Votre question

Antimalware Doctor bloque tout

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Août 2010 22:09:42

Bonjour,

Je vous explique mon problème , jusque maintenant j'utilisai le Firewall de windows et depuis hier j'ai chopé un sale virus " Antimalware doctor" il me bloque absolument tout sur mon ordinateur , également ma connexion ( c'est pour cela que je vous écrit d'un autre ordinateur).
Je suis quand même parvenus à acceder au MSE avc prise en charge réseau.
De la j'ai effectuer un scan avec Avira antivir avec la dernière MAJ, il a bien detecter et supprimer les infections mais ca n a pas résolut le problème, ensuite j'ai effectuer le scan avec MalwareByte également MAJ , il a trouver aussi des infections qu'il a supprimé et le virus persiste toujours, j'ai également essayer avec Rkill et il n'y fait rien.
Quelqu'un pourrait-il me guide pour nettoyer cette M****.

Je précise que même en MSE avec prise en charge réseau je ne parviens pas a acceder a une page web, et j'ai vérifier dans mon panneau de configuration ajout et suppression de programme, Animalware doctor y apparait bien et de plus j'ai remarque également que si j'appuis pour le supprimer alors le virus se met en fonctione t une fenetre apparait avec sois disant le scan et les virus que mon ordinateur comporte et je peux mettre fin a cette fenetre en supprimant le processus " NEWSECURE APP 70700"

Voilà j'espère que je vous donnes des informations assez précise pour régler ce problème si il vous faut des rapport demander moi via quel programme en me donnant des liens si possible.

Merce d'avance.

Autres pages sur : antimalware doctor bloque

18 Août 2010 22:18:55

bonsoir
oui; tu as été très clair :) 

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

18 Août 2010 22:56:19

Voici le rapport ce Combofix


ComboFix 10-08-17.04 - fabrizio 18/08/2010 22:42:10.1.2 - x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1788 [GMT 2:00]
Lancé depuis: c:\documents and settings\fabrizio\Bureau\Netoyage\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C
c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C\enemies-names.txt
c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C\local.ini
c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C\lsrslt.ini
c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C\newsecureapp70700.exe
c:\documents and settings\fabrizio\Application Data\GabPath
c:\documents and settings\fabrizio\Application Data\GabPath\config.cfg
c:\documents and settings\fabrizio\Application Data\GabPath\gabpath.exe
c:\documents and settings\fabrizio\Application Data\GabPath\GPUninstall.exe
c:\documents and settings\fabrizio\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\documents and settings\fabrizio\Application Data\ohydy.exe
c:\documents and settings\fabrizio\Local Settings\Application Data\iufbdxeil
c:\documents and settings\fabrizio\Local Settings\Application Data\iufbdxeil\oppmhclshdw.exe
c:\documents and settings\fabrizio\Local Settings\Application Data\Windows Server
c:\documents and settings\fabrizio\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\fabrizio\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\fabrizio\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\fabrizio\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\fabrizio\x.exe
c:\windows\egiyoqeviwe.dll
c:\windows\sdstsvr.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\msrun.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

c:\windows\explorer.exe . . . est infecté!!

c:\windows\system32\winlogon.exe . . . est infecté!!

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2010-07-18 au 2010-08-18 ))))))))))))))))))))))))))))))))))))
.

2010-08-18 15:38 . 2010-08-18 20:52 783872 ----a-w- c:\windows\system32\drivers\sodlx.sys
2010-08-18 12:47 . 2010-08-18 12:47 -------- d-----w- c:\windows\system32\LogFiles
2010-08-18 08:05 . 2010-08-18 08:05 219648 ----a-w- c:\windows\Fzokua.exe
2010-08-16 22:06 . 2010-08-16 22:06 -------- d-----w- c:\documents and settings\fabrizio\Application Data\Command and Conquer 4
2010-08-15 20:23 . 2010-08-15 21:42 -------- d-----w- c:\documents and settings\fabrizio\Local Settings\Application Data\id Software
2010-08-15 20:09 . 2010-08-15 20:09 -------- d-----w- c:\program files\Activision
2010-08-15 20:08 . 2010-08-15 20:08 -------- d-sh--w- c:\windows\ftpcache
2010-08-15 20:02 . 2010-08-15 20:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-15 20:02 . 2010-08-15 20:08 -------- d-----w- c:\documents and settings\fabrizio\Application Data\DAEMON Tools Lite
2010-08-15 20:02 . 2010-08-15 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-08-15 15:02 . 2010-08-15 15:02 -------- d-----w- c:\documents and settings\fabrizio\Application Data\NVIDIA
2010-08-14 21:57 . 2010-08-14 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-14 21:57 . 2010-08-14 21:57 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-14 21:57 . 2010-08-14 21:57 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-14 21:57 . 2010-08-14 21:57 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-14 21:57 . 2010-08-14 21:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 21:56 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-08-14 21:56 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-08-14 21:56 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-08-14 21:56 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-08-14 21:56 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-08-14 21:56 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-08-14 21:56 . 2010-08-14 21:56 -------- d-----w- C:\NVIDIA
2010-08-14 15:55 . 2010-07-06 12:12 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-14 15:55 . 2010-07-06 12:07 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-14 15:54 . 2010-08-14 15:54 -------- d-----w- c:\documents and settings\fabrizio\Application Data\TuneUp Software
2010-08-14 15:54 . 2010-08-14 15:55 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-08-14 15:54 . 2010-08-14 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-08-14 15:54 . 2010-08-14 15:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-14 15:34 . 2010-08-14 15:34 -------- d-----w- c:\program files\CCleaner
2010-08-13 22:40 . 2010-08-12 22:59 57608 ----a-w- c:\documents and settings\All Users\Application Data\ResultDns\resultdns111.exe
2010-08-13 22:38 . 2010-08-13 22:44 -------- d-----w- c:\program files\ResultDns
2010-08-13 22:38 . 2010-08-13 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ResultDns
2010-08-13 22:08 . 2010-08-13 22:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-07-23 21:55 . 2009-11-06 05:04 10377728 ----a-w- c:\documents and settings\fabrizio\Application Data\CocoonSoftware\QMC\ffmpeg.exe
2010-07-23 21:55 . 2008-04-02 10:35 7945216 ----a-w- c:\documents and settings\fabrizio\Application Data\CocoonSoftware\QMC\ffmpegHD.exe
2010-07-23 21:55 . 2010-07-23 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter
2010-07-23 21:54 . 2010-07-23 21:54 -------- d-----w- c:\documents and settings\fabrizio\Application Data\CocoonSoftware
2010-07-23 21:54 . 2010-07-23 21:54 -------- d-----w- c:\documents and settings\fabrizio\Local Settings\Application Data\WDSetup

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 19:54 . 2010-03-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-18 17:19 . 2010-03-30 16:11 -------- d-----w- c:\program files\Steam
2010-08-18 16:03 . 2010-03-29 14:59 -------- d-----w- c:\documents and settings\fabrizio\Application Data\vlc
2010-08-18 15:59 . 2010-04-08 11:32 -------- d-----w- c:\documents and settings\fabrizio\Application Data\Winamp
2010-08-18 15:43 . 2006-03-02 12:00 211072 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-08-18 13:49 . 2010-03-29 13:05 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-08-18 11:30 . 2010-04-01 15:17 -------- d-----w- c:\documents and settings\fabrizio\Application Data\uTorrent
2010-08-17 20:56 . 2010-07-09 18:11 -------- d-----w- c:\program files\Electronic Arts
2010-08-17 20:41 . 2010-03-29 19:58 -------- d-----w- c:\documents and settings\fabrizio\Application Data\Apple Computer
2010-08-16 21:32 . 2010-03-29 12:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 21:11 . 2010-04-02 10:20 -------- d-----w- c:\program files\Mount&Blade Warband
2010-08-15 20:02 . 2010-03-30 16:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-14 22:02 . 2010-03-30 16:09 -------- d-----w- c:\documents and settings\fabrizio\Application Data\DAEMON Tools
2010-08-14 21:58 . 2010-06-11 22:25 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-08-13 23:31 . 2010-05-12 12:46 0 ----a-w- c:\windows\system32\Access.dat
2010-07-23 21:54 . 2010-03-31 20:11 -------- d-----w- c:\program files\QuickMediaConverter
2010-07-17 21:06 . 2010-03-29 20:24 -------- d-----w- c:\documents and settings\fabrizio\Application Data\dvdcss
2010-07-09 22:38 . 2010-03-29 13:04 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38 . 2007-06-28 16:43 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2007-06-28 16:43 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2007-06-28 16:43 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2007-06-28 16:43 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2007-06-28 16:43 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38 . 2007-06-28 16:43 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 21:18 . 2010-07-09 21:18 -------- d-----w- c:\documents and settings\fabrizio\Application Data\La Bataille pour la Terre du Milieu ™ II
2010-07-09 15:24 . 2010-06-24 11:12 -------- d-----w- c:\program files\Virtual CD v9
2010-07-09 15:16 . 2010-06-12 21:57 -------- d-----w- c:\program files\vmntoolbar
2010-07-07 11:46 . 2010-03-29 12:45 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-05 16:31 . 2010-07-05 12:53 -------- d-----w- c:\program files\PremiumSoft
2010-07-04 20:35 . 2010-07-04 20:35 131 ----a-w- c:\documents and settings\fabrizio\Local Settings\Application Data\fusioncache.dat
2010-07-01 18:47 . 2010-07-01 18:46 -------- d-----w- c:\program files\Micro Trivial Pursuit
2010-06-30 21:22 . 2010-06-24 18:16 -------- d-----w- c:\program files\LucasArts
2010-06-25 13:08 . 2010-06-25 12:09 -------- d-----w- c:\program files\Divinity II - Ego Draconis
2010-06-25 12:25 . 2010-06-25 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2
2010-06-24 22:10 . 2006-03-02 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-24 22:10 . 2006-03-02 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-24 11:17 . 2010-06-24 11:17 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-06-22 21:09 . 2010-06-22 21:09 -------- d-----w- c:\program files\WinPcap
2010-06-21 20:40 . 2010-06-12 11:20 -------- d-----w- c:\documents and settings\fabrizio\Application Data\Sites
2010-06-14 14:30 . 2010-03-29 12:38 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 22:25 . 2010-06-11 22:25 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-11 22:25 . 2010-06-11 22:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-02 02:55 . 2010-06-24 13:31 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-24 13:31 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-24 13:31 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-30 14:32 . 2010-03-29 13:07 75512 ----a-w- c:\documents and settings\fabrizio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-26 09:41 . 2010-06-24 13:31 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-24 13:31 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-24 13:31 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-24 13:31 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-24 13:31 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-13 22:38 . 2010-08-13 22:38 211456 ----a-w- c:\program files\mozilla firefox\components\gpff.dll
.

------- Sigcheck -------

[-] 2010-08-18 15:43 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-08-18 15:43 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ndis.sys

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe
[-] 2006-03-02 . 8427097371D511F1C83B46E7E91D314B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2006-03-02 . 4AE82BBD878D474FA738E1462AC7E0E7 . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 149280]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-20 202256]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-29 528384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2007-07-12 08:03 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 16:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-03-29 13:10 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 14:22 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 21:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2004-09-25 04:13 90112 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TunngleService"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"ATKKeyboardService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\hunter0014\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\hunter0014\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/08/2010 22:02 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/03/2010 16:44 135336]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 16:22 136176]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704]
S2 ResultDns Service;ResultDns Service;c:\documents and settings\All Users\Application Data\ResultDns\resultdns111.exe [14/08/2010 0:40 57608]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [6/07/2010 14:10 1051968]
S2 wrgkmklo;IEEE-1284.4 HPZid412Support;c:\windows\System32\svchost.exe -k netsvcs [2/03/2006 14:00 14336]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [12/05/2010 14:45 27136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24/02/2010 14:41 10064]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [12/05/2010 14:45 679672]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sodlx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
wrgkmklo
.
Contenu du dossier 'Tâches planifiées'

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:22]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:22]

2010-08-18 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

2010-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-842925246-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-842925246-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://eu.ask.com?o=15780&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.be
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fabrizio\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-GabPath - c:\documents and settings\fabrizio\Application Data\GabPath\gabpath.exe
HKCU-Run-Mwihuwi - c:\windows\sdstsvr.dll
HKCU-Run-newsecureapp70700.exe - c:\documents and settings\fabrizio\Application Data\F2733DC2FACDF94F85EEEB8CEA93AF5C\newsecureapp70700.exe
HKCU-Run-atsohtbv - c:\documents and settings\fabrizio\Local Settings\Application Data\iufbdxeil\oppmhclshdw.exe
HKLM-Run-atsohtbv - c:\documents and settings\fabrizio\Local Settings\Application Data\iufbdxeil\oppmhclshdw.exe
AddRemove-advantage_DAEM - c:\documents and settings\fabrizio\Application Data\advantage\AdVUninst.exe
AddRemove-GabPath - c:\documents and settings\fabrizio\Application Data\GabPath\GPUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 22:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8A2E50E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74a2cb8
\Driver\atapi -> atapi.sys @ 0xf78567b4
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x80579c89
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x80579c89
user & kernel MBR OK
PE file found in sector at 0x013153ECF !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sodlx]

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\msi.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\MFC90FRA.DLL
c:\program files\PowerISO\PWRISOSH.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\windows\system32\browselc.dll
c:\windows\system32\shdoclc.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Heure de fin: 2010-08-18 22:55:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-08-18 20:55

Avant-CF: 39.613.562.880 octets libres
Après-CF: 39.534.977.024 octets libres

- - End Of File - - C92F9EBEA698A4636F19ADFEFC4B695D
Contenus similaires
19 Août 2010 21:03:28

bonsoir

Citation :
:\windows\explorer.exe . . . est infecté!!

c:\windows\system32\winlogon.exe . . . est infecté!!

je pense que ce ne sont pas les seuls...
donc on va utiliser un outil qui nous permettra de naviguer sur ton pc sans être sous windows. du coup; après le scan, on fera des remplacements des fichiers infectés...
Télécharge OTLPENet.
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une mage iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD.
Tuto OTLPE

Tu lances l'iso d'OTLPENet que tu as gravé.
  • une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

  • Double-clique sur l'icone OTLPE
  • quand demandé "Do you wish to load the remote registry", select Yes
  • quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
  • vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK



  • sous Custom Scan box
    1 copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    cdrom.sys
    disk.sys
    ndis.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    explorer.exe
    winlogon.exe
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


  • copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
  • 2 Clic Run Scan pour démarrer le scan.
  • Une fois terminé , le fichier se trouve là C:\OTL.txt
  • Copie_colle le contenu dans ta prochaine réponse.


    19 Août 2010 21:31:13

    Okay je vai faire ca et je te poste la réponse dès que possible , merci
    19 Août 2010 22:25:25

    sauvegarde tes données car ça risque d'être rock'n'roll ;) 
    19 Août 2010 23:02:36

    Rock n Roll tu dis j'adore \m/_ je le grave a l'instant et j'effectue le scan je te dirai quoi demain car après je vais dormir ^^ bonne nuit et merci
    19 Août 2010 23:20:14

    Voici le rapport du scan:

    OTL logfile created on: 8/20/2010 12:13:58 AM - Run
    OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 40.25 Gb Free Space | 27.01% Space Free | Partition Type: NTFS
    Drive D: | 465.75 Gb Total Space | 458.07 Gb Free Space | 98.35% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 990.72 Mb Total Space | 868.91 Mb Free Space | 87.70% Space Free | Partition Type: FAT
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- C:\WINDOWS\System32\jherzqp.dll -- (wrgkmklo)
    SRV - File not found [On_Demand] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Auto] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
    SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto] -- C:\DOCUME~1\fabrizio\Bureau\VPNCLI~1\INSTAL~1.EXE -- (CiscoVpnInstallService)
    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/08/14 11:55:13 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/08/12 18:59:42 | 000,057,608 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe -- (ResultDns Service)
    SRV - [2010/07/06 08:10:24 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010/07/06 08:07:34 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010/04/19 11:47:48 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/04/16 02:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/30 05:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Disabled] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2010/02/24 03:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/12/11 13:40:04 | 000,679,672 | ---- | M] (Tunngle.net GmbH) [Disabled] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
    SRV - [2009/06/17 05:18:42 | 006,582,912 | ---- | M] () [On_Demand] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
    SRV - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
    SRV - [2007/07/12 10:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
    SRV - [2007/06/27 13:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - [2006/12/13 20:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/13 20:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/13 19:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2004/09/29 06:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\fabrizio\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/19 17:02:42 | 000,783,872 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sodlx.sys -- (sodlx)
    DRV - [2010/08/18 11:43:28 | 000,211,072 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2010/08/15 16:02:35 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/07/09 18:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010/06/11 18:25:52 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2010/06/11 18:25:51 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2010/03/01 03:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010/02/16 07:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/02/03 09:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/09/16 01:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
    DRV - [2009/05/11 05:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/01/13 13:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2009/01/13 13:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2009/01/13 13:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2009/01/13 13:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2008/11/16 12:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2007/07/12 04:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
    DRV - [2007/07/12 04:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
    DRV - [2007/07/12 04:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
    DRV - [2007/07/12 04:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
    DRV - [2007/06/29 08:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/07/12 09:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/07/12 09:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/07/01 16:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/10/11 12:07:38 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2005/10/06 13:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2005/08/10 09:48:26 | 000,329,072 | R--- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2005/07/22 17:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
    DRV - [2005/07/22 17:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2004/10/27 09:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2004/10/27 09:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2004/08/03 17:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
    DRV - [2002/08/08 09:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\fabrizio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\fabrizio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\fabrizio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.be"
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/20 11:20:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:47:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 09:14:38 | 000,000,000 | ---D | M]

    [2010/03/31 16:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Extensions
    [2010/03/31 16:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/19 13:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\extensions
    [2010/08/15 09:33:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/29 15:53:48 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    [2010/08/15 09:34:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/05/16 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\extensions\radiobar@toolbar
    [2010/08/06 07:50:01 | 000,002,252 | ---- | M] () -- C:\Documents and Settings\fabrizio\Application Data\Mozilla\Firefox\Profiles\00kcw5ep.default\searchplugins\askcom.xml
    [2010/08/19 13:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/13 18:38:38 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}
    [2010/04/01 13:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/04/01 13:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/04/01 13:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/02/15 16:49:16 | 000,000,940 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vmndtxtb.xml
    [2010/04/01 13:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/04/01 13:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/08/19 12:51:32 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKU\fabrizio_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [combofix] C:\ComboFix\CF7561.cfx File not found
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\fabrizio_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\fabrizio_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF7561.cfx File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\fabrizio_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\fabrizio_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-wind... (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O18 - Protocol\Handler\bw+0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw+0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw-0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw00 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw00s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw-0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw10 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw10s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw20 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw20s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw30 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw30s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw40 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw40s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw50 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw50s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw60 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw60s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw70 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw70s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw80 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw80s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw90 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bw90s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwa0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwa0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwb0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwb0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwc0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwc0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwd0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwd0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwe0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwe0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwf0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwf0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwg0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwg0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwh0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwh0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwi0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwi0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwj0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwj0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwk0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwk0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwl0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwl0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwm0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwm0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwn0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwn0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwo0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwo0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwp0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwp0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwq0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwq0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwr0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwr0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bws0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bws0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwt0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwt0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwu0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwu0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwv0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwv0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bww0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bww0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwx0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwx0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwy0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwy0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwz0 {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\bwz0s {8eb99e16-992b-4a70-91d4-444068d50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\offline-8876480 {8EB99E16-992B-4A70-91D4-444068D50062} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/19 10:55:58 | 000,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/08/19 23:15:58 | 000,000,089 | -HS- | M] () - F:\autorun.inf -- [ FAT ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
    NetSvcs: wrgkmklo - C:\WINDOWS\System32\jherzqp.dll File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "TunngleService"
    MsConfig - Services: "Hamachi2Svc"
    MsConfig - Services: "ATKKeyboardService"
    MsConfig - Services: "Apple Mobile Device"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe - (Logitech)
    MsConfig - StartUpReg: ASUSGamerOSD - hkey= - key= - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: LDM - hkey= - key= - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
    MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
    MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: Registry Cleaner Scheduler - hkey= - key= - C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe (CleanMyPC Software)
    MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - C:\ComboFix\PEV.cfx File not found
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
    SafeBootNet: NDIS - C:\WINDOWS\System32\drivers\ndis.sys ()
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetBT - File not found
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PEVSystemStart - C:\ComboFix\PEV.cfx File not found
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: procexp90.Sys - Driver
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
    ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/19 14:55:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fabrizio\Recent
    [2010/08/19 11:09:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/19 11:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/08/19 10:47:41 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/08/19 08:54:37 | 000,000,000 | ---D | C] -- C:\Kill'em
    [2010/08/19 08:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
    [2010/08/18 16:37:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/18 16:37:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/18 16:37:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/18 16:37:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/18 16:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/18 16:35:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/18 16:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\Netoyage
    [2010/08/18 08:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/08/18 06:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\Skins dod
    [2010/08/18 04:05:52 | 000,219,648 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Fzokua.exe
    [2010/08/16 18:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Application Data\Command and Conquer 4
    [2010/08/16 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\OST cdz
    [2010/08/15 17:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Mes documents\id Software
    [2010/08/15 16:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Local Settings\Application Data\id Software
    [2010/08/15 16:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
    [2010/08/15 16:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
    [2010/08/15 16:02:35 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/08/15 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Application Data\DAEMON Tools Lite
    [2010/08/15 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\WolfenStein
    [2010/08/15 11:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Application Data\NVIDIA
    [2010/08/14 17:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2010/08/14 17:56:40 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2010/08/14 17:56:40 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2010/08/14 17:56:40 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2010/08/14 17:56:38 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2010/08/14 17:56:38 | 004,595,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2010/08/14 17:56:31 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2010/08/14 12:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\Command and Conquer
    [2010/08/14 11:55:14 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2010/08/14 11:55:13 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2010/08/14 11:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Application Data\TuneUp Software
    [2010/08/14 11:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
    [2010/08/14 11:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Bureau\TuneUp
    [2010/08/14 11:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/08/13 18:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/07/23 17:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Application Data\CocoonSoftware
    [2010/07/23 17:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fabrizio\Local Settings\Application Data\WDSetup
    [2005/05/11 17:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\fabrizio\Mes documents\*.tmp files -> C:\Documents and Settings\fabrizio\Mes documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/08/19 17:02:43 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/08/19 17:02:42 | 000,783,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\sodlx.sys
    [2010/08/19 17:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/19 17:02:39 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\fabrizio\NTUSER.DAT
    [2010/08/19 17:02:39 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\fabrizio\ntuser.ini
    [2010/08/19 12:51:32 | 000,000,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/08/19 11:07:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/19 10:55:58 | 000,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/19 08:54:36 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\List_Kill'em.lnk
    [2010/08/18 15:35:50 | 000,000,795 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
    [2010/08/18 13:25:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/18 13:22:44 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/08/18 13:22:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/18 13:18:12 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/18 13:18:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-842925246-725345543-1004.job
    [2010/08/18 12:00:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/18 11:43:28 | 000,211,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
    [2010/08/18 11:43:27 | 000,211,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
    [2010/08/18 11:32:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/18 11:06:13 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-842925246-725345543-1004.job
    [2010/08/18 10:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    [2010/08/18 09:49:22 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
    [2010/08/18 09:15:54 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\fabrizio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/18 04:05:45 | 000,219,648 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Fzokua.exe
    [2010/08/17 17:06:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\iTunes.lnk
    [2010/08/17 17:06:34 | 003,670,759 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\The Beatles - Yesterday_converted.mp3
    [2010/08/17 08:00:34 | 735,541,248 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\Le Maitre d ecole ( par stall ).avi
    [2010/08/16 19:21:16 | 000,166,568 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/15 16:23:27 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\Wolf2.lnk
    [2010/08/15 16:02:35 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/08/14 17:57:12 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/08/14 17:57:12 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/08/14 17:57:09 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/08/14 17:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2010/08/14 11:34:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\CCleaner.lnk
    [2010/08/14 09:33:51 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/14 09:33:51 | 000,000,345 | RHS- | M] () -- C:\boot.ini
    [2010/08/13 19:31:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
    [2010/08/13 18:41:37 | 010,866,688 | ---- | M] () -- C:\Documents and Settings\fabrizio\Mes documents\vlc-1.1.2-win32.exe
    [2010/07/23 17:59:05 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\QuickMediaConverter.lnk
    [2010/07/23 17:55:39 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\fabrizio\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickMediaConverter.lnk
    [2010/07/23 16:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/21 17:29:19 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\fabrizio\Bureau\Microsoft Office Word 2007.lnk
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\fabrizio\Mes documents\*.tmp files -> C:\Documents and Settings\fabrizio\Mes documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/19 08:54:36 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\List_Kill'em.lnk
    [2010/08/18 16:37:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/18 16:37:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/18 16:37:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/18 16:37:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/18 16:37:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/18 11:38:33 | 000,783,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\sodlx.sys
    [2010/08/18 09:15:57 | 735,541,248 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\Le Maitre d ecole ( par stall ).avi
    [2010/08/17 17:06:30 | 003,670,759 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\The Beatles - Yesterday_converted.mp3
    [2010/08/16 19:21:16 | 000,166,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/15 16:23:27 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\Wolf2.lnk
    [2010/08/14 17:57:12 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/08/14 17:57:09 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/08/14 17:57:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/08/14 17:57:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2010/08/14 17:56:40 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2010/08/14 17:56:38 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/08/14 11:34:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\CCleaner.lnk
    [2010/08/13 18:41:37 | 010,866,688 | ---- | C] () -- C:\Documents and Settings\fabrizio\Mes documents\vlc-1.1.2-win32.exe
    [2010/07/23 17:59:05 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\fabrizio\Bureau\QuickMediaConverter.lnk
    [2010/07/19 06:02:53 | 000,000,795 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
    [2010/07/09 14:06:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\fabrizio\default.pls
    [2010/07/05 08:53:26 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
    [2010/07/04 16:35:36 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\fabrizio\Local Settings\Application Data\fusioncache.dat
    [2010/06/30 17:25:07 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [2010/06/12 17:59:44 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\fabrizio\Application Data\Par défaut.cls
    [2010/06/12 07:20:46 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\fabrizio\Application Data\Settings.cfg
    [2010/06/12 06:49:29 | 000,006,397 | ---- | C] () -- C:\Documents and Settings\fabrizio\x.log
    [2010/06/11 18:25:52 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
    [2010/06/11 18:25:51 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
    [2010/05/18 11:19:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/05/01 11:04:12 | 000,290,904 | R--- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
    [2010/04/26 16:10:26 | 000,000,263 | ---- | C] () -- C:\WINDOWS\MPLAB.INI
    [2010/04/20 10:58:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2010/04/20 10:58:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2010/04/10 13:29:56 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
    [2010/03/29 10:58:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/03/29 10:58:41 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\fabrizio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8
    20 Août 2010 22:50:56

    Bonsoir
    Démarre OTLPENet à partir du CD comme tu viens de le faire.
    Copie le fichier Fix.txt sur ta clé USB.
    http://www.sendspace.com/file/1waoyx

  • Insère ta clé USB avec le fichier Fix.txt dans ton PC
  • Démarre OTLPE
  • Fais un glisser/déposer du fichier Fix.txt dans la boîte de dialogue Custom scans and fixes.



  • Si cela ne marche pas, clique sur Run Fix et une boîte de dialogue s'ouvrira pour te demander de selectionner un endroit, déroule jusqu'au fichier Fix.txt qui est sur ta clé USB.
  • Puis clique sur Run Fix
  • Laisse l'outil travailler.
  • Poste un nouveau rapport OTL ( Ne coche pas les cases LOP et Purity cette fois )

    +++++++++++++++++++++++++++++++++++++


    Rends toi sur ce lien : Virus Total
    analyse le fichier en gras et poste le rapport stp
    C:\WINDOWS\Fzokua.exe
    22 Août 2010 23:08:55

    Très bien mon problème est résolu ^^.
    Comment dois-je faire pour noter le poste comme résolu ?
    22 Août 2010 23:23:58

    'soir
    j'attends tes rapports. :D 
    il y a de fortes chances que l'on doive virer Fzokua.exe mais j'aimerais qu'il soit remonté aux editeurs d'antivirus avant .
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS