:51.0814 5068 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/05 23:32:51.0888 5068 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/05 23:32:51.0979 5068 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/05 23:32:52.0079 5068 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
    2011/05/05 23:32:52.0187 5068 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/05 23:32:52.0229 5068 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/05 23:32:52.0254 5068 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/05 23:32:52.0343 5068 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/05 23:32:52.0465 5068 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/05 23:32:52.0651 5068 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/05 23:32:52.0784 5068 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/05 23:32:52.0942 5068 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/05/05 23:32:53.0074 5068 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/05 23:32:53.0332 5068 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/05 23:32:53.0403 5068 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/05 23:32:53.0465 5068 ================================================================================
    2011/05/05 23:32:53.0465 5068 Scan finished
    2011/05/05 23:32:53.0465 5068 ================================================================================
    2011/05/05 23:32:53.0479 4368 Detected object count: 1
    2011/05/05 23:33:31.0273 4368 LockedFile.Multi.Generic(sptd) - User select action: Skip
    6 Mai 2011 01:28:57

    bonjour hackinginterdit

    j'ai toujours des redirections , un peu moins certe ,mais il y'en ici es là !!
    et contrairement a ce matin (le 05/05 ) je peu maintenant acceder au site live foot.fr sans probleme.

    merci
    7 Mai 2011 23:57:34

    hackinginterdit t en RTT ? :sol: 

    8 Mai 2011 07:41:18

    Salut

    Je t'ai oublié excuses moi!

    Lance OTL et clique sur purge outils.
    Le PC va redémarrer pour supprimer l'outil et sa quarantaine.


    /!\ Déconnectes toi et fermes toutes applications en cours /!\
    Relance AD-R à partir de ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour ]VISTA et SEVEN)
    Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Nettoyer. Ont te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
    !! Laisse Travailler l'outil !!
    A la fin du scan on te propose de redémarrer, accepte en cliquant sur oui. Ton PC va redémarrer.
    Une fois ton PC rallumé, rends toi ici : C:\ et ouvre le fichier nommé C:\Ad-reportClean[X].Txt.
    Post moi dans ta prochaine réponse e contenus de C:\Ad-reportClean[X].Txt.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


    Télécharge aswMBR.exe (511KB) sur ton Bureau.

    Double clique sur aswMBR.exe pour l'exécuter
    Double-clique sur aswMBR.exe présent sur ton bureau.(Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA / SEVEN

    Clique sur le bouton «Scan»





    Clic sur save log ,Enregistre le rapport sur le bureau
    Poste le rapport dans ta prochaine réponse
    8 Mai 2011 13:54:24

    salut hackinginterdit

    j'ai executer ad-r mais le sont rapport est introuvable sur mon pc même dans :C:\Ad-reportClean[X].Txt .

    pour aswMBR voila le rapport :

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-08 13:39:56
    -----------------------------
    13:39:56.951 OS Version: Windows 6.1.7600
    13:39:56.951 Number of processors: 2 586 0x4303
    13:39:56.953 ComputerName: PC-DE-MOHA UserName: moha
    13:40:00.068 Initialize success
    13:40:13.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
    13:40:13.136 Disk 0 Vendor: ST340082 3.AA Size: 381554MB BusType: 3
    13:40:15.172 Disk 0 MBR read successfully
    13:40:15.174 Disk 0 MBR scan
    13:40:15.176 Disk 0 Windows 7 default MBR code
    13:40:17.181 Disk 0 scanning sectors +781420720
    13:40:17.208 Disk 0 scanning C:\Windows\system32\drivers
    13:40:23.375 Service scanning
    13:40:24.689 Disk 0 trace - called modules:
    13:40:24.710 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857821f8]<<
    13:40:24.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866e3030]
    13:40:24.731 3 CLASSPNP.SYS[8bb7e59e] -> nt!IofCallDriver -> [0x864be020]
    13:40:24.741 5 ACPI.sys[8b5303b2] -> nt!IofCallDriver -> \Device\0000006d[0x864be6d8]
    13:40:24.752 \Driver\nvstor32[0x864d2db8] -> IRP_MJ_CREATE -> 0x857821f8
    13:40:24.760 Scan finished successfully
    13:40:51.123 Disk 0 MBR has been saved successfully to "C:\Users\moha\Desktop\MBR.dat"
    13:40:51.132 The log file has been saved successfully to "C:\Users\moha\Desktop\aswMBR.txt"


    8 Mai 2011 20:04:10

    hackinginterdit a dit :
    Citation :
    j'ai executer ad-r mais le sont rapport est introuvable sur mon pc même dans :C:\Ad-reportClean[X].Txt .

    Pas possible tu as bien regardé ? Tiens regarde la vidéo d'aide a la fin il te montre ou trouver le rapport
    http://www.teamxscript.org/adremoverNettoyage.html



    je viens de le trouver ,tout ta l'heure je ne devait pas avoir les yeux en face des trous :ouch: 

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/05/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 13:01:06 le 08/05/2011 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft Windows 7 Édition Intégrale ( - X86)
    Nom du PC: PC-DE-MOHA (PACKARD BELL BV IMEDIA 8638)
    Utilisateur actuel: moha
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .

    (!) -- Fichiers temporaires supprimés.
    .
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 4.0.1 (fr) *
    .
    C:\Users\moha\AppData\mozilla\firefox\profiles\67cptpgj.default\prefs.js - browser.download.lastDir: C:\\Users\\moha\\Desktop
    C:\Users\moha\AppData\mozilla\firefox\profiles\67cptpgj.default\prefs.js - browser.startup.homepage_override.buildID: 20110413222027
    C:\Users\moha\AppData\mozilla\firefox\profiles\67cptpgj.default\prefs.js - browser.startup.homepage_override.mstone: rv:2.0.1
    .
    .
    * Internet Explorer Version 8.0.7600.16385 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 14 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 2194 Octet(s)
    .
    Fin à: 13:15:47, 08/05/2011
    .
    ============== E.O.F - CLEAN[1] ==============
    8 Mai 2011 20:10:19

    Bon fais ce qui suit:

    ComboFix est un outil puissant qui ne doit pas être employé à la légère. Cette procédure a été créée spécifiquement pour cet utilisateur. Si vous n'êtes pas cet utilisateur, ne la lancez pas au risque d'endommager sérieusement votre installation de Windows

    Branche tes clés USB sur le PC.

  • Désactive tous tes logiciels de sécurité le temps de télécharger et exécuter ComboFix. Ceci afin qu'ils ne gênent pas l'outil quand il travaille.

  • Télécharge ComboFix de sUBs sur ton bureau.

  • IMPORTANT Consulte ce tuto détaillé sur l'utilisation du logiciel. Il t'explique dans le détail ce que tu dois faire et ne pas faire durant le scan.

  • Ferme toutes les fenêtres de tous les programmes en cours d'exécution.

  • Double-clique sur ComboFix.exe pour le lancer. Les conditions d'utilisations du programme vont s'afficher. Accepte les en cliquant sur OK.

    /!\Utilisateur de Vista, Seven : Clique droit sur le logo de Combofix, « exécuter en tant qu'Administrateur»/!\

  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  • Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

    Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.



    Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:



    Tape sur le bouton (Yes) pour poursuivre la recherche de nuisibles.

  • Suite à ça, le scan va commencer. Patiente le temps que l'outil travaille sans l'interrompre et sans rien toucher. (Ne clique pas dans la fenêtre de ComboFix quand il est en train de s'exécuter: Ça pourrait planter Windows)

  • A la fin du scan, un rapport va être généré: C:\ComboFix.txt
    Poste ce rapport dans ta prochaine réponse.
    8 Mai 2011 21:17:30

    voila le rapport conbofix :


    ComboFix 11-05-07.03 - moha 08/05/2011 21:03:48.2.2 - x86
    Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3072.2080 [GMT 2:00]
    Lancé depuis: c:\users\moha\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-08 au 2011-05-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 19:12 . 2011-05-08 19:12 -------- d-----w- c:\users\freenet\AppData\Local\temp
    2011-05-08 19:12 . 2011-05-08 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-08 11:01 . 2011-05-08 11:15 -------- d-----w- C:\Ad-Remover
    2011-05-04 20:55 . 2011-05-08 19:12 -------- d-----w- c:\users\moha\AppData\Local\temp
    2011-05-04 10:31 . 2011-05-04 10:31 -------- d-----w- c:\users\moha\AppData\Local\{90EF5417-4C3B-4B84-8E26-85E135AC92FC}
    2011-05-03 09:33 . 2011-05-03 09:33 -------- d-----w- c:\users\moha\AppData\Local\{2FEEE368-731E-431D-9949-F80150F90362}
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\users\moha\AppData\LEA
    2011-05-02 19:59 . 2011-05-02 20:01 -------- d-----w- c:\users\moha\AppData\SoftPlug
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\program files\WinPcap
    2011-05-02 09:55 . 2011-05-02 09:56 -------- d-----w- c:\users\moha\AppData\Local\{0DE14A63-FD21-4551-85B0-03283981F26E}
    2011-05-01 17:19 . 2011-05-01 21:07 -------- d-----w- c:\windows\NgrabLite
    2011-05-01 17:19 . 2011-05-01 17:19 -------- d-----w- c:\program files\NgrabLite
    2011-05-01 17:02 . 2011-05-01 17:02 -------- d-----w- c:\users\moha\AppData\Local\{5402D31B-6224-491D-99DA-A66CE3279253}
    2011-04-30 14:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-30 14:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 23:14 . 2011-04-29 23:14 -------- d-----w- c:\users\moha\AppData\Malwarebytes
    2011-04-29 19:20 . 2011-04-29 19:20 135168 --sha-r- c:\windows\system32\tsdisconc.dll
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\programdata\VOWSoft
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\program files\iPodRobot
    2011-04-13 21:31 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-13 21:31 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-13 21:31 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-13 21:31 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-13 21:31 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-13 21:31 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-13 21:31 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-13 21:31 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-11 13:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2008-09-28 20:00 . 2009-05-21 22:41 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
    2011-05-05 00:45 . 2011-03-31 01:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-11-18 19:34 . 2007-11-18 19:34 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ------- Sigcheck -------
    .
    [-] 2010-09-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-18 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
    "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-16 202256]
    "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
    backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^e-Carte Bleue LCL.lnk]
    backup=c:\windows\pss\e-Carte Bleue LCL.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2010.lnk]
    backup=c:\windows\pss\Hyperappel du Petit Larousse 2010.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^moha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-02-27 15:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 02:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
    2006-10-06 14:04 19091456 ----a-w- c:\program files\CounterPath\X-Lite\x-lite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    2006-03-22 23:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2009-05-19 14:57 2811312 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-06-07 15:47 13917800 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-08-24 14:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    2007-07-19 13:32 1120568 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-31 13:23 149280 ----a-w- c:\program files\Java\jre6\Nouveau dossier\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-02-16 01:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "VX1000"=c:\windows\vVX1000.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 freenet-darknet-8888;Freenet 0.7 darknet-8888;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [2007-04-06 204800]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-20 1181328]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-06-10 253808]
    R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-31 691696]
    S1 aswSP;aswSP; [x]
    S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
    S3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-12-19 81408]
    S3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [2006-12-19 63488]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002Core.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002UA.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
    TCP: {B7B5F861-EF27-4EB9-85D5-C002D5CDE21B} = 8.8.8.8,8.8.4.4
    DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.singlehoteleden.ch/activex/AMC.cab
    FF - ProfilePath - c:\users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\
    FF - prefs.js: network.proxy.ftp - 201.219.17.29
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 201.219.17.29
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 201.219.17.29
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 201.219.17.29
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.032"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.abr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ani"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.arw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bay"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.crw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cs1"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cur"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dib"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dng"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.emf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.eps"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.erf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.gif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.hdr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icl"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icn"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ilbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.int"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.inta"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iw4"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2c"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2k"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jfif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jp2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpe"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpeg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpk"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.kdc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.lbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mos"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mrw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.nef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.orf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pct"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pgm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pic"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pict"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pix"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.png"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ppm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspimage"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ras"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgba"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rle"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rsb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sgi"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.srf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tga"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.thm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tiff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wmf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xpm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):7f,57,9f,34,be,66,fd,29,84,9a,70,4f,75,e4,6a,e0,b5,88,91,bc,e1,
    4b,ea,79,c4,9a,83,4e,0e,c9,35,71,f9,9c,c3,59,5d,0a,ff,dc,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{bb236883-f1f3-4e1e-a250-aa0551b07a87}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000109
    "Therad"=dword:0000001f
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3384)
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    .
    Heure de fin: 2011-05-08 21:14:39
    ComboFix-quarantined-files.txt 2011-05-08 19:14
    .
    Avant-CF: 117 224 103 936 octets libres
    Après-CF: 117 214 105 600 octets libres
    .
    - - End Of File - - 14830D89274162B70E78EAEF92AF7975
    9 Mai 2011 10:30:07

    Bonjour

    Tu peux supprimer Ad Aware il ne sert a rien!

  • Désactive ton antivirus, il peut gêner.
    ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

    Firefox::
    FF - ProfilePath - c:\users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\
    FF - prefs.js: network.proxy.ftp - 201.219.17.29
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 201.219.17.29
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 201.219.17.29
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 201.219.17.29
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    SkipFix::


  • Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
  • Choisis "Enregistrer sous" et choisis "Bureau"
  • Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript
  • Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
  • Quitte le Bloc Notes.
  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



    * suis les instructions
    * Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
    9 Mai 2011 11:55:04

    bonjour hackinginterdit ,voila le rapport combofix :


    ComboFix 11-05-07.03 - moha 09/05/2011 11:47:50.3.2 - x86
    Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3072.1942 [GMT 2:00]
    Lancé depuis: c:\users\moha\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\moha\Desktop\CFScript.txt
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - Mode FONCTIONNALITES REDUITES -
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-09 au 2011-05-09 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-09 09:49 . 2011-05-09 09:49 -------- d-----w- c:\users\freenet\AppData\Local\temp
    2011-05-09 09:49 . 2011-05-09 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-04 20:55 . 2011-05-09 09:50 -------- d-----w- c:\users\moha\AppData\Local\temp
    2011-05-04 10:31 . 2011-05-04 10:31 -------- d-----w- c:\users\moha\AppData\Local\{90EF5417-4C3B-4B84-8E26-85E135AC92FC}
    2011-05-03 09:33 . 2011-05-03 09:33 -------- d-----w- c:\users\moha\AppData\Local\{2FEEE368-731E-431D-9949-F80150F90362}
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\users\moha\AppData\LEA
    2011-05-02 19:59 . 2011-05-02 20:01 -------- d-----w- c:\users\moha\AppData\SoftPlug
    2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\program files\WinPcap
    2011-05-02 09:55 . 2011-05-02 09:56 -------- d-----w- c:\users\moha\AppData\Local\{0DE14A63-FD21-4551-85B0-03283981F26E}
    2011-05-01 17:19 . 2011-05-01 21:07 -------- d-----w- c:\windows\NgrabLite
    2011-05-01 17:19 . 2011-05-01 17:19 -------- d-----w- c:\program files\NgrabLite
    2011-05-01 17:02 . 2011-05-01 17:02 -------- d-----w- c:\users\moha\AppData\Local\{5402D31B-6224-491D-99DA-A66CE3279253}
    2011-04-30 14:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-30 14:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 23:14 . 2011-04-29 23:14 -------- d-----w- c:\users\moha\AppData\Malwarebytes
    2011-04-29 19:20 . 2011-04-29 19:20 135168 --sha-r- c:\windows\system32\tsdisconc.dll
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\programdata\VOWSoft
    2011-04-26 21:55 . 2011-04-26 21:55 -------- d-----w- c:\program files\iPodRobot
    2011-04-13 21:31 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-13 21:31 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-13 21:31 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-13 21:31 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-13 21:31 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-13 21:31 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-13 21:31 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-13 21:31 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-11 13:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2008-09-28 20:00 . 2009-05-21 22:41 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
    2011-05-05 00:45 . 2011-03-31 01:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-11-18 19:34 . 2007-11-18 19:34 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ------- Sigcheck -------
    .
    [-] 2010-09-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-18 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
    "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-16 202256]
    "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
    backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^e-Carte Bleue LCL.lnk]
    backup=c:\windows\pss\e-Carte Bleue LCL.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2010.lnk]
    backup=c:\windows\pss\Hyperappel du Petit Larousse 2010.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^moha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-02-27 15:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 02:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
    2006-10-06 14:04 19091456 ----a-w- c:\program files\CounterPath\X-Lite\x-lite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    2006-03-22 23:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2009-05-19 14:57 2811312 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-06-07 15:47 13917800 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-08-24 14:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    2007-07-19 13:32 1120568 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-31 13:23 149280 ----a-w- c:\program files\Java\jre6\Nouveau dossier\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-02-16 01:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "VX1000"=c:\windows\vVX1000.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 freenet-darknet-8888;Freenet 0.7 darknet-8888;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [2007-04-06 204800]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-20 1181328]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-06-10 253808]
    R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-31 691696]
    S1 aswSP;aswSP; [x]
    S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
    S3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-12-19 81408]
    S3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [2006-12-19 63488]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:15]
    .
    2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:13]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002Core.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2519781988-2905465911-4085053731-1002UA.job
    - c:\users\moha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 22:19]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
    TCP: {B7B5F861-EF27-4EB9-85D5-C002D5CDE21B} = 8.8.8.8,8.8.4.4
    DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.singlehoteleden.ch/activex/AMC.cab
    FF - ProfilePath - c:\users\moha\AppData\Mozilla\Firefox\Profiles\67cptpgj.default\
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.032"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.abr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ani"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.arw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bay"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.bw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.crw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cs1"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.cur"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dib"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.dng"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.emf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.eps"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.erf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.fpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.gif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.hdr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icl"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.icn"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ilbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.int"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.inta"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.iw4"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2c"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.j2k"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jfif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jp2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpe"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpeg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpg"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpk"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.jpx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.kdc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.lbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mos"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.mrw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.nef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.orf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pbr"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pct"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pcx"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pef"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pgm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pic"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pict"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pix"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.png"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ppm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psd"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.psp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.pspimage"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ras"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.raw"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rgba"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rle"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.rsb"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sgi"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.sr2"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.srf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tga"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.thm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.tiff"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttc"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.ttf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wbmp"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.wmf"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xbm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xif"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.5.xpm"
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):7f,57,9f,34,be,66,fd,29,84,9a,70,4f,75,e4,6a,e0,b5,88,91,bc,e1,
    4b,ea,79,c4,9a,83,4e,0e,c9,35,71,f9,9c,c3,59,5d,0a,ff,dc,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2519781988-2905465911-4085053731-1002_Classes\CLSID\{bb236883-f1f3-4e1e-a250-aa0551b07a87}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000109
    "Therad"=dword:0000001f
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5304)
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    .
    Heure de fin: 2011-05-09 11:52:34
    ComboFix-quarantined-files.txt 2011-05-09 09:52
    ComboFix2.txt 2011-05-08 19:14
    .
    Avant-CF: 117 323 599 872 octets libres
    Après-CF: 117 332 676 608 octets libres
    .
    - - End Of File - - 236CD3A3D2B8DC8B15F48ED183D8C541
    9 Mai 2011 14:35:03

    hackinginterdit a dit :
    [:_sebastien_:5]

    Comment va le PC maintenant ?



    re

    touujours pareille ,et les redirections sons de plus en plus HOT :kaola: 
    9 Mai 2011 15:07:00

    Je ne vois pas ce qui fout la grouille on va coller un coup de bull



    desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide:

    "c:\users\moha\Desktop\ComboFix.exe" /uninstall

    Puis cliquez sur OK



    Télécharge Virus Removal Tool de Kaspersky sur ton Bureau.

    Désactiver les protections résidentes de l'antivirus.

    Déconnecter le pc physiquement du net quand le programme est installé. (retirer le câble de la tour ou couper la connexion WI-FI).

    SCANNER avec Virus Removal Tool de Kaspersky.

    Connecte éventuellement tes clés USB et disques externes.

    Lance l'exécutable intitulé "setup_9.0xxxxx" en double-cliquant dessus sous XP (Clic droit/exécuter en temps qu'administrateur sous Vista/7).
    Réponds "Oui" à la question "Do you want to continue installation?"

    Cocher toutes les cases.

    Au niveau de la ligne "Réactions aux menaces", choisir "Réparer, si impossible, Supprimer"

    Clique alors sur Lancer l'analyse.

    L'analyse commence alors; l'outil agira automatiquement sur chaque détection de nuisibles mais il peut être amené à te demander de choisir une action par l'ouverture d'une fenêtre. (rare).

    Il est possible qu'à la fin, il te signale qu'il n'a pas pu traiter certaines infections; dans ce cas, suis ses recommandations.

    Clique sur Rapport: développe le menu montrant les détections et les actions effectuées:

    Fais un clic droit sur le contenu puis "Sélectionner tout" puis clique sur Copier.

    Ouvre le bloc notes et colle-y le contenu du presse-papier:

    Enregistre le fichier texte sur le bureau en le nommant Rapport-VRT

    Clique alors sur Exit dans la fenêtre du Virus Removal Tool; à la question: "L'application sera arrêtée et supprimée de l'ordinateur. Supprimer l'application?, clique sur OUI.

    Utilise le site http://pjjoint.malekal.com/ pour envoyer ton rapport, et poste le lien dans ta prochaine réponse.

    Tuto en images
    10 Mai 2011 19:23:57

    Bonsoir simou02

    Ca donne quoi maintenant ?
    10 Mai 2011 20:19:56

    hackinginterdit a dit :
    Bonsoir simou02

    Ca donne quoi maintenant ?



    toujours pareille :pt1cable: 
    10 Mai 2011 21:05:04

    Oui je m'en doute un peu !

    Tu avais bien choisi çà Au niveau de la ligne "Réactions aux menaces", choisir "Réparer, si impossible, Supprimer"

    On voit Mabezat cette vacherie se copie sur les supports amovibles ce qui me gêne c'est que kaspersky n'a pas fait le ménage

    Derniére cartouche On va passer USBfix

    Clique ici pour télécharger USbFix sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\
  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique droit sur UsbFix et sélectionne "Exécuter en tant qu'administrateur")
  • Clique sur "Rechercher"
  • Laisse travailler l'outil
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse
    10 Mai 2011 21:43:04

    re
    oui j'avais bien pressiser " si impossible, Supprimer "

    voila le rapport usbfix :

    ############################## | UsbFix 7.044 | [Recherche]

    Utilisateur: moha (Administrateur) # PC-DE-MOHA [PACKARD BELL BV IMEDIA 8638]
    Mis à jour le 25/04/2011 par TeamXscript
    Lancé à 21:35:11 | 10/05/2011
    Site Web: http://www.teamxscript.org
    Submit your sample: http://www.teamxscript.org/Upload.php
    Contact: TeamXscript.ElDesaparecido@gmail.com

    CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
    CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
    Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
    Internet Explorer 8.0.7600.16385

    Pare-feu Windows: Activé
    RAM -> 3072 Mo
    C:\ (%systemdrive%) -> Disque fixe # 365 Go (156 Go libre(s) - 43%) [HDD] # NTFS
    D:\ -> CD-ROM
    F:\ -> Disque amovible # 4 Go (533 Mo libre(s) - 14%) [MOHA] # FAT32
    I:\ -> CD-ROM
    M:\ -> CD-ROM

    ################## | Éléments infectieux |



    ################## | Registre |

    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

    ################## | Mountpoints2 |


    ################## | Vaccin |

    C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    F:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

    ################## | E.O.F |
    10 Mai 2011 21:47:16

    Relance " USBfix"

    /!\ Déconnecte-toi et ferme toutes les applications en cours /!\
    /!\ Branche tous tes périphériques ayant pu être infectés (clés usb, disque dur externe, etc ...) /!\
  • Double-clique sur "UsbFix" pour lancer le programme
    (Utilisateur de Vista/Windows 7, clique droit sur UsbFix et sélectionne "Exécuter en tant qu'administrateur")
  • Clique sur "Suppression".
  • Laisse travailler l'outil.
  • A la fin, un rapport apparaitra (sinon, il est situé ici C:\Usbfix.txt). Poste-le dans ta prochaine réponse

    10 Mai 2011 22:03:16

    voila :

    ############################## | UsbFix 7.044 | [Suppression]

    Utilisateur: moha (Administrateur) # PC-DE-MOHA [PACKARD BELL BV IMEDIA 8638]
    Mis à jour le 25/04/2011 par TeamXscript
    Lancé à 22:00:43 | 10/05/2011
    Site Web: http://www.teamxscript.org
    Submit your sample: http://www.teamxscript.org/Upload.php
    Contact: TeamXscript.ElDesaparecido@gmail.com

    CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
    CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
    Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
    Internet Explorer 8.0.7600.16385

    Pare-feu Windows: Activé
    RAM -> 3072 Mo
    C:\ (%systemdrive%) -> Disque fixe # 365 Go (156 Go libre(s) - 43%) [HDD] # NTFS
    D:\ -> CD-ROM
    F:\ -> Disque amovible # 4 Go (533 Mo libre(s) - 14%) [MOHA] # FAT32
    I:\ -> CD-ROM
    M:\ -> CD-ROM

    ################## | Éléments infectieux |


    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2519781988-2905465911-4085053731-1002

    ################## | Registre |

    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

    ################## | Mountpoints2 |


    ################## | Listing |

    [01/09/2009 - 03:31:01 | D ] C:\$INPLACE.~TR
    [10/05/2011 - 22:01:29 | SHD ] C:\$RECYCLE.BIN
    [01/09/2009 - 06:34:57 | D ] C:\$WINDOWS.~Q
    [09/05/2011 - 23:03:08 | N | 167997] C:\aaw7boot.log
    [04/02/2010 - 01:38:06 | D ] C:\ADCDA2
    [31/12/2009 - 16:49:43 | D ] C:\ADCDTEMP
    [13/03/2009 - 19:42:27 | D ] C:\Anuman Interactive
    [08/09/2008 - 02:43:26 | D ] C:\ASR
    [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
    [02/05/2011 - 02:52:26 | RAD ] C:\Autorun.inf
    [10/11/2010 - 02:27:16 | D ] C:\BackupHelper
    [24/03/2011 - 05:59:36 | D ] C:\Backup_DB
    [30/04/2011 - 04:14:35 | D ] C:\boot
    [21/09/2010 - 16:11:53 | RSH | 383562] C:\bootmgr
    [01/09/2009 - 04:08:40 | RASH | 8192] C:\BOOTSECT.BAK
    [21/09/2010 - 16:08:24 | N | 438840] C:\bootxez
    [26/06/2010 - 03:05:19 | D ] C:\c38ad83b046f30ee4f6751f0
    [23/03/2010 - 17:13:31 | D ] C:\CDTELE
    [29/09/2010 - 11:57:41 | N | 775] C:\cleanup.bat
    [09/05/2011 - 22:53:55 | N | 35011] C:\ComboFix.txt
    [05/05/2011 - 15:04:04 | D ] C:\Config.Msi
    [10/06/2009 - 23:42:20 | N | 10] C:\config.sys
    [14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
    [30/08/2009 - 01:07:09 | D ] C:\Données Ciel
    [02/12/2009 - 03:06:57 | D ] C:\Downloads
    [02/09/2010 - 01:57:56 | D ] C:\dreambox
    [10/11/2009 - 20:17:55 | D ] C:\drivers
    [22/03/2011 - 02:19:46 | D ] C:\dual
    [08/01/2009 - 02:45:56 | D ] C:\firefoxuser
    [18/06/2010 - 02:15:14 | D ] C:\found.000
    [04/08/2009 - 18:06:10 | N | 171136] C:\grldr
    [09/05/2011 - 23:03:09 | ASH | 2415566848] C:\hiberfil.sys
    [24/04/2011 - 21:35:24 | N | 921624] C:\img2-001.raw
    [02/03/2010 - 03:02:36 | D ] C:\Intel
    [01/03/2010 - 03:57:53 | D ] C:\Internet Explorer
    [09/07/2008 - 20:58:50 | N | 0] C:\IO.SYS
    [08/10/2008 - 20:31:58 | D ] C:\Language
    [26/10/2010 - 18:33:29 | N | 1060] C:\libSRTP_log.txt
    [24/03/2007 - 15:45:48 | N | 57344] C:\libsyslic1.dll
    [14/03/2007 - 04:57:54 | N | 144896] C:\libsyslic1.original.dll
    [23/06/2010 - 00:58:40 | N | 3397] C:\M7BL_Rapport.log
    [01/03/2010 - 02:04:48 | D ] C:\Mes Sites Web
    [09/07/2008 - 20:58:50 | N | 0] C:\MSDOS.SYS
    [11/09/2007 - 19:38:30 | RD ] C:\MSOCache
    [12/09/2008 - 19:23:32 | D ] C:\navcore_SE_8.201.9497_basicpack
    [09/06/2010 - 16:04:41 | D ] C:\NVIDIA
    [09/05/2011 - 23:03:09 | ASH | 3220758528] C:\pagefile.sys
    [14/07/2009 - 04:37:05 | D ] C:\PerfLogs
    [10/05/2011 - 09:28:39 | D ] C:\Program Files
    [10/05/2011 - 09:28:26 | D ] C:\ProgramData
    [05/05/2011 - 15:07:59 | N | 82446] C:\PureRa.txt
    [01/09/2009 - 06:49:54 | D ] C:\Recovery
    [12/09/2008 - 19:28:40 | D ] C:\SE_ttsystem.8201.9497
    [12/09/2008 - 19:28:42 | D ] C:\switch_update_for_8.201
    [09/05/2011 - 23:22:36 | SHD ] C:\System Volume Information
    [22/03/2011 - 02:05:18 | D ] C:\temp
    [21/09/2010 - 16:37:31 | D ] C:\TokensBackup
    [10/05/2011 - 22:01:29 | D ] C:\UsbFix
    [10/05/2011 - 22:00:48 | A | 4153] C:\UsbFix.txt
    [01/03/2010 - 03:58:05 | D ] C:\Users
    [11/05/2009 - 02:00:42 | D ] C:\ViaMichelin
    [01/03/2010 - 03:58:04 | D ] C:\WAUUPGRD
    [10/05/2011 - 00:37:24 | D ] C:\Windows
    [21/09/2010 - 16:08:24 | N | 206312] C:\XELDZ
    [10/11/2010 - 01:47:26 | D ] F:\ipa 2
    [10/11/2010 - 02:01:20 | D ] F:\iPod Photo Cache
    [21/05/2007 - 18:51:02 | N | 759808] F:\DreamUP.exe
    [26/02/2008 - 18:12:02 | N | 5169152] F:\Gemini_0431_DM500_26022008.img
    [01/01/2011 - 23:37:52 | N | 5189632] F:\Gemini_470_DM500s_NO-bomb.img
    [08/01/2011 - 14:21:08 | D ] F:\dossier dm 500hd
    [08/01/2011 - 19:35:36 | D ] F:\BuckupDM500HD 09012010 salah
    [10/01/2011 - 12:38:00 | N | 1528] F:\BOOTEX.LOG
    [31/03/2011 - 01:18:04 | N | 12660544] F:\mozilla-firefox_mozilla_firefox_4.0_final_francais_11003.exe
    [02/04/2011 - 01:30:48 | N | 1514527] F:\FreeWifi_Manager_1.0.8_Setup.exe
    [30/04/2011 - 16:36:32 | N | 7734216] F:\malwarebytes antimalware setup.exe
    [02/05/2011 - 02:52:28 | RASHD ] F:\Autorun.inf

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
    F:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

    ################## | Upload |

    Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-MOHA.zip
    http://www.teamxscript.org/Upload.php
    Merci de votre contribution.

    ################## | E.O.F |
    10 Mai 2011 22:07:20

    Tu as rebooté le PC ? Et toujours des redirections bien sur ,

    Double-clique sur le raccourci UsbFix présent sur ton Bureau.

  • Choisis l'option Désinstaller
  • Réponds OK aux boites qui s'afficheront.
    11 Mai 2011 00:08:43

    hackinginterdit a dit :
    Tu as rebooté le PC ? Et toujours des redirections bien sur ,

    Double-clique sur le raccourci UsbFix présent sur ton Bureau.

    • Choisis l'option Désinstaller
    • Réponds OK aux boites qui s'afficheront.



  • -j'ai desinstaller usbfix


    -j'ai toujours des redirections :fou:  :fou: 


    -et si on reessayer combofix qui avait marcher pendant quelques heures .ici reponse du 04-05-2011 à 19:13:21 . :cry: 
    11 Mai 2011 06:30:01

    Bonjour

    Télécharge le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
    Clique sur le bouton Download EXE.
    Enregistre le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).

    Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.

    Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

    Attendre quelques instants le chargement du pilote et les premières recherches.

    Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

    Vérifie que toutes les cases de la colonne de droite sont cochées sauf
    Sections
    les lecteurs autres que C:\
    "Show all"


    comme ceci:



    puis clique sur le bouton Scan.

    Attendre sans rien faire d'autre (... c'est un peu long...).
    Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

    Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), clique sur le bouton Save ....

    Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
    Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
    Enregistrer ce fichier sur le Bureau sous le nom gmer-100829.txt.
    Fermer la fenêtre Gmer (clic sur OK).

    Étape: Réactivation des programmes de sécurité résidents
    Important: Réactive le module résident de l'antivirus.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS