Se connecter / S'enregistrer
Votre question

Rapport HijackThis

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Avril 2010 23:34:57

Mon PC est infecté , voici le rapport HijackThis . Je vous remercie de bien vouloir m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:41, on 09/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Protection System\sc.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\P\Documents\Divers New\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [azmqkb] RUNDLL32.EXE C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll,w
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Security Center] C:\Program Files\Protection System\sc.exe
O4 - HKCU\..\Run: [syncman] c:\users\P\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-25871130-3353287883-3449974224-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-18\..\Run: [uxvefl] RUNDLL32.EXE C:\Windows\TEMP\mssapsmr.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [uxvefl] RUNDLL32.EXE C:\Windows\TEMP\mssapsmr.dll,w (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Sommaire de OneNote.onetoc2
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: peresvc Service (peresvc) - Neto systems - C:\Windows\system32\PereSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 8816 bytes

Autres pages sur : rapport hijackthis

9 Avril 2010 23:42:48

Bonsoir ,

Tu as une infection par un rogue :

1/Préliminaires

Désactiver l'uac sous Vista

Désactive l'UAC (User Account Control) le temps de la désinfection.
Démarrer > Panneau de configuration > Comptes d'utilisateurs > Désactiver le contrôle des comptes d'utilisateur.
(Manipulation inverse pour le remettre en fin de désinfection).
(Cela va permettre aux outils de désinfection de travailler correctement).


2/Rkill

•Téléchargez Rkill http://download.bleepingcomputer.com/grinler/rkill.com
•Double-cliquez dessus pour le lancer. Il va arrêter automatiquement tous les processus associés à Security Tool et à d'autres rogues. soyez patient car le logiciel peut prendre du temps ! Une fois terminé, le logiciel se ferme tout simplement : c'est normal . Vous pouvez passer directement à la suite de la désinfection.
•Si vous avez un message qui signale que Rkill est un indésirable, ignorez la et lancez de nouveau Rkill après désactivation du logiciel le considérant comme néfaste.

N.B: ne pas redémarrer le pc après avoir fait Rkil sans quoi l'infection pourrait se réactiver et passer à malwarebyte.


3/MBAM


•Télécharge Malwarebytes' Anti-Malware (MBAM) http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Avant tous il faut brancher tous les supports amovibles que tu possède avant de faire ce scan ( disque dur externes , clé usb ... )

•Double clique sur le fichier téléchargé
•Dans l'onglet "Mise à jour" clique sur "Recherche de mise à jour": si ton parefeu te demande de d'autoriser MBAM accepte
•Quand la mise à jour est terminé va dans l'onglet scanner
•Tu sélectionne "Exécuter un examen complet"
•Puis tu clique su"Rechercher"

L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

•L'examen s'est terminé normalement. Il te reste a cliquer sur"Afficher les résultats" pour afficher tous les objets trouvés.
•Maintenant tu clique sur "Ok"pour poursuivre.
Ferme tes navigateurs ( firefox , internet explorer , chrome , opéra...)
•Si MBAM à détecter des malwares, clique sur "Afficher les résultats".
Sélectionne tout et clique sur"Supprimer la sélection",MBAM va supprimer tous les fichiers infectés.
•Le Bloc-notes va s'ouvrir avec le rapport d'analyse>
•Fais un copier coller de ce rapport etposte-le dans ton prochain message.

4/Informations complémentaires

Quel antivirus utilise tu ? Car je vois Norton et Mc Afee
9 Avril 2010 23:46:26

Merci de m'avoir répondu si vite.
en fait Mc Afee et norton étaient installés sur la machine quand je l'ai achetée mais je n'ai pas pris l'abonnement.Ils nemarchent donc pas. Je n'ai que Windows Defender
Contenus similaires
9 Avril 2010 23:49:57

Windows defender n'est pas un antivirus , il ne faut pas chercher pourquoi tu es infecté .

Après avoir fait la manip ci dessus il faudra qu'on désinstalle Mc Afee et Norton pour installer un antivirus gratuit .
9 Avril 2010 23:57:09

Ok .

Rkill a été très rapide et à la fin j'ai eu un fichier log dans le bloc-note, est-ce normal?
Je n'aRrive pas à aller sur la page de MBAM (oups... petite erreur , explorer ne peut etc...)
9 Avril 2010 23:59:32

Si tu n'y arrive pas essai de démarrer en mode sans echec avec prise en charge du réseau tu télécharge MBAM et ensuite tu redémarre en mode normal puis tu reprend la manip .

Pour redémarrer en mode sans échec :

  • Clique sur Démarrer
  • Clique sur Arrêter
  • Sélectionne Redémarrer
  • Clique sur OK
  • Appuie sur la touche F8 dès qu'un écran de texte apparaît puis disparaît
  • Utilise les touches de direction pour sélectionner le mode sans échec voulu, puis appuie sur ENTRÉE

    10 Avril 2010 00:11:03

    il ne me propose pas le mode sans echec , j'ai sata,cd, 4 fois USB ...
    10 Avril 2010 00:15:27

    Sur certains ordinateurs, c’est la touche F5 qu’il convient d’utiliser.

    Donc sinon en mode normal il est impossible que tu télécharge MBAM ?
    10 Avril 2010 00:35:45

    Et avec F5 pas de mode sans echec ?
    Tu n'a pas de moyens de le télécharger autrement ?

    Si tu peux réalise cette analyse complémentaire :

    • Télécharge ZHPDiag(de Nicolas Coolman) http://telechargement.zebulon.fr/zhpdiag.html
    • Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    • Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    • Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette >
    • Héberge le rapport ZHPDiag.txt sur http://www.cijoint.fr/ puis copie/collele lien fourni dans ta prochaine réponse sur le forum
    10 Avril 2010 00:37:16

    j'ai réussi à démarrer en mode sans echec maiss alors je n'ai plus de connexion internet...
    10 Avril 2010 00:54:16

    On va essayer une autre méthode par contre je vais me coucher .

    •Télécharger OTMOVEIT http://oldtimer.geekstogo.com/OTM.exe
    •Enregistrer ce fichier sur le Bureau.
    •Faire un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
    •Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL+ C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

    1. :processes
    2.  
    3. explorer.exe
    4.  
    5. :files
    6. c:\windows\system32\wuaucldt.exe
    7. c:\program files\protection system\sc.exe
    8. c:\windows\system32\w.exe
    9. c:\windows\sc.exe
    10.  
    11. :reg
    12. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    13. "syncman"=-
    14. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    15. "Security Center"=-
    16.  
    17. :commands
    18.  
    19. [emptytemp]
    20.  
    21. [start explorer]
    22.  
    23. [reboot]


    •Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la zone "Paste List Instruction for Items to be Moved" (sous la barre bleu clair) puis choisir Coller.
    •Cliquer sur le bouton rouge Moveit!.
    •Fermer OTMoveIt3
    •Reviens sur le forum, et poste le rapport généré. Celui-ci se trouve ici : C:\_OTMoveIt\MovedFiles, poster le rapport le plus récent.
    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

    Ensuite essai de reprendre la manip avec Rkill et MBAM .

    A demain
    10 Avril 2010 01:04:05

    ça y est j'ai réussi à télécharger mbam il fallait démarrer en mode sans échec avec prise en charge réseau
    10 Avril 2010 01:42:53

    Et oui comme je te l'ai dis ci dessus

    Citation :
    Si tu n'y arrive pas essai de démarrer en mode sans echec avec prise en charge du réseau tu télécharge MBAM et ensuite tu redémarre en mode normal puis tu reprend la manip .

    Pour redémarrer en mode sans échec :

  • Clique sur Démarrer
  • Clique sur Arrêter
  • Sélectionne Redémarrer
  • Clique sur OK
  • Appuie sur la touche F8 dès qu'un écran de texte apparaît puis disparaît
  • Utilise les touches de direction pour sélectionner le mode sans échec voulu, puis appuie sur ENTRÉE
    10 Avril 2010 02:03:04

    Du coup j'ai fini l'analyse avec mbam sans passer par OTMovieIt3

    Voici le rapport mbam:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 3973

    Windows 6.0.6001 Service Pack 1 (Safe Mode)
    Internet Explorer 7.0.6001.18000

    10/04/2010 01:54:54
    mbam-log-2010-04-10 (01-54-54).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|)
    Elément(s) analysé(s): 285094
    Temps écoulé: 44 minute(s), 34 seconde(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 16
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 114

    Processus mémoire infecté(s):
    c:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Local\Temp\VRT1518.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\SC.INS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\2664,256.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\System32\8833,124.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCA0FO0T1.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCA21M9QM.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAJKKNEB.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCANEPHUI.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAP1S88F.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAQKJA8Z.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAOSET0H.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAZEP31B.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA1CZRSL.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA7J485V.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCAACHZ4V.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCAP0YVMI.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\wCAZNCRBN.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\syubvo.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_133245647419.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_47666247813.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_593671430200.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_8948697515.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\tmp0_516790841472.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\tmp0_874621837604.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT1333.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT19A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT1FF1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT2146.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT57F1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT6F4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA3BE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA563.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA90A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTCD3D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD578.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD6B0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD74C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTEDD8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTF6EE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTFD14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTFDCF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Protection System\sc.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Windows\System32\grouppolicy\User\Scripts\Logon\autorun.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Users\P\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    10 Avril 2010 02:11:56

    euh à la fin de la supression mbam m'a dit que pour finir la suppression il fallait redémarrer.J'ai cliqué oui eu au redémarrage j'ai un ecran tout bleu avec "une modification non autorisée a été apportée à windows" puis Ca me dit qu'une limitation des fonctionnalités de windows . Et il y a un lien vers un site de microsoft qui me propose de corriger windows ... c'est normal tout ça?
    10 Avril 2010 02:32:42

    Après avoir cliqué sur leur lien microsoft me dit qu'il ne peut valider ma version windows..
    J'avais redémarré normalement et j'ai effectué un autre redémarrage en mode sans echec car tout était bleu... Mais j'ai pas vu que Mbam finissait son travail de suppression comme il m'avait dit qu'il le ferait après redémarrage...
    Bref je comprends plus grand'chose là, j'attends donc...
    10 Avril 2010 03:12:33

    Bon j'ai fait une rastauration du systeme et je n'ai plus d'écran bleu. Je recommence la manip depuis le début. Je te poste tous les résulats au fur et à mesure .
    10 Avril 2010 03:24:09

    rapport HijackThis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:15:59, on 10/04/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wermgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Protection System\sc.exe
    C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\P\Documents\Divers New\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
    O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [azmqkb] RUNDLL32.EXE C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll,w
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Security Center] C:\Program Files\Protection System\sc.exe
    O4 - HKCU\..\Run: [syncman] c:\users\P\wuaucldt.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [uxvefl] RUNDLL32.EXE C:\Windows\TEMP\mssapsmr.dll,w (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [uxvefl] RUNDLL32.EXE C:\Windows\TEMP\mssapsmr.dll,w (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: Sommaire de OneNote.onetoc2
    O4 - Global Startup: McAfee Security Scan.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: peresvc Service (peresvc) - Neto systems - C:\Windows\system32\PereSvc.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

    --
    End of file - 8788 bytes
    10 Avril 2010 03:53:09

    Au bout de 3 secondes rkill s'arrête et me laisse un fichier log , le voici :

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as P on 10/04/2010 at 3:51:02.


    Processes terminated by Rkill or while it was running:


    C:\Users\P\Documents\Divers New\rkill.com


    Rkill completed on 10/04/2010 at 3:51:08.
    10 Avril 2010 05:24:23

    Voici le rapport d'analyse Mbam , cette fois je n'ai plus d'écran bleu après le scan. Les éléments ne me semblent qu'en quarantaine,pas supprimés car on peut les restaurer... Le pc marche mieux mais j'ai encore des "... a cessé de fonctionner" souvent et des applications qui ne s'ouvrent plus avec cette erreur : 0xc000007b

    Comment savoir ce que c'est et si windows est propre...?

    En attendant voici le rapport d'analyse mbam:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 3973

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    10/04/2010 05:09:15
    mbam-log-2010-04-10 (05-09-15).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|)
    Elément(s) analysé(s): 281857
    Temps écoulé: 1 heure(s), 11 minute(s), 16 seconde(s)

    Processus mémoire infecté(s): 4
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 16
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 125

    Processus mémoire infecté(s):
    C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.
    c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\Program Files\Protection System\sc.exe (Rogue.ProtectionSystem) -> Unloaded process successfully.
    C:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\syubvo.dll (Trojan.Agent) -> Delete on reboot.
    c:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\syubvo.dll (Trojan.Agent) -> Delete on reboot.
    c:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Local\Temp\VRT1518.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\SC.INS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\2664,256.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\BtwSvc.dllx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\8833,124.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCA0FO0T1.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCA21M9QM.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCA3I7C7M.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAJKKNEB.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCANEPHUI.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAP1S88F.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\wCAQKJA8Z.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99CU6T5H\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCA4HXGM9.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAIVV1X4.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAMVFD8N.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAOSET0H.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\wCAZEP31B.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5NJHRR\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA1CZRSL.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA7J485V.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA7P6M24.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCA9KDKS7.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCAACHZ4V.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCAAWR6H4.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\wCAP0YVMI.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\wCADCFE7W.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\wCAEY1ALL.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\wCAZNCRBN.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVTOQN6U\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\kwqnhx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_133245647419.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_47666247813.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_593671430200.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_8948697515.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD578.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD6B0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTD74C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTE04.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTEDD8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTF6EE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTFCF4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTFD14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTFDCF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\tmp0_516790841472.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\tmp0_874621837604.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT1333.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT19A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT1FF1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT2146.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT2EDD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT5215.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT57F1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT625A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT6F4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA3BE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA563.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTA90A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTADBC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTB126.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTC8FA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTCD3D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Program Files\Protection System\sc.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
    C:\Windows\System32\grouppolicy\User\Scripts\Logon\autorun.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Users\P\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    11 Avril 2010 00:54:31

    Bonsoir ,

    Désoler pour le retard je n'ai pas pu me connecter aujourd'hui .

    Réalise maintenant un nouveau scan avec ZHPDIAG puis poste le .
    11 Avril 2010 03:36:25

    Rapport de ZHPDiag v1.25.1351 par Nicolas Coolman
    Run by P at 11/04/2010 03:32:15
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...

    ---\\ Web Browser
    MSIE: Internet Explorer v7.0.6001.18000
    MFIE: Mozilla Firefox (3.5.8)

    ---\\ System Information
    Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
    Processor: x86 Family 16 Model 2 Stepping 2, AuthenticAMD
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3326 MB (69% free)
    System drive C: has 19 GB (2%) free of 917 GB

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 917 Go)
    D:\ CD-ROM drive (Not Inserted)
    E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    J:\ Hard drive, Flash drive, Thumb drive (Free 165 Go of 932 Go)


    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK


    ---\\ Processus lancés
    [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
    [MD5.CB2B9EB1447D8A264E46948DF46C1212] - (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136]
    [MD5.69B16C7B7746BA5C642FC05B3561FC73] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672]
    [MD5.DF0BCFC6969B41CAAE34EE579AC99784] - (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll [13584928]
    [MD5.80C56BAAC85F4EAD59D2B0535D32B3C8] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Winamp\winampa.exe [58368]
    [MD5.D69F1F7AF95431DB48ACD71DE238BAC8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [200749]
    [MD5.C8341C2E7C22F19005FEF3ADD91E0567] - (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\wuaucldt.exe [29493]
    [MD5.922320B4C3ECAACCD0D92BE23C5E5D0A] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136]
    [MD5.28B3C8B673A097DC1638D0D5AF32A3D3] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe [146432]
    [MD5.5E3047C6A366FDC18BED71F9EECFEE09] - (.Pas de propriétaire - Pas de description.) -- C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll [36865]
    [MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856]
    [MD5.DB3A6B0F5162955EC63ECEE4087890B8] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [319792]
    [MD5.4B61156ED8362D8BF95EB434275F607B] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll [36865]
    [MD5.E2164B1D90D5220EFADB9598180D3723] - (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe [49717]
    [MD5.7D3ED7C5A63B0F32BB25A5FF854ED6A2] - (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe [1254400]
    [MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832]
    [MD5.3794B461C45882E06856F282EEF025AF] - (.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe [21504]
    [MD5.B886D349AFAD502DE4F6EA0C64B1CC4D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [655360]
    [MD5.23112102BC2A8FE44B8AC44A05BDF4C3] - (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576]
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
    [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120]
    [MD5.40D7D0A208EE863BCA8D89E299216F15] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [877864]
    [MD5.80F4654CF53C43E5B2F7FCB1802CCD2D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.5.) -- C:\Windows\system32\nvvsvc.exe [203296]
    [MD5.C192212A7513C4AD8F98B5A70407A485] - (.Neto systems - Neto systems.) -- C:\Windows\system32\PereSvc.exe [66048]
    [MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\system32\IoctlSvc.exe [81920]
    [MD5.DCF733788C7D088D814E5F80EB4B3E0F] - (.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe [9728]
    [MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488]
    [MD5.846CDF9A3CF4DA9B306ADFB7D55EE4C2] - (.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\System32\spoolsv.exe [125952]
    [MD5.7778BDFA3F6F6FBA0E75B9594098F737] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) -- C:\Windows\system32\SearchIndexer.exe [439808]


    ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=explorer.exe


    ---\\ Pages de recherche d'Internet Explorer (R1)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    ---\\ Internet Explorer URLSearchHook (R3)
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\system32\ieframe.dll


    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll


    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


    ---\\ Applications démarrées automatiquement par le registre (O4)
    O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
    O4 - HKLM\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
    O4 - HKLM\..\Run: [WinampAgent] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    O4 - HKLM\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\wuaucldt.exe
    O4 - HKCU\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [azmqkb] . (.Pas de propriétaire - Pas de description.) -- C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll
    O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
    O4 - HKUS\S-1-5-18\..\Run: [aholbs] . (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll
    O4 - HKUS\S-1-5-18\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe
    O4 - HKUS\S-1-5-18\..\Run: [aholbs] . (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll
    O4 - HKUS\S-1-5-18\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - Global Startup: OneNote 2007 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Sommaire de OneNote.onetoc2 . (.Pas de propriétaire - Pas de description.) -- C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sommaire de OneNote.onetoc2


    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe
    O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll


    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO


    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll


    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Empowering Technology Service (ETService) . (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.5.) - C:\Windows\system32\nvvsvc.exe
    O23 - Service: peresvc Service (peresvc) . (.Neto systems - Neto systems.) - C:\Windows\system32\PereSvc.exe
    O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\system32\IoctlSvc.exe


    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job


    ---\\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 - ASIC: Adobe Shockwave Director 10.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\Windows\System32\Macromed\Director\SwDir.dll
    O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r42.) -- C:\Windows\system32\Macromed\Flash\Flash10d.ocx


    ---\\ Logiciels installés (O42)
    O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.)
    O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.)
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Photoshop Elements 6.0 - (.Adobe Systems, Inc..)
    O42 - Logiciel: Adobe Reader 9 - Français - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..)
    O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.)
    O42 - Logiciel: BitTornado 0.2.0 - (.John Hoffman.)
    O42 - Logiciel: CCleaner - (.Piriform.)
    O42 - Logiciel: DC++ 0.750 - (.Jacek Sieka.)
    O42 - Logiciel: DivX Player - (.Pas de propriétaire.)
    O42 - Logiciel: DivX Pro Codec Adware - (.Pas de propriétaire.)
    O42 - Logiciel: EasyBits Magic Desktop - (.Pas de propriétaire.)
    O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..)
    O42 - Logiciel: Google Update Helper - (.Google Inc..)
    O42 - Logiciel: HDReg France - (.Acxiom.)
    O42 - Logiciel: Huffyuv AVI lossless video codec (Remove Only) - (.Pas de propriétaire.)
    O42 - Logiciel: K-Lite Codec Pack 4.1.4 (Full) - (.Pas de propriétaire.)
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)
    O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.)
    O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.)
    O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.)
    O42 - Logiciel: MetaBoli - (.Pas de propriétaire.)
    O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Home and Student - (.Pas de propriétaire.)
    O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Suite Activation Assistant - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Works 9.0 SE - (.Pas de propriétaire.)
    O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Mozilla Firefox (3.5.8) - (.Mozilla.)
    O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.)
    O42 - Logiciel: Nero 8 Essentials - (.Nero AG.)
    O42 - Logiciel: PG583_32_inf - (.YUAN.)
    O42 - Logiciel: Package de pilotes Windows - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42) - (.YUAN High-Tech Development Co. Ltd..)
    O42 - Logiciel: Packard Bell ImageWriter - (.Pas de propriétaire.)
    O42 - Logiciel: Packard Bell Recovery Management - (.Acer Incorporated.)
    O42 - Logiciel: Packard Bell Updator - (.Pas de propriétaire.)
    O42 - Logiciel: Project64 1.6 - (.Project64.)
    O42 - Logiciel: RealPlayer - (.Pas de propriétaire.)
    O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..)
    O42 - Logiciel: Setup My PC - (.Pas de propriétaire.)
    O42 - Logiciel: SopCast 3.0.3 - (.SopCast.com.)
    O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.)
    O42 - Logiciel: Update for Office 2007 (KB946691) - (.Microsoft.)
    O42 - Logiciel: Veetle TV 0.9.16 - (.Veetle, Inc.)
    O42 - Logiciel: VideoLAN VLC media player 0.8.4a - (.VideoLAN Team.)
    O42 - Logiciel: Winamp - (.Nullsoft, Inc.)
    O42 - Logiciel: adsl TV - (.Pas de propriétaire.)
    O42 - Logiciel: eMule - (.Pas de propriétaire.)
    O42 - Logiciel: neroxml - (.Nero AG.)
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.)

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\7-Zip]
    [HKCU\Software\AC3filter]
    [HKCU\Software\AcerUtil]
    [HKCU\Software\Adobe]
    [HKCU\Software\Ahead]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Auslogics]
    [HKCU\Software\BitTorrent]
    [HKCU\Software\Classes]
    [HKCU\Software\DSP-worx]
    [HKCU\Software\DivXNetworks]
    [HKCU\Software\Elecard]
    [HKCU\Software\GNU]
    [HKCU\Software\GSpot Appliance Corp]
    [HKCU\Software\Gabest]
    [HKCU\Software\Google]
    [HKCU\Software\Haali]
    [HKCU\Software\Intel]
    [HKCU\Software\JaboSoft]
    [HKCU\Software\Ligos]
    [HKCU\Software\Local AppWizard-Generated Applications]
    [HKCU\Software\Macromedia]
    [HKCU\Software\MainConcept (HCW)]
    [HKCU\Software\MainConcept]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\MediaInfo]
    [HKCU\Software\N64 Emulation]
    [HKCU\Software\NVIDIA Corporation]
    [HKCU\Software\Nero]
    [HKCU\Software\Netscape]
    [HKCU\Software\O&O]
    [HKCU\Software\ODBC]
    [HKCU\Software\Packard Bell]
    [HKCU\Software\Pinnacle Systems]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\RealNetworks]
    [HKCU\Software\Realtek]
    [HKCU\Software\Trolltech]
    [HKCU\Software\VOB]
    [HKCU\Software\Veetle]
    [HKCU\Software\Winamp]
    [HKCU\Software\XviD MPEG4 Codec]
    [HKCU\Software\Yahoo]
    [HKCU\Software\eMule]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\Acer Incorporated]
    [HKLM\Software\Acer]
    [HKLM\Software\Adobe]
    [HKLM\Software\Ahead]
    [HKLM\Software\Audible]
    [HKLM\Software\Brooktree]
    [HKLM\Software\CDDB]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Codec Tweak Tool]
    [HKLM\Software\Digital River]
    [HKLM\Software\DivXNetworks]
    [HKLM\Software\EasyBits]
    [HKLM\Software\GNU]
    [HKLM\Software\Gabest]
    [HKLM\Software\Google]
    [HKLM\Software\HaaliMkx]
    [HKLM\Software\Hauppauge]
    [HKLM\Software\Intel]
    [HKLM\Software\InterVideo]
    [HKLM\Software\KLCodecPack]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Macrovision]
    [HKLM\Software\Magnet]
    [HKLM\Software\McAfee.com]
    [HKLM\Software\MetaBoli]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\NVIDIA Corporation]
    [HKLM\Software\NeroDigital]
    [HKLM\Software\Nero]
    [HKLM\Software\Nullsoft]
    [HKLM\Software\O&O]
    [HKLM\Software\ODBC]
    [HKLM\Software\OemSetup]
    [HKLM\Software\PACKARD BELL]
    [HKLM\Software\Packard Bell ImageWriter]
    [HKLM\Software\Packard Bell Updator]
    [HKLM\Software\Pinnacle Systems]
    [HKLM\Software\Policies]
    [HKLM\Software\RealNetworks]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\RichFX]
    [HKLM\Software\S3R521]
    [HKLM\Software\SRS Labs]
    [HKLM\Software\Sonic]
    [HKLM\Software\Trad-FR]
    [HKLM\Software\TrendMicro]
    [HKLM\Software\Veetle]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\Volatile]
    [HKLM\Software\WOW6432Node]
    [HKLM\Software\Waves Audio]
    [HKLM\Software\Xing Technology Corp.]
    [HKLM\Software\Yahoo]
    [HKLM\Software\mozilla.org]


    ---\\ Contenu des dossiers Fichiers Communs (O43)
    O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
    O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV
    O43 - CFD:Common File Directory ----D- C:\Program Files\ATI
    O43 - CFD:Common File Directory ----D- C:\Program Files\Auslogics
    O43 - CFD:Common File Directory ----D- C:\Program Files\BitTornado
    O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
    O43 - CFD:Common File Directory ----D- C:\Program Files\DC++
    O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
    O43 - CFD:Common File Directory ----D- C:\Program Files\Direct Connect
    O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
    O43 - CFD:Common File Directory ----D- C:\Program Files\EasyBits For Kids
    O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
    O43 - CFD:Common File Directory ----D- C:\Program Files\ffdshow
    O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs
    O43 - CFD:Common File Directory ----D- C:\Program Files\Google
    O43 - CFD:Common File Directory ----D- C:\Program Files\HDReg
    O43 - CFD:Common File Directory ----D- C:\Program Files\InstallShield Installation Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
    O43 - CFD:Common File Directory ----D- C:\Program Files\JkDefrag
    O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
    O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
    O43 - CFD:Common File Directory ----D- C:\Program Files\McAfee Security Scan
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Suite Activation Assistant
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
    O43 - CFD:Common File Directory ----D- C:\Program Files\Morgan
    O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
    O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\PACKARD BELL
    O43 - CFD:Common File Directory ----D- C:\Program Files\Project64 1.6
    O43 - CFD:Common File Directory ----D- C:\Program Files\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
    O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
    O43 - CFD:Common File Directory ----D- C:\Program Files\SopCast
    O43 - CFD:Common File Directory ----D- C:\Program Files\StreamTorrent 1.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
    O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
    O43 - CFD:Common File Directory ----D- C:\Program Files\Veetle
    O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
    O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
    O43 - CFD:Common File Directory ----D- C:\Program Files\WinTV
    O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
    O43 - CFD:Common File Directory ----D- C:\Program Files\YUAN
    O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\microsoft shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PX Storage Engine
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\xing shared


    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.8BF37431A7EB2D103E00E448139475B1] - 11/04/2010 - 02:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1478524]
    O44 - LFC:[MD5.63A5E0E461888728F406827F6F62C692] - 11/04/2010 - 02:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [101896]
    O44 - LFC:[MD5.1B674C3B120E2FDD985C505E87EE99C4] - 11/04/2010 - 02:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat [124228]
    O44 - LFC:[MD5.BA1C1A1F1719DD3FC1A44E6DEC627626] - 11/04/2010 - 02:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [589884]
    O44 - LFC:[MD5.FB97EEF2390E154C38AC139FA87D1F9B] - 11/04/2010 - 02:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat [672084]
    O44 - LFC:[MD5.00000000000000000000000000000000] - 11/04/2010 - 02:18:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1474179]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 11/04/2010 - 02:15:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\4180,719.exe [168809]
    O44 - LFC:[MD5.C8341C2E7C22F19005FEF3ADD91E0567] - 11/04/2010 - 02:15:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\wuaucldt.exe [29493]
    O44 - LFC:[MD5.DCD43425002DFAFEC7D0AF7D89C6CA06] - 11/04/2010 - 02:15:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\memory.tmp [37376]
    O44 - LFC:[MD5.00000000000000000000000000000000] - 11/04/2010 - 02:15:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\LogConfigTemp.xml [0]
    O44 - LFC:[MD5.CF7E8A18886FB9820CD57DF3E53E380E] - 11/04/2010 - 02:15:05 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
    O44 - LFC:[MD5.64D08F662B1101876F82778A83001658] - 11/04/2010 - 02:14:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [1832]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/04/2010 - 23:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [0]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/04/2010 - 23:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setuperr.log [0]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 10/04/2010 - 23:56:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1684,534.exe [168809]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 10/04/2010 - 23:39:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6511,5.exe [168809]
    O44 - LFC:[MD5.A6213BAC7D99805B212788531946E8FA] - 10/04/2010 - 23:31:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\spsys.log [1832]
    O44 - LFC:[MD5.9AE40430860CE1B5243259F35F42DEE4] - 10/04/2010 - 21:25:31 ---A- . (.aocikouul smlw - Pas de description.) -- C:\Windows\System32\d.bin [36864]
    O44 - LFC:[MD5.6873A85A50B75D0FEC4ADB91DD5873DA] - 10/04/2010 - 21:21:36 ---A- . (.dreas company - dreas Haus.) -- C:\Windows\System32\w.exe [88576]
    O44 - LFC:[MD5.67A66E26C9B4E9CD28F3FDE40DA2AB3C] - 10/04/2010 - 21:21:30 ---A- . (.dreas company - dreas Haus.) -- C:\Windows\System32\ms.bin [35840]
    O44 - LFC:[MD5.2C8F088A8EC31CFE89746D1F3CFF250E] - 10/04/2010 - 21:21:26 ---A- . (.Neto systems - Neto systems.) -- C:\Windows\System32\so.bin [45568]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 13:17:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6710,474.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 09:15:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7870,294.exe [169744]
    O44 - LFC:[MD5.1B525A5B77CEDB752AE9B81B72899800] - 10/04/2010 - 09:15:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [384400]
    O44 - LFC:[MD5.42A5560D8733B42DE2A7F288FB2A5704] - 10/04/2010 - 08:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\mbam-log-2010-04-10 (09-09-05).txt [1185]
    O44 - LFC:[MD5.858DA4DD9B42B3B27939BD7485F27F12] - 10/04/2010 - 08:02:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\mbam-log-2010-04-10 (09-02-26).txt [1850]
    O44 - LFC:[MD5.F42B1F0F8EFFDEDFAF60EFA0D6E6E73F] - 10/04/2010 - 07:56:14 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [289792]
    O44 - LFC:[MD5.5C570B80C8283AB9F866FCC61C8D1C13] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - DCI Manager.) -- C:\Windows\System32\dciman32.dll [10240]
    O44 - LFC:[MD5.E679E3A9358AFF47962B25F60F74A556] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - Font Subsetting DLL.) -- C:\Windows\System32\fontsub.dll [72704]
    O44 - LFC:[MD5.B4FC9EE12913AF77BB83F6059AF3A6E4] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - Microsoft T2Embed Font Embedding.) -- C:\Windows\System32\t2embed.dll [156672]
    O44 - LFC:[MD5.F9C65E1E00A6BBF7C57D9B8EA068C525] - 10/04/2010 - 07:55:51 ---A- . (.Microsoft Corporation - Server Network driver.) -- C:\Windows\System32\drivers\srvnet.sys [98304]
    O44 - LFC:[MD5.8E5FC19B3B38364C5F44CCECEC5248E9] - 10/04/2010 - 07:55:51 ---A- . (.Microsoft Corporation - Server driver.) -- C:\Windows\System32\drivers\srv.sys [301568]
    O44 - LFC:[MD5.2722DF0EAA13B4B363DA9753D16D2106] - 10/04/2010 - 07:55:49 ---A- . (.Microsoft Corporation - Windows Portable Device API Components.) -- C:\Windows\System32\PortableDeviceApi.dll [241152]
    O44 - LFC:[MD5.5F3971D26909736BC28ADCCCF4AF7606] - 10/04/2010 - 07:55:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\wlan.tmf [2501921]
    O44 - LFC:[MD5.AC49768B69BCFC01278FDD2D89D17FF8] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Classes d’assistance aux diagnostics de séc.) -- C:\Windows\System32\L2SecHC.dll [127488]
    O44 - LFC:[MD5.275F4346E569DF56CFB95243BD6F6FF0] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - DLL du service de configuration automatique.) -- C:\Windows\System32\wlansvc.dll [513024]
    O44 - LFC:[MD5.ABE9DEC1E78226F70F5A6D18F701AFF2] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Windows Wireless LAN 802.11 MSM DLL.) -- C:\Windows\System32\wlanmsm.dll [293376]
    O44 - LFC:[MD5.2938E3B155C2647137A1910F534E66BE] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Windows Wireless LAN 802.11 MSM Security Mo.) -- C:\Windows\System32\wlansec.dll [302592]
    O44 - LFC:[MD5.B6E8D828E9236ADCBE40FD8CFE2B5EB1] - 10/04/2010 - 07:55:06 ---A- . (.Microsoft Corporation - Services HTTP Windows.) -- C:\Windows\System32\winhttp.dll [376832]
    O44 - LFC:[MD5.35979494DABAF115F5FFA960830817DF] - 10/04/2010 - 07:55:04 ---A- . (.Microsoft Corporation - ATL Module for Windows XP (Unicode).) -- C:\Windows\System32\atl.dll [71680]
    O44 - LFC:[MD5.766DC8261DB0AC993B301DC29BD475DD] - 10/04/2010 - 07:55:01 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32.dll [296960]
    O44 - LFC:[MD5.5302026B0FADB0819009798D3F6BCD77] - 10/04/2010 - 07:54:57 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe [3546184]
    O44 - LFC:[MD5.FBA1B3594C1F691F1FA917ADE45D1DB5] - 10/04/2010 - 07:54:56 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntkrnlpa.exe [3597896]
    O44 - LFC:[MD5.6AFD7D679F04DC77722BB484D4166AFE] - 10/04/2010 - 07:54:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [396]
    O44 - LFC:[MD5.CB5F33C8225B865B3F6F7E8995E5273A] - 10/04/2010 - 07:54:53 ---A- . (.Microsoft Corporation - MS DTCOLE Transactions interface proxy DLL.) -- C:\Windows\System32\msdtcprx.dll [562176]
    O44 - LFC:[MD5.81269DEBF9341E7E402A0373ECC288E2] - 10/04/2010 - 07:54:53 ---A- . (.Microsoft Corporation - MS DTChelper APIs DLL.) -- C:\Windows\System32\xolehlp.dll [38912]
    O44 - LFC:[MD5.2AE2E1628C5D3F1C0A46A67C9FA1DF15] - 10/04/2010 - 07:54:50 ---A- . (.Microsoft Corporation - DLL du service Station de travail.) -- C:\Windows\System32\wkssvc.dll [160256]
    O44 - LFC:[MD5.B524F6323929A62EE48452B038F0E05F] - 10/04/2010 - 07:54:46 ---A- . (.Microsoft Corporation - Client ActiveX des services Terminal Server.) -- C:\Windows\System32\mstscax.dll [2066432]
    O44 - LFC:[MD5.C41551DD53FC9B7BE77AC5901E640E16] - 10/04/2010 - 07:54:43 ---A- . (.Microsoft Corporation - MSXML 3.0 SP10.) -- C:\Windows\System32\msxml3.dll [1191936]
    O44 - LFC:[MD5.F35D72BAEB8FE912637C77C07B7B8337] - 10/04/2010 - 07:54:38 ---A- . (.Microsoft Corporation - Panneau de configuration Date/Heure.) -- C:\Windows\System32\timedate.cpl [714240]
    O44 - LFC:[MD5.F1011BD3AAD22375F34CF48CACD483C1] - 10/04/2010 - 07:54:36 ---A- . (.Microsoft Corporation - Net Win32 API DLL.) -- C:\Windows\System32\netapi32.dll [466944]
    O44 - LFC:[MD5.5D62692EEB77E32F67A966F1BDEB551B] - 10/04/2010 - 07:54:10 ---A- . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll [11580928]
    O44 - LFC:[MD5.A1779DC7C088582D68ACB963A562636F] - 10/04/2010 - 07:54:00 ---A- . (.Microsoft Corporation - DLL de spouleur local.) -- C:\Windows\System32\localspl.dll [636928]
    O44 - LFC:[MD5.4C7D274A0E5266C5EEDD9DE0DFE9B8D6] - 10/04/2010 - 07:53:48 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript.dll [512000]
    O44 - LFC:[MD5.B1DD63E030763B63EE78E97054375F8E] - 10/04/2010 - 07:53:41 ---A- . (.Microsoft Corporation - Photo Metadata Handler.) -- C:\Windows\System32\PhotoMetadataHandler.dll [425472]
    O44 - LFC:[MD5.4870F4E0080FD6625B1CA3BA24894597] - 10/04/2010 - 07:53:40 ---A- . (.Microsoft Corporation - Microsoft Windows Codecs Extended Library.) -- C:\Windows\System32\WindowsCodecsExt.dll [347136]
    O44 - LFC:[MD5.A5A3089763FE03C88C20B7C26CE15DD3] - 10/04/2010 - 07:53:40 ---A- . (.Microsoft Corporation - Microsoft Windows Codecs Library.) -- C:\Windows\System32\WindowsCodecs.dll [712704]
    O44 - LFC:[MD5.60CFFD3FA1179EA8C40671604071DA06] - 10/04/2010 - 07:53:33 ---A- . (.Microsoft Corporation - Fournisseur d’impression de rendu côté clie.) -- C:\Windows\System32\win32spl.dll [443392]
    O44 - LFC:[MD5.18406CE410C1A4394FE1A8246D10567F] - 10/04/2010 - 07:53:28 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [2035712]
    O44 - LFC:[MD5.4636036E4B240C0CFA8252D9C2CD0F95] - 10/04/2010 - 07:53:05 ---A- . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll [268288]
    O44 - LFC:[MD5.CFFF4AA6802374EF1E386975398D8A67] - 10/04/2010 - 07:52:58 ---A- . (.Microsoft Corporation - Module d’aide sur la compatibilité des appl.) -- C:\Windows\System32\Apphlpdm.dll [28672]
    O44 - LFC:[MD5.ECC0008AEF9B35DA8F23714D5D0FB16F] - 10/04/2010 - 07:52:57 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\System32\GameUXLegacyGDFs.dll [4240384]
    O44 - LFC:[MD5.BA577783E8B4E2F49ED859E01C77F47B] - 10/04/2010 - 07:52:51 ---A- . (.Microsoft Corporation - ASN.1 Runtime APIs.) -- C:\Windows\System32\msasn1.dll [61440]
    O44 - LFC:[MD5.1C560CA4FBE7675D044273C6B69F3DC1] - 10/04/2010 - 07:52:48 ---A- . (.Microsoft Corporation - Assistants Connexion.) -- C:\Windows\System32\connect.dll [1645568]
    O44 - LFC:[MD5.9DE05CE950E4BC8820464F137029B358] - 10/04/2010 - 07:52:45 ---A- . (.Microsoft Corporation - Runtime d’appel de procédure distante.) -- C:\Windows\System32\rpcrt4.dll [784896]
    O44 - LFC:[MD5.4CEEB95E0B79E48B81F2DA0A6C24C64B] - 10/04/2010 - 07:52:44 ---A- . (.Microsoft Corporation - Smb 2.0 Server driver.) -- C:\Windows\System32\drivers\srv2.sys [144896]
    O44 - LFC:[MD5.1C0E2529FED8862F08BE8B562CFC3C5C] - 10/04/2010 - 07:52:42 ---A- . (.Microsoft Corporation - Accès distant PPP EAP-TLS.) -- C:\Windows\System32\rastls.dll [244224]
    O44 - LFC:[MD5.5EAAD3F8B0AFE4C5C1777DE18262FBD3] - 10/04/2010 - 07:52:41 ---A- . (.Microsoft Corporation - Accès distant PPP CHAP.) -- C:\Windows\System32\raschap.dll [281600]
    O44 - LFC:[MD5.D7F8D560FF816126F4DB520D1BDC3281] - 10/04/2010 - 07:52:39 ---A- . (.Microsoft Corporation - Web Services for Devices API DLL.) -- C:\Windows\System32\WSDApi.dll [351232]
    O44 - LFC:[MD5.FF52AC9A9E29F08D6D8B86DC33522099] - 10/04/2010 - 07:52:36 ---A- . (.Microsoft Corporation - MSXML 6.0 SP2.) -- C:\Windows\System32\msxml6.dll [1334272]
    O44 - LFC:[MD5.C2AF2DD98188E93B76F3E9B464B8029D] - 10/04/2010 - 07:52:33 ---A- . (.Microsoft Corporation - Module d'exécution DirectShow..) -- C:\Windows\System32\quartz.dll [1314816]
    O44 - LFC:[MD5.5CFCF7F40BF5FEB82CF4385AC805D538] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Codec vidéo YUV Intel Indeo(R).) -- C:\Windows\System32\iyuv_32.dll [50176]
    O44 - LFC:[MD5.2D002C07F0905B74381462E0EB926B82] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Compresseur Microsoft Vidéo 1.) -- C:\Windows\System32\msvidc32.dll [31744]
    O44 - LFC:[MD5.3ABB15BEBD3B61AC94D4C4FC8C3190CA] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Microsoft RLE Compressor.) -- C:\Windows\System32\msrle32.dll [13312]
    O44 - LFC:[MD5.2EA4F47CCF2E4F1E87363601090B3FF8] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Microsoft UYVY Video Decompressor.) -- C:\Windows\System32\msyuv.dll [22528]
    O44 - LFC:[MD5.643EA44BDDA0D52947D19DAE0BAB08DE] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Toshiba Video Codec.) -- C:\Windows\System32\tsbyuv.dll [11776]
    O44 - LFC:[MD5.102E1942B0FF8708166E716A829C8AE8] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Bibliothèque d'assistance des fichiers AVI.) -- C:\Windows\System32\avifil32.dll [91136]
    O44 - LFC:[MD5.387EF0ACFF9F82015EF509F099C03999] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Classe de fenêtre de capture AVI.) -- C:\Windows\System32\avicap32.dll [65024]
    O44 - LFC:[MD5.4E6B2E600AEB7FB2668A41AC4AA5A536] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - DLL Microsoft Video for Windows.) -- C:\Windows\System32\msvfw32.dll [123904]
    O44 - LFC:[MD5.1567C64BE8D4C8C0186A980492B15391] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Pilote MCI Video for Windows.) -- C:\Windows\System32\mciavi32.dll [82944]
    O44 - LFC:[MD5.43A448FE59022D77A2535A6FC2D825B9] - 10/04/2010 - 07:52:25 ---A- . (.Microsoft Corporation - Windows Media Audio Voice Decoder.) -- C:\Windows\System32\WMSPDMOD.DLL [604672]
    O44 - LFC:[MD5.AA9496B3B8F1D3CB2D2A731BA05464E0] - 10/04/2010 - 07:47:39 ---A- . (.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- C:\Windows\System32\drivers\mrxsmb10.sys [212992]
    O44 - LFC:[MD5.66592E91051728C3571B0D77175686AB] - 10/04/2010 - 07:47:38 ---A- . (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\mrxsmb.sys [105472]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:37:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6525,08.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:09:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9545,71.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:05:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6086,39.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:56:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3048,059.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:51:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\8942,377.exe [169744]
    O44 - LFC:[MD5.9008608EFAF59F9F1B5146AEED955469] - 10/04/2010 - 06:48:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\license.rtf [65328]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:48:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9519,007.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 04:11:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1713,22.exe [169744]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:31:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\567,1328.exe [169563]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:27:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\2430,078.exe [169563]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:08:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1280,176.exe [169563]
    O44 - LFC:[MD5.DD82EE6D51CDDB728AF85DFE0695C89C] - 09/04/2010 - 03:36:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9694,482.exe [167535]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 05:04:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\5343,439.exe [168651]
    O44 - LFC:[MD5.5ADDE9759FBC173BA668B8E28456B965] - 08/04/2010 - 04:57:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\uninstall.log [541]
    O44 - LFC:[MD5.D30F3270B77A8B0F42D7A1F4898F0D54] - 08/04/2010 - 04:57:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\Irremote.ini [33807]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:50:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\594,446.exe [168651]
    O44 - LFC:[MD5.32371FA4C4C1DE748FD66D2052565C9B] - 08/04/2010 - 04:48:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\oodbs.lor [46120]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:35:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3038,904.exe [168651]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:16:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9478,266.exe [168651]
    O44 - LFC:[MD5.890A63A1E041CB4BB00F058EE96E42F5] - 08/04/2010 - 02:55:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3109,552.exe [168786]
    O44 - LFC:[MD5.890A63A1E041CB4BB00F058EE96E42F5] - 08/04/2010 - 01:29:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\444,2996.exe [168786]
    O44 - LFC:[MD5.E3AEC4087031D9B086DAD0D3A9556B07] - 07/04/2010 - 04:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7677,576.exe [168410]
    O44 - LFC:[MD5.E3AEC4087031D9B086DAD0D3A9556B07] - 07/04/2010 - 03:58:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\8136,866.exe [168410]
    O44 - LFC:[MD5.AD2D1BB33D661A51DFE4D0BD7A1A22A5] - 06/04/2010 - 19:27:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6252,252.exe [167554]
    O44 - LFC:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 29/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [38224]
    O44 - LFC:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 29/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [20824]
    O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 25/03/2010 - 20:15:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NeroDigital.ini [69]


    ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL


    ---\\ Export de clé d'application autorisée (ECAA) (O47)
    O47 - AAKE:Key Export SP - "C:\Windows\system32\winlogon.exe" [Enabled] .(.Microsoft Corporation - Application d'ouverture de session Windows.) -- C:\Windows\system32\winlogon.exe


    ---\\ MountPoints2 Shell Key (MPSK) (O51)
    O51 - MPSK:{ab0b1078-e29f-11de-9ace-0022683b8f7d}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- WDSetup.exe (.not file.)


    ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
    O52 - TDSD: \Drivers32\"msacm.l3acm"="L3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\L3codeca.acm
    O52 - TDSD: \Drivers32\"vidc.cvid"="ICCVID.DLL" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\ICCVID.DLL
    O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\Windows\System32\vorbis.acm
    O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\divx.dll
    O52 - TDSD: \Drivers32\"VIDC.VP60"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP61"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll
    O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm
    O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
    O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\x264vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll
    O52 - TDSD: \Drivers32\"VIDC.HFYU"="huffyuv.dll" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll
    O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\Ir41_32.ax
    O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\ir50_32.dll
    O52 - TDSD: \Drivers32\"vidc.i263"="i263_32.drv" . (.Intel Corporation - Intel I.263 Video Driver 2.55.012.) -- C:\Windows\System32\i263_32.drv
    O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
    O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm
    O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll
    O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
    O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\iac25_32.ax"="Indeo® audio software" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"l3codecp.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Pro)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
    O52 - TDSD: \drivers.desc\"msaud32.acm"="Windows Media Audio" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msg711.acm"="Microsoft CCITT G.711 Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msgsm32.acm"="Microsoft GSM 6.10 Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"tssoft32.acm"="DSP Group TrueSpeech(TM) Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msh263.drv"="msh263.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msg723.acm"="msg723.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msh261.drv"="msh261.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vct3216.acm"="Voxware Compression Toolkit" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"pclepim1.dll"="pclepim1.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vorbis.dll"="YARKOS" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\Windows\System32\vorbis.acm
    O52 - TDSD: \drivers.desc\"m3jpeg32.dll"="Morgan Multimedia MJPEG 32-bits codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"iccvid.dll"="Cinepak Codec by Radius" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
    O52 - TDSD: \drivers.desc\"L3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Pro)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\L3codeca.acm
    O52 - TDSD: \drivers.desc\"divx.dll"="DivX 6.8.4" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vp6vfw.dll"="On2 VP6" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \drivers.desc\"vp7vfw.dll"="On2 VP7" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll
    O52 - TDSD: \drivers.desc\"mp3fhg.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional) v3.3.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX ;-) Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
    O52 - TDSD: \drivers.desc\"x264vfw.dll"="x264 H.264 Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"huffyuv.dll"="Huffyuv lossless codec" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll
    O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video 4.5" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"i263_32.drv"="Intel I.263 Video Driver 2.55.1.16" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
    O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll


    ---\\ Microsoft Control Security Providers (MCSP) (O54)
    O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=credssp.dll
    O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=credssp.dll


    ---\\ Microsoft Windows Policies System (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
    O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


    ---\\ Liste des Drivers Système (SDL) (O58)
    O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys
    O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys
    O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys
    O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys
    O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys
    O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys
    O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys
    O58 - SDL:[MD5.8AE1745BFC7D383DAA3F82FE8D7BE7C0] - 09/03/2008 - 15:58:42 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys
    O58 - SDL:[MD5.4AA1EB65481C392955939E735D27118B] - 30/10/2006 - 04:23:12 ---A- . (.ATI Technologies Inc. - ATI PCIE Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie.sys
    O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys
    O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys
    O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys
    O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys
    O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
    O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys
    O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys
    O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys
    O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys
    O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys
    O58 - SDL:[MD5.4C0B029AA12CDA55C308177C2E195FC3] - 29/06/2009 - 16:04:52 ---A- . (.Hauppauge Computer Works, Inc. - WinTV-Nova-T-Mini device driver.) -- C:\Windows\system32\drivers\hcw17bda.sys
    O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys
    O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys
    O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys
    O58 - SDL:[MD5.C6E5276C00EBDEB096BB5EF4B797D1B6] - 16/07/2008 - 13:56:06 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\system32\drivers\int15.sys
    O58 - SDL:[MD5.8C7FA71CB1EBCD3EDE8958D27B1BF0B4] - 16/07/2008 - 13:56:06 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\system32\drivers\int15_64.sys
    O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys
    O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys
    O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys
    O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys
    O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys
    O58 - SDL:[MD5.23B55D27A0AFB7FE9CBCB20B617CC168] - 14/06/2007 - 14:41:00 ---A- . (.LITEON - LITEON AVSTREAM/BDA driver.) -- C:\Windows\system32\drivers\Ltn_stk7070P.sys
    O58 - SDL:[MD5.1FA7503D019291C027FEDAE509BC5500] - 13/06/2007 - 19:30:20 ---A- . (.LITEON - HID Infrared Remote Control minidriver.) -- C:\Windows\system32\drivers\Ltn_stkrc.sys
    O58 - SDL:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 30/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys
    O58 - SDL:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 30/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys
    O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys
    O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys
    O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys
    O58 -
    11 Avril 2010 10:39:01

    Bonjour,

    • Télécharge UsbFix http://www.commentcamarche.net/telecharger/telecharger-... (de Chiquitine29 & C_XX) sur ton Bureau.

    /!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    http://www.commentcamarche.net/faq/sujet-8343-vista-des...


    • Lance l'installation avec les paramètres par défaut.

    Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    • Double-clique sur le raccourci UsbFix sur ton Bureau.
    • Choisis l'option 1 (Recherche).
    • Laisse travailler l'outil.
    • Poste le rapport UsbFix.txt.


    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

    11 Avril 2010 10:48:24

    je te redonne mon rapport mbam pour savoir si je dois laisser en quarantaine ou supprimer...

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 3976

    Windows 6.0.6001 Service Pack 1 (Safe Mode)
    Internet Explorer 7.0.6001.18000

    11/04/2010 00:22:10
    mbam-log-2010-04-11 (00-22-10).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 100096
    Temps écoulé: 3 minute(s), 31 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 15
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 19

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\t4m0_814342369465.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT4E20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT5EC5.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT7E24.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTC301.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRTCC63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Users\Phil\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    11 Avril 2010 10:55:14

    Rapport USB Fix:

    ############################## | UsbFix V6.102 |


    ################## | Elements infectieux |

    C:\Windows\System32\w.exe

    ################## | Registre |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{ab0b1078-e29f-11de-9ace-0022683b8f7d}
    shell\AutoRun\command =WDSetup.exe

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné !

    ################## | ! Fin du rapport # UsbFix V6.102 ! |

    11 Avril 2010 11:06:39


    Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    • Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.
    • Choisis l'option 2 (Suppression).
    • Ton Bureau disparaîtra et le PC redémarrera.
    • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
    • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.


    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    11 Avril 2010 11:16:07

    ############################## | UsbFix V6.102 |


    ################## | Elements infectieux |

    Supprimé ! C:\Windows\System32\w.exe
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-25871130-3353287883-3449974224-1000
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-25871130-3353287883-3449974224-1003
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-25871130-3353287883-3449974224-500
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-2615618031-1473878728-100546447-500
    Supprimé ! J:\$Recycle.Bin\S-1-5-21-25871130-3353287883-3449974224-1000
    Supprimé ! J:\$Recycle.Bin\S-1-5-21-25871130-3353287883-3449974224-1003
    Supprimé ! J:\Recycler\S-1-5-21-1343024091-261903793-725345543-1003
    Supprimé ! J:\Recycler\S-1-5-21-1390067357-1637723038-725345543-1003
    Supprimé ! J:\Recycler\S-1-5-21-1993962763-1715567821-682003330-1003
    Supprimé ! J:\Recycler\S-1-5-21-448539723-1409082233-725345543-1003
    Supprimé ! J:\Recycler\S-1-5-21-448539723-602162358-682003330-1003

    ################## | Registre |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{ab0b1078-e29f-11de-9ace-0022683b8f7d}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [18/09/2006 23:43|--a------|24] C:\autoexec.bat
    [21/01/2008 04:24|-rahs----|333203] C:\bootmgr
    [16/12/2008 13:14|-ra-s----|8192] C:\BOOTSECT.BAK
    [18/09/2006 23:43|--a------|10] C:\config.sys
    [?|?|?] C:\hiberfil.sys
    [23/03/2009 17:42|-rahs----|0] C:\IO.SYS
    [23/03/2009 17:42|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [23/10/2008 10:29|---------|698] C:\RemoveCodec.iss
    [27/12/2008 13:35|--a------|426] C:\RHDSetup.log
    [10/04/2010 08:54|--a------|396] C:\rkill.log
    [08/04/2010 05:57|--a------|541] C:\uninstall.log
    [11/04/2010 11:14|--a------|1794] C:\UsbFix.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    11 Avril 2010 11:19:51

    Relance a nouveau ZHPDIAG puis poste le rapport , on va supprimer ce qui reste manuellement
    11 Avril 2010 11:24:02

    Rapport de ZHPDiag v1.25.1351 par Nicolas Coolman
    Run by P at 11/04/2010 11:21:10
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...

    ---\\ Web Browser
    MSIE: Internet Explorer v7.0.6001.18000
    MFIE: Mozilla Firefox (3.5.8)

    ---\\ System Information
    Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
    Processor: x86 Family 16 Model 2 Stepping 2, AuthenticAMD
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3326 MB (73% free)
    System drive C: has 19 GB (2%) free of 917 GB

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 917 Go)
    D:\ CD-ROM drive (Not Inserted)
    E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    J:\ Hard drive, Flash drive, Thumb drive (Free 165 Go of 932 Go)


    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK


    ---\\ Processus lancés
    [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
    [MD5.CB2B9EB1447D8A264E46948DF46C1212] - (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136]
    [MD5.69B16C7B7746BA5C642FC05B3561FC73] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672]
    [MD5.DF0BCFC6969B41CAAE34EE579AC99784] - (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll [13584928]
    [MD5.80C56BAAC85F4EAD59D2B0535D32B3C8] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Winamp\winampa.exe [58368]
    [MD5.D69F1F7AF95431DB48ACD71DE238BAC8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [200749]
    [MD5.B79A403E9F4AF804D1C151B654FE5D3F] - (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\wuaucldt.exe [29492]
    [MD5.922320B4C3ECAACCD0D92BE23C5E5D0A] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136]
    [MD5.28B3C8B673A097DC1638D0D5AF32A3D3] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe [146432]
    [MD5.5E3047C6A366FDC18BED71F9EECFEE09] - (.Pas de propriétaire - Pas de description.) -- C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll [36865]
    [MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856]
    [MD5.DB3A6B0F5162955EC63ECEE4087890B8] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [319792]
    [MD5.4B61156ED8362D8BF95EB434275F607B] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll [36865]
    [MD5.242DEE158F4168930F948E532404A98C] - (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe [49716]
    [MD5.7D3ED7C5A63B0F32BB25A5FF854ED6A2] - (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe [1254400]
    [MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832]
    [MD5.3794B461C45882E06856F282EEF025AF] - (.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe [21504]
    [MD5.B886D349AFAD502DE4F6EA0C64B1CC4D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [655360]
    [MD5.23112102BC2A8FE44B8AC44A05BDF4C3] - (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576]
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
    [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120]
    [MD5.40D7D0A208EE863BCA8D89E299216F15] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [877864]
    [MD5.80F4654CF53C43E5B2F7FCB1802CCD2D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.5.) -- C:\Windows\system32\nvvsvc.exe [203296]
    [MD5.C192212A7513C4AD8F98B5A70407A485] - (.Neto systems - Neto systems.) -- C:\Windows\system32\PereSvc.exe [66048]
    [MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\system32\IoctlSvc.exe [81920]
    [MD5.DCF733788C7D088D814E5F80EB4B3E0F] - (.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe [9728]
    [MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488]
    [MD5.846CDF9A3CF4DA9B306ADFB7D55EE4C2] - (.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\System32\spoolsv.exe [125952]
    [MD5.7778BDFA3F6F6FBA0E75B9594098F737] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) -- C:\Windows\system32\SearchIndexer.exe [439808]


    ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=explorer.exe


    ---\\ Pages de recherche d'Internet Explorer (R1)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    ---\\ Internet Explorer URLSearchHook (R3)
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\system32\ieframe.dll


    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll


    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


    ---\\ Applications démarrées automatiquement par le registre (O4)
    O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
    O4 - HKLM\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
    O4 - HKLM\..\Run: [WinampAgent] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    O4 - HKLM\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\wuaucldt.exe
    O4 - HKCU\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [azmqkb] . (.Pas de propriétaire - Pas de description.) -- C:\Users\ROMAIN~1\AppData\Local\Temp\msbkcmph.dll
    O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
    O4 - HKUS\S-1-5-18\..\Run: [aholbs] . (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll
    O4 - HKUS\S-1-5-18\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe
    O4 - HKUS\S-1-5-18\..\Run: [aholbs] . (.Pas de propriétaire - Pas de description.) -- C:\Windows\TEMP\msepdlkp.dll
    O4 - HKUS\S-1-5-18\..\Run: [syncman] . (.Pas de propriétaire - Pas de description.) -- c:\windows\system32\config\systemprofile\wuaucldt.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - Global Startup: OneNote 2007 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Sommaire de OneNote.onetoc2 . (.Pas de propriétaire - Pas de description.) -- C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sommaire de OneNote.onetoc2


    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe
    O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll


    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO


    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll


    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Empowering Technology Service (ETService) . (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.5.) - C:\Windows\system32\nvvsvc.exe
    O23 - Service: peresvc Service (peresvc) . (.Neto systems - Neto systems.) - C:\Windows\system32\PereSvc.exe
    O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\system32\IoctlSvc.exe


    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job


    ---\\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 - ASIC: Adobe Shockwave Director 10.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\Windows\System32\Macromed\Director\SwDir.dll
    O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r42.) -- C:\Windows\system32\Macromed\Flash\Flash10d.ocx


    ---\\ Logiciels installés (O42)
    O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.)
    O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.)
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Photoshop Elements 6.0 - (.Adobe Systems, Inc..)
    O42 - Logiciel: Adobe Reader 9 - Français - (.Adobe Systems Incorporated.)
    O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..)
    O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.)
    O42 - Logiciel: BitTornado 0.2.0 - (.John Hoffman.)
    O42 - Logiciel: CCleaner - (.Piriform.)
    O42 - Logiciel: DC++ 0.750 - (.Jacek Sieka.)
    O42 - Logiciel: DivX Player - (.Pas de propriétaire.)
    O42 - Logiciel: DivX Pro Codec Adware - (.Pas de propriétaire.)
    O42 - Logiciel: EasyBits Magic Desktop - (.Pas de propriétaire.)
    O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..)
    O42 - Logiciel: Google Update Helper - (.Google Inc..)
    O42 - Logiciel: HDReg France - (.Acxiom.)
    O42 - Logiciel: Huffyuv AVI lossless video codec (Remove Only) - (.Pas de propriétaire.)
    O42 - Logiciel: K-Lite Codec Pack 4.1.4 (Full) - (.Pas de propriétaire.)
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)
    O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.)
    O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.)
    O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.)
    O42 - Logiciel: MetaBoli - (.Pas de propriétaire.)
    O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Home and Student - (.Pas de propriétaire.)
    O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Suite Activation Assistant - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.)
    O42 - Logiciel: Microsoft Works 9.0 SE - (.Pas de propriétaire.)
    O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.)
    O42 - Logiciel: Mozilla Firefox (3.5.8) - (.Mozilla.)
    O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.)
    O42 - Logiciel: Nero 8 Essentials - (.Nero AG.)
    O42 - Logiciel: PG583_32_inf - (.YUAN.)
    O42 - Logiciel: Package de pilotes Windows - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42) - (.YUAN High-Tech Development Co. Ltd..)
    O42 - Logiciel: Packard Bell ImageWriter - (.Pas de propriétaire.)
    O42 - Logiciel: Packard Bell Recovery Management - (.Acer Incorporated.)
    O42 - Logiciel: Packard Bell Updator - (.Pas de propriétaire.)
    O42 - Logiciel: Project64 1.6 - (.Project64.)
    O42 - Logiciel: RealPlayer - (.Pas de propriétaire.)
    O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..)
    O42 - Logiciel: Setup My PC - (.Pas de propriétaire.)
    O42 - Logiciel: SopCast 3.0.3 - (.SopCast.com.)
    O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.)
    O42 - Logiciel: Update for Office 2007 (KB946691) - (.Microsoft.)
    O42 - Logiciel: Veetle TV 0.9.16 - (.Veetle, Inc.)
    O42 - Logiciel: VideoLAN VLC media player 0.8.4a - (.VideoLAN Team.)
    O42 - Logiciel: Winamp - (.Nullsoft, Inc.)
    O42 - Logiciel: adsl TV - (.Pas de propriétaire.)
    O42 - Logiciel: eMule - (.Pas de propriétaire.)
    O42 - Logiciel: neroxml - (.Nero AG.)
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.)

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\7-Zip]
    [HKCU\Software\AC3filter]
    [HKCU\Software\AcerUtil]
    [HKCU\Software\Adobe]
    [HKCU\Software\Ahead]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Auslogics]
    [HKCU\Software\BitTorrent]
    [HKCU\Software\Classes]
    [HKCU\Software\DSP-worx]
    [HKCU\Software\DivXNetworks]
    [HKCU\Software\Elecard]
    [HKCU\Software\GNU]
    [HKCU\Software\GSpot Appliance Corp]
    [HKCU\Software\Gabest]
    [HKCU\Software\Google]
    [HKCU\Software\Haali]
    [HKCU\Software\Intel]
    [HKCU\Software\JaboSoft]
    [HKCU\Software\Ligos]
    [HKCU\Software\Local AppWizard-Generated Applications]
    [HKCU\Software\Macromedia]
    [HKCU\Software\MainConcept (HCW)]
    [HKCU\Software\MainConcept]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\MediaInfo]
    [HKCU\Software\N64 Emulation]
    [HKCU\Software\NVIDIA Corporation]
    [HKCU\Software\Nero]
    [HKCU\Software\Netscape]
    [HKCU\Software\O&O]
    [HKCU\Software\ODBC]
    [HKCU\Software\Packard Bell]
    [HKCU\Software\Pinnacle Systems]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\RealNetworks]
    [HKCU\Software\Realtek]
    [HKCU\Software\Trolltech]
    [HKCU\Software\VOB]
    [HKCU\Software\Veetle]
    [HKCU\Software\WinRAR SFX]
    [HKCU\Software\Winamp]
    [HKCU\Software\XviD MPEG4 Codec]
    [HKCU\Software\Yahoo]
    [HKCU\Software\eMule]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\Acer Incorporated]
    [HKLM\Software\Acer]
    [HKLM\Software\Adobe]
    [HKLM\Software\Ahead]
    [HKLM\Software\Audible]
    [HKLM\Software\Brooktree]
    [HKLM\Software\CDDB]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Codec Tweak Tool]
    [HKLM\Software\Digital River]
    [HKLM\Software\DivXNetworks]
    [HKLM\Software\EasyBits]
    [HKLM\Software\GNU]
    [HKLM\Software\Gabest]
    [HKLM\Software\Google]
    [HKLM\Software\HaaliMkx]
    [HKLM\Software\Hauppauge]
    [HKLM\Software\Intel]
    [HKLM\Software\InterVideo]
    [HKLM\Software\KLCodecPack]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Macrovision]
    [HKLM\Software\Magnet]
    [HKLM\Software\McAfee.com]
    [HKLM\Software\MetaBoli]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\NVIDIA Corporation]
    [HKLM\Software\NeroDigital]
    [HKLM\Software\Nero]
    [HKLM\Software\Nullsoft]
    [HKLM\Software\O&O]
    [HKLM\Software\ODBC]
    [HKLM\Software\OemSetup]
    [HKLM\Software\PACKARD BELL]
    [HKLM\Software\Packard Bell ImageWriter]
    [HKLM\Software\Packard Bell Updator]
    [HKLM\Software\Pinnacle Systems]
    [HKLM\Software\Policies]
    [HKLM\Software\RealNetworks]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\RichFX]
    [HKLM\Software\S3R521]
    [HKLM\Software\SRS Labs]
    [HKLM\Software\Sonic]
    [HKLM\Software\Trad-FR]
    [HKLM\Software\TrendMicro]
    [HKLM\Software\Veetle]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\Volatile]
    [HKLM\Software\WOW6432Node]
    [HKLM\Software\Waves Audio]
    [HKLM\Software\Xing Technology Corp.]
    [HKLM\Software\Yahoo]
    [HKLM\Software\mozilla.org]


    ---\\ Contenu des dossiers Fichiers Communs (O43)
    O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
    O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV
    O43 - CFD:Common File Directory ----D- C:\Program Files\ATI
    O43 - CFD:Common File Directory ----D- C:\Program Files\Auslogics
    O43 - CFD:Common File Directory ----D- C:\Program Files\BitTornado
    O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
    O43 - CFD:Common File Directory ----D- C:\Program Files\DC++
    O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
    O43 - CFD:Common File Directory ----D- C:\Program Files\Direct Connect
    O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
    O43 - CFD:Common File Directory ----D- C:\Program Files\EasyBits For Kids
    O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
    O43 - CFD:Common File Directory ----D- C:\Program Files\ffdshow
    O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs
    O43 - CFD:Common File Directory ----D- C:\Program Files\Google
    O43 - CFD:Common File Directory ----D- C:\Program Files\HDReg
    O43 - CFD:Common File Directory ----D- C:\Program Files\InstallShield Installation Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
    O43 - CFD:Common File Directory ----D- C:\Program Files\JkDefrag
    O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
    O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
    O43 - CFD:Common File Directory ----D- C:\Program Files\McAfee Security Scan
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Suite Activation Assistant
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
    O43 - CFD:Common File Directory ----D- C:\Program Files\Morgan
    O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
    O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\PACKARD BELL
    O43 - CFD:Common File Directory ----D- C:\Program Files\Project64 1.6
    O43 - CFD:Common File Directory ----D- C:\Program Files\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
    O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
    O43 - CFD:Common File Directory ----D- C:\Program Files\SopCast
    O43 - CFD:Common File Directory ----D- C:\Program Files\StreamTorrent 1.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
    O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
    O43 - CFD:Common File Directory ----D- C:\Program Files\Veetle
    O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
    O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
    O43 - CFD:Common File Directory ----D- C:\Program Files\WinTV
    O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
    O43 - CFD:Common File Directory ----D- C:\Program Files\YUAN
    O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\microsoft shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PX Storage Engine
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
    O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\xing shared


    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.2DE80A1DDE5CE1C42F1EAF8C2086738E] - 11/04/2010 - 10:17:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [2274]
    O44 - LFC:[MD5.8BF37431A7EB2D103E00E448139475B1] - 11/04/2010 - 10:17:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1478524]
    O44 - LFC:[MD5.63A5E0E461888728F406827F6F62C692] - 11/04/2010 - 10:17:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [101896]
    O44 - LFC:[MD5.1B674C3B120E2FDD985C505E87EE99C4] - 11/04/2010 - 10:17:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat [124228]
    O44 - LFC:[MD5.BA1C1A1F1719DD3FC1A44E6DEC627626] - 11/04/2010 - 10:17:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [589884]
    O44 - LFC:[MD5.FB97EEF2390E154C38AC139FA87D1F9B] - 11/04/2010 - 10:17:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat [672084]
    O44 - LFC:[MD5.9D9675F9C4A5904C6350A98BEAA1B98D] - 11/04/2010 - 10:14:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix_Upload_Me_PC-de-ROMAIN.zip [51343]
    O44 - LFC:[MD5.00000000000000000000000000000000] - 11/04/2010 - 10:12:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1476989]
    O44 - LFC:[MD5.B79A403E9F4AF804D1C151B654FE5D3F] - 11/04/2010 - 10:10:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\wuaucldt.exe [29492]
    O44 - LFC:[MD5.A28FA25A7B138755731A5154A5A98155] - 11/04/2010 - 10:10:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9554,712.exe [168234]
    O44 - LFC:[MD5.00000000000000000000000000000000] - 11/04/2010 - 10:09:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\LogConfigTemp.xml [0]
    O44 - LFC:[MD5.5F3B0B2C7845B99E72E5948EE3222869] - 11/04/2010 - 10:09:42 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
    O44 - LFC:[MD5.9AE40430860CE1B5243259F35F42DEE4] - 11/04/2010 - 09:33:52 ---A- . (.aocikouul smlw - Pas de description.) -- C:\Windows\System32\d.bin [36864]
    O44 - LFC:[MD5.C445AFDB853F1DA41334DF75E6A1D959] - 11/04/2010 - 09:29:36 ---A- . (.dreas company - dreas Haus.) -- C:\Windows\System32\ms.bin [35840]
    O44 - LFC:[MD5.CEB06573C5852C68FA8BF9852A9F0574] - 11/04/2010 - 09:29:34 ---A- . (.Neto systems - Neto systems.) -- C:\Windows\System32\so.bin [45056]
    O44 - LFC:[MD5.501628DF1709B6FBCF9698A82FAB571E] - 11/04/2010 - 06:15:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\spsys.log [2088]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 11/04/2010 - 02:15:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\4180,719.exe [168809]
    O44 - LFC:[MD5.64D08F662B1101876F82778A83001658] - 11/04/2010 - 02:14:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [1832]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/04/2010 - 23:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [0]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/04/2010 - 23:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setuperr.log [0]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 10/04/2010 - 23:56:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1684,534.exe [168809]
    O44 - LFC:[MD5.F6C5CC7F54349831A078B7704EE1D4C0] - 10/04/2010 - 23:39:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6511,5.exe [168809]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 13:17:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6710,474.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 09:15:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7870,294.exe [169744]
    O44 - LFC:[MD5.1B525A5B77CEDB752AE9B81B72899800] - 10/04/2010 - 09:15:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [384400]
    O44 - LFC:[MD5.42A5560D8733B42DE2A7F288FB2A5704] - 10/04/2010 - 08:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\mbam-log-2010-04-10 (09-09-05).txt [1185]
    O44 - LFC:[MD5.858DA4DD9B42B3B27939BD7485F27F12] - 10/04/2010 - 08:02:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\mbam-log-2010-04-10 (09-02-26).txt [1850]
    O44 - LFC:[MD5.F42B1F0F8EFFDEDFAF60EFA0D6E6E73F] - 10/04/2010 - 07:56:14 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [289792]
    O44 - LFC:[MD5.5C570B80C8283AB9F866FCC61C8D1C13] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - DCI Manager.) -- C:\Windows\System32\dciman32.dll [10240]
    O44 - LFC:[MD5.E679E3A9358AFF47962B25F60F74A556] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - Font Subsetting DLL.) -- C:\Windows\System32\fontsub.dll [72704]
    O44 - LFC:[MD5.B4FC9EE12913AF77BB83F6059AF3A6E4] - 10/04/2010 - 07:56:14 ---A- . (.Microsoft Corporation - Microsoft T2Embed Font Embedding.) -- C:\Windows\System32\t2embed.dll [156672]
    O44 - LFC:[MD5.F9C65E1E00A6BBF7C57D9B8EA068C525] - 10/04/2010 - 07:55:51 ---A- . (.Microsoft Corporation - Server Network driver.) -- C:\Windows\System32\drivers\srvnet.sys [98304]
    O44 - LFC:[MD5.8E5FC19B3B38364C5F44CCECEC5248E9] - 10/04/2010 - 07:55:51 ---A- . (.Microsoft Corporation - Server driver.) -- C:\Windows\System32\drivers\srv.sys [301568]
    O44 - LFC:[MD5.2722DF0EAA13B4B363DA9753D16D2106] - 10/04/2010 - 07:55:49 ---A- . (.Microsoft Corporation - Windows Portable Device API Components.) -- C:\Windows\System32\PortableDeviceApi.dll [241152]
    O44 - LFC:[MD5.5F3971D26909736BC28ADCCCF4AF7606] - 10/04/2010 - 07:55:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\wlan.tmf [2501921]
    O44 - LFC:[MD5.AC49768B69BCFC01278FDD2D89D17FF8] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Classes d’assistance aux diagnostics de séc.) -- C:\Windows\System32\L2SecHC.dll [127488]
    O44 - LFC:[MD5.275F4346E569DF56CFB95243BD6F6FF0] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - DLL du service de configuration automatique.) -- C:\Windows\System32\wlansvc.dll [513024]
    O44 - LFC:[MD5.ABE9DEC1E78226F70F5A6D18F701AFF2] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Windows Wireless LAN 802.11 MSM DLL.) -- C:\Windows\System32\wlanmsm.dll [293376]
    O44 - LFC:[MD5.2938E3B155C2647137A1910F534E66BE] - 10/04/2010 - 07:55:23 ---A- . (.Microsoft Corporation - Windows Wireless LAN 802.11 MSM Security Mo.) -- C:\Windows\System32\wlansec.dll [302592]
    O44 - LFC:[MD5.B6E8D828E9236ADCBE40FD8CFE2B5EB1] - 10/04/2010 - 07:55:06 ---A- . (.Microsoft Corporation - Services HTTP Windows.) -- C:\Windows\System32\winhttp.dll [376832]
    O44 - LFC:[MD5.35979494DABAF115F5FFA960830817DF] - 10/04/2010 - 07:55:04 ---A- . (.Microsoft Corporation - ATL Module for Windows XP (Unicode).) -- C:\Windows\System32\atl.dll [71680]
    O44 - LFC:[MD5.766DC8261DB0AC993B301DC29BD475DD] - 10/04/2010 - 07:55:01 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32.dll [296960]
    O44 - LFC:[MD5.5302026B0FADB0819009798D3F6BCD77] - 10/04/2010 - 07:54:57 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe [3546184]
    O44 - LFC:[MD5.FBA1B3594C1F691F1FA917ADE45D1DB5] - 10/04/2010 - 07:54:56 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntkrnlpa.exe [3597896]
    O44 - LFC:[MD5.6AFD7D679F04DC77722BB484D4166AFE] - 10/04/2010 - 07:54:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [396]
    O44 - LFC:[MD5.CB5F33C8225B865B3F6F7E8995E5273A] - 10/04/2010 - 07:54:53 ---A- . (.Microsoft Corporation - MS DTCOLE Transactions interface proxy DLL.) -- C:\Windows\System32\msdtcprx.dll [562176]
    O44 - LFC:[MD5.81269DEBF9341E7E402A0373ECC288E2] - 10/04/2010 - 07:54:53 ---A- . (.Microsoft Corporation - MS DTChelper APIs DLL.) -- C:\Windows\System32\xolehlp.dll [38912]
    O44 - LFC:[MD5.2AE2E1628C5D3F1C0A46A67C9FA1DF15] - 10/04/2010 - 07:54:50 ---A- . (.Microsoft Corporation - DLL du service Station de travail.) -- C:\Windows\System32\wkssvc.dll [160256]
    O44 - LFC:[MD5.B524F6323929A62EE48452B038F0E05F] - 10/04/2010 - 07:54:46 ---A- . (.Microsoft Corporation - Client ActiveX des services Terminal Server.) -- C:\Windows\System32\mstscax.dll [2066432]
    O44 - LFC:[MD5.C41551DD53FC9B7BE77AC5901E640E16] - 10/04/2010 - 07:54:43 ---A- . (.Microsoft Corporation - MSXML 3.0 SP10.) -- C:\Windows\System32\msxml3.dll [1191936]
    O44 - LFC:[MD5.F35D72BAEB8FE912637C77C07B7B8337] - 10/04/2010 - 07:54:38 ---A- . (.Microsoft Corporation - Panneau de configuration Date/Heure.) -- C:\Windows\System32\timedate.cpl [714240]
    O44 - LFC:[MD5.F1011BD3AAD22375F34CF48CACD483C1] - 10/04/2010 - 07:54:36 ---A- . (.Microsoft Corporation - Net Win32 API DLL.) -- C:\Windows\System32\netapi32.dll [466944]
    O44 - LFC:[MD5.5D62692EEB77E32F67A966F1BDEB551B] - 10/04/2010 - 07:54:10 ---A- . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll [11580928]
    O44 - LFC:[MD5.A1779DC7C088582D68ACB963A562636F] - 10/04/2010 - 07:54:00 ---A- . (.Microsoft Corporation - DLL de spouleur local.) -- C:\Windows\System32\localspl.dll [636928]
    O44 - LFC:[MD5.4C7D274A0E5266C5EEDD9DE0DFE9B8D6] - 10/04/2010 - 07:53:48 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript.dll [512000]
    O44 - LFC:[MD5.B1DD63E030763B63EE78E97054375F8E] - 10/04/2010 - 07:53:41 ---A- . (.Microsoft Corporation - Photo Metadata Handler.) -- C:\Windows\System32\PhotoMetadataHandler.dll [425472]
    O44 - LFC:[MD5.4870F4E0080FD6625B1CA3BA24894597] - 10/04/2010 - 07:53:40 ---A- . (.Microsoft Corporation - Microsoft Windows Codecs Extended Library.) -- C:\Windows\System32\WindowsCodecsExt.dll [347136]
    O44 - LFC:[MD5.A5A3089763FE03C88C20B7C26CE15DD3] - 10/04/2010 - 07:53:40 ---A- . (.Microsoft Corporation - Microsoft Windows Codecs Library.) -- C:\Windows\System32\WindowsCodecs.dll [712704]
    O44 - LFC:[MD5.60CFFD3FA1179EA8C40671604071DA06] - 10/04/2010 - 07:53:33 ---A- . (.Microsoft Corporation - Fournisseur d’impression de rendu côté clie.) -- C:\Windows\System32\win32spl.dll [443392]
    O44 - LFC:[MD5.18406CE410C1A4394FE1A8246D10567F] - 10/04/2010 - 07:53:28 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [2035712]
    O44 - LFC:[MD5.4636036E4B240C0CFA8252D9C2CD0F95] - 10/04/2010 - 07:53:05 ---A- . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll [268288]
    O44 - LFC:[MD5.CFFF4AA6802374EF1E386975398D8A67] - 10/04/2010 - 07:52:58 ---A- . (.Microsoft Corporation - Module d’aide sur la compatibilité des appl.) -- C:\Windows\System32\Apphlpdm.dll [28672]
    O44 - LFC:[MD5.ECC0008AEF9B35DA8F23714D5D0FB16F] - 10/04/2010 - 07:52:57 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\System32\GameUXLegacyGDFs.dll [4240384]
    O44 - LFC:[MD5.BA577783E8B4E2F49ED859E01C77F47B] - 10/04/2010 - 07:52:51 ---A- . (.Microsoft Corporation - ASN.1 Runtime APIs.) -- C:\Windows\System32\msasn1.dll [61440]
    O44 - LFC:[MD5.1C560CA4FBE7675D044273C6B69F3DC1] - 10/04/2010 - 07:52:48 ---A- . (.Microsoft Corporation - Assistants Connexion.) -- C:\Windows\System32\connect.dll [1645568]
    O44 - LFC:[MD5.9DE05CE950E4BC8820464F137029B358] - 10/04/2010 - 07:52:45 ---A- . (.Microsoft Corporation - Runtime d’appel de procédure distante.) -- C:\Windows\System32\rpcrt4.dll [784896]
    O44 - LFC:[MD5.4CEEB95E0B79E48B81F2DA0A6C24C64B] - 10/04/2010 - 07:52:44 ---A- . (.Microsoft Corporation - Smb 2.0 Server driver.) -- C:\Windows\System32\drivers\srv2.sys [144896]
    O44 - LFC:[MD5.1C0E2529FED8862F08BE8B562CFC3C5C] - 10/04/2010 - 07:52:42 ---A- . (.Microsoft Corporation - Accès distant PPP EAP-TLS.) -- C:\Windows\System32\rastls.dll [244224]
    O44 - LFC:[MD5.5EAAD3F8B0AFE4C5C1777DE18262FBD3] - 10/04/2010 - 07:52:41 ---A- . (.Microsoft Corporation - Accès distant PPP CHAP.) -- C:\Windows\System32\raschap.dll [281600]
    O44 - LFC:[MD5.D7F8D560FF816126F4DB520D1BDC3281] - 10/04/2010 - 07:52:39 ---A- . (.Microsoft Corporation - Web Services for Devices API DLL.) -- C:\Windows\System32\WSDApi.dll [351232]
    O44 - LFC:[MD5.FF52AC9A9E29F08D6D8B86DC33522099] - 10/04/2010 - 07:52:36 ---A- . (.Microsoft Corporation - MSXML 6.0 SP2.) -- C:\Windows\System32\msxml6.dll [1334272]
    O44 - LFC:[MD5.C2AF2DD98188E93B76F3E9B464B8029D] - 10/04/2010 - 07:52:33 ---A- . (.Microsoft Corporation - Module d'exécution DirectShow..) -- C:\Windows\System32\quartz.dll [1314816]
    O44 - LFC:[MD5.5CFCF7F40BF5FEB82CF4385AC805D538] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Codec vidéo YUV Intel Indeo(R).) -- C:\Windows\System32\iyuv_32.dll [50176]
    O44 - LFC:[MD5.2D002C07F0905B74381462E0EB926B82] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Compresseur Microsoft Vidéo 1.) -- C:\Windows\System32\msvidc32.dll [31744]
    O44 - LFC:[MD5.3ABB15BEBD3B61AC94D4C4FC8C3190CA] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Microsoft RLE Compressor.) -- C:\Windows\System32\msrle32.dll [13312]
    O44 - LFC:[MD5.2EA4F47CCF2E4F1E87363601090B3FF8] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Microsoft UYVY Video Decompressor.) -- C:\Windows\System32\msyuv.dll [22528]
    O44 - LFC:[MD5.643EA44BDDA0D52947D19DAE0BAB08DE] - 10/04/2010 - 07:52:32 ---A- . (.Microsoft Corporation - Toshiba Video Codec.) -- C:\Windows\System32\tsbyuv.dll [11776]
    O44 - LFC:[MD5.102E1942B0FF8708166E716A829C8AE8] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Bibliothèque d'assistance des fichiers AVI.) -- C:\Windows\System32\avifil32.dll [91136]
    O44 - LFC:[MD5.387EF0ACFF9F82015EF509F099C03999] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Classe de fenêtre de capture AVI.) -- C:\Windows\System32\avicap32.dll [65024]
    O44 - LFC:[MD5.4E6B2E600AEB7FB2668A41AC4AA5A536] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - DLL Microsoft Video for Windows.) -- C:\Windows\System32\msvfw32.dll [123904]
    O44 - LFC:[MD5.1567C64BE8D4C8C0186A980492B15391] - 10/04/2010 - 07:52:31 ---A- . (.Microsoft Corporation - Pilote MCI Video for Windows.) -- C:\Windows\System32\mciavi32.dll [82944]
    O44 - LFC:[MD5.43A448FE59022D77A2535A6FC2D825B9] - 10/04/2010 - 07:52:25 ---A- . (.Microsoft Corporation - Windows Media Audio Voice Decoder.) -- C:\Windows\System32\WMSPDMOD.DLL [604672]
    O44 - LFC:[MD5.AA9496B3B8F1D3CB2D2A731BA05464E0] - 10/04/2010 - 07:47:39 ---A- . (.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- C:\Windows\System32\drivers\mrxsmb10.sys [212992]
    O44 - LFC:[MD5.66592E91051728C3571B0D77175686AB] - 10/04/2010 - 07:47:38 ---A- . (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\mrxsmb.sys [105472]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:37:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6525,08.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:09:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9545,71.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 07:05:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6086,39.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:56:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3048,059.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:51:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\8942,377.exe [169744]
    O44 - LFC:[MD5.9008608EFAF59F9F1B5146AEED955469] - 10/04/2010 - 06:48:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\license.rtf [65328]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 06:48:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9519,007.exe [169744]
    O44 - LFC:[MD5.BB297222BEED530D2BDF12E62B37B192] - 10/04/2010 - 04:11:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1713,22.exe [169744]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:31:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\567,1328.exe [169563]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:27:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\2430,078.exe [169563]
    O44 - LFC:[MD5.2D8D89B6262C7392E1977F275BA6551A] - 10/04/2010 - 02:08:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\1280,176.exe [169563]
    O44 - LFC:[MD5.DD82EE6D51CDDB728AF85DFE0695C89C] - 09/04/2010 - 03:36:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9694,482.exe [167535]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 05:04:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\5343,439.exe [168651]
    O44 - LFC:[MD5.5ADDE9759FBC173BA668B8E28456B965] - 08/04/2010 - 04:57:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\uninstall.log [541]
    O44 - LFC:[MD5.D30F3270B77A8B0F42D7A1F4898F0D54] - 08/04/2010 - 04:57:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\Irremote.ini [33807]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:50:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\594,446.exe [168651]
    O44 - LFC:[MD5.32371FA4C4C1DE748FD66D2052565C9B] - 08/04/2010 - 04:48:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\oodbs.lor [46120]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:35:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3038,904.exe [168651]
    O44 - LFC:[MD5.F5DE8B6C3AE3586AEBA9E303CFDEEB31] - 08/04/2010 - 04:16:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\9478,266.exe [168651]
    O44 - LFC:[MD5.890A63A1E041CB4BB00F058EE96E42F5] - 08/04/2010 - 02:55:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\3109,552.exe [168786]
    O44 - LFC:[MD5.890A63A1E041CB4BB00F058EE96E42F5] - 08/04/2010 - 01:29:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\444,2996.exe [168786]
    O44 - LFC:[MD5.E3AEC4087031D9B086DAD0D3A9556B07] - 07/04/2010 - 04:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7677,576.exe [168410]
    O44 - LFC:[MD5.E3AEC4087031D9B086DAD0D3A9556B07] - 07/04/2010 - 03:58:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\8136,866.exe [168410]
    O44 - LFC:[MD5.AD2D1BB33D661A51DFE4D0BD7A1A22A5] - 06/04/2010 - 19:27:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\6252,252.exe [167554]
    O44 - LFC:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 29/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [38224]
    O44 - LFC:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 29/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [20824]
    O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 25/03/2010 - 20:15:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NeroDigital.ini [69]


    ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL


    ---\\ Export de clé d'application autorisée (ECAA) (O47)
    O47 - AAKE:Key Export SP - "C:\Windows\system32\winlogon.exe" [Enabled] .(.Microsoft Corporation - Application d'ouverture de session Windows.) -- C:\Windows\system32\winlogon.exe


    ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
    O52 - TDSD: \Drivers32\"msacm.l3acm"="L3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\L3codeca.acm
    O52 - TDSD: \Drivers32\"vidc.cvid"="ICCVID.DLL" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\ICCVID.DLL
    O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\Windows\System32\vorbis.acm
    O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\divx.dll
    O52 - TDSD: \Drivers32\"VIDC.VP60"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP61"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll
    O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm
    O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
    O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\x264vfw.dll
    O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll
    O52 - TDSD: \Drivers32\"VIDC.HFYU"="huffyuv.dll" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll
    O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\Ir41_32.ax
    O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\ir50_32.dll
    O52 - TDSD: \Drivers32\"vidc.i263"="i263_32.drv" . (.Intel Corporation - Intel I.263 Video Driver 2.55.012.) -- C:\Windows\System32\i263_32.drv
    O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
    O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm
    O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll
    O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
    O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\iac25_32.ax"="Indeo® audio software" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"l3codecp.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Pro)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
    O52 - TDSD: \drivers.desc\"msaud32.acm"="Windows Media Audio" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msg711.acm"="Microsoft CCITT G.711 Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msgsm32.acm"="Microsoft GSM 6.10 Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"tssoft32.acm"="DSP Group TrueSpeech(TM) Audio CODEC" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msh263.drv"="msh263.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msg723.acm"="msg723.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"msh261.drv"="msh261.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vct3216.acm"="Voxware Compression Toolkit" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"pclepim1.dll"="pclepim1.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vorbis.dll"="YARKOS" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\Windows\System32\vorbis.acm
    O52 - TDSD: \drivers.desc\"m3jpeg32.dll"="Morgan Multimedia MJPEG 32-bits codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"iccvid.dll"="Cinepak Codec by Radius" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
    O52 - TDSD: \drivers.desc\"L3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Pro)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\L3codeca.acm
    O52 - TDSD: \drivers.desc\"divx.dll"="DivX 6.8.4" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"vp6vfw.dll"="On2 VP6" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
    O52 - TDSD: \drivers.desc\"vp7vfw.dll"="On2 VP7" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll
    O52 - TDSD: \drivers.desc\"mp3fhg.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional) v3.3.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX ;-) Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm
    O52 - TDSD: \drivers.desc\"x264vfw.dll"="x264 H.264 Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"huffyuv.dll"="Huffyuv lossless codec" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll
    O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video 4.5" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"i263_32.drv"="Intel I.263 Video Driver 2.55.1.16" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
    O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll


    ---\\ Microsoft Control Security Providers (MCSP) (O54)
    O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=credssp.dll
    O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=credssp.dll


    ---\\ Microsoft Windows Policies System (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
    O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


    ---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
    O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=255
    O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=255
    O56 - MWPE:[HKCU\...\Policies\Explorer] - "HonorAutoRunSetting"=0
    O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=255
    O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=255
    O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=0


    ---\\ Liste des Drivers Système (SDL) (O58)
    O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys
    O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys
    O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys
    O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys
    O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys
    O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys
    O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys
    O58 - SDL:[MD5.8AE1745BFC7D383DAA3F82FE8D7BE7C0] - 09/03/2008 - 15:58:42 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys
    O58 - SDL:[MD5.4AA1EB65481C392955939E735D27118B] - 30/10/2006 - 04:23:12 ---A- . (.ATI Technologies Inc. - ATI PCIE Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie.sys
    O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys
    O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys
    O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys
    O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys
    O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
    O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys
    O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys
    O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys
    O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys
    O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys
    O58 - SDL:[MD5.4C0B029AA12CDA55C308177C2E195FC3] - 29/06/2009 - 16:04:52 ---A- . (.Hauppauge Computer Works, Inc. - WinTV-Nova-T-Mini device driver.) -- C:\Windows\system32\drivers\hcw17bda.sys
    O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys
    O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys
    O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys
    O58 - SDL:[MD5.C6E5276C00EBDEB096BB5EF4B797D1B6] - 16/07/2008 - 13:56:06 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\system32\drivers\int15.sys
    O58 - SDL:[MD5.8C7FA71CB1EBCD3EDE8958D27B1BF0B4] - 16/07/2008 - 13:56:06 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\system32\drivers\int15_64.sys
    O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys
    O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys
    O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys
    O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys
    O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys
    O58 - SDL:[MD5.23B55D27A0AFB7FE9CBCB20B617CC168] - 14/06/2007 - 14:41:00 ---A- . (.LITEON - LITEON AVSTREAM/BDA driver.) -- C:\Windows\system32\drivers\Ltn_stk7070P.sys
    O58 - SDL:[MD5.1FA7503D019291C027FEDAE509BC5500] - 13/06/2007 - 19:30:20 ---A- . (.LITEON - HID Infrared Remote Control minidriver.) -- C:\Windows\system32\drivers\Ltn_stkrc.sys
    O58 - SDL:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 30/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys
    O58 - SDL:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 30/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys
    O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys
    O58 - SDL:[MD5.C252F32CD9A49DBFC2
    11 Avril 2010 11:58:36

    Avant de lancer un script de suppression analyse ce fichier :

    •Rends toi sur ce site : http://www.virustotal.com/
    • Copie ce qui suit et colle le dans l'espace pour la recherche :

    1. C:\Windows\System32\6252,252.exe



    •Clique sur Send File ( = " Envoyer le fichier " ).
    •Un rapport va s'élaborer ligne à ligne.
    •Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
    Sauvegarde le rapport avec le bloc-note.
    • Copie le dans ta prochaine réponse ...

    ( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

    11 Avril 2010 12:15:29

    ça fait 10 mn qu'il envoie le fichier , c'est normal ?
    11 Avril 2010 12:21:52

    Il est possible qu'il y ai de l'attente mais normalement ça devrais être affiché
    11 Avril 2010 12:23:03

    non ça envoie encore.. je ferme et recommence?
    11 Avril 2010 12:35:24

    OK, il fallait juste rentrer C:\Windows\System32\6252,252.exe ( sans code : 1.)





    Fichier 765CC2BD8210AE548E9402D6F0979C00F0B17172.exe reçu le 2010.04.06 16:14:49 (UTC)
    Situation actuelle: terminé

    Résultat: 16/39 (41.03%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.04.06 -
    AhnLab-V3 5.0.0.2 2010.04.06 -
    AntiVir 7.10.6.30 2010.04.06 -
    Antiy-AVL 2.0.3.7 2010.04.06 Trojan/Win32.Koblu.gen
    Authentium 5.2.0.5 2010.04.06 -
    Avast 4.8.1351.0 2010.04.06 -
    Avast5 5.0.332.0 2010.04.06 -
    AVG 9.0.0.787 2010.04.06 Clicker.AHVO
    BitDefender 7.2 2010.04.06 Dropped:Trojan.Generic.3594009
    CAT-QuickHeal 10.00 2010.04.06 -
    ClamAV 0.96.0.3-git 2010.04.06 -
    Comodo 4517 2010.04.06 TrojWare.Win32.Koblu.D
    DrWeb 5.0.2.03300 2010.04.06 Trojan.Siggen1.15826
    eSafe 7.0.17.0 2010.04.01 -
    eTrust-Vet 35.2.7410 2010.04.06 -
    F-Prot 4.5.1.85 2010.04.06 -
    F-Secure 9.0.15370.0 2010.04.06 Trojan.Generic.3594009
    Fortinet 4.0.14.0 2010.04.06 -
    GData 19 2010.04.06 Dropped:Trojan.Generic.3594009
    Ikarus T3.1.1.80.0 2010.04.06 Backdoor.Win32.Refpron
    Jiangmin 13.0.900 2010.04.06 Backdoor/Refpron.cd
    Kaspersky 7.0.0.125 2010.04.06 -
    McAfee-GW-Edition 6.8.5 2010.04.06 -
    Microsoft 1.5605 2010.04.06 Backdoor:Win32/Refpron.gen!D
    NOD32 5004 2010.04.06 a variant of Win32/TrojanClicker.VB.NNT
    Norman 6.04.11 2010.04.06 W32/Agent.TOFJ
    nProtect 2009.1.8.0 2010.04.06 -
    Panda 10.0.2.2 2010.04.05 Generic Malware
    PCTools 7.0.3.5 2010.04.06 -
    Prevx 3.0 2010.04.06 High Risk System Back Door
    Rising 22.42.01.04 2010.04.06 -
    Sophos 4.52.0 2010.04.06 Sus/VB-BK
    Sunbelt 6143 2010.04.06 -
    Symantec 20091.2.0.41 2010.04.06 Trojan.Gen
    TheHacker 6.5.2.0.256 2010.04.06 -
    TrendMicro 9.120.0.1004 2010.04.06 -
    VBA32 3.12.12.4 2010.04.05 -
    ViRobot 2010.4.6.2263 2010.04.06 -
    VirusBuster 5.0.27.0 2010.04.06 -
    Information additionnelle
    File size: 167554 bytes
    MD5 : ad2d1bb33d661a51dfe4d0bd7a1a22a5
    SHA1 : 6ed85f6e73b4b3b509637f910d2f054d88c98a65
    SHA256: cf08be632ef818a717fd9c8791b47d283356e647d0861e1283e9ae8dcef0d5bd
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xA7CB
    timedatestamp.....: 0x4B236C58 (Sat Dec 12 11:11:36 2009)
    machinetype.......: 0x14C (Intel I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x10733 0x10800 6.57 7216510e83e08dcb37585a7df0e0576f
    .rdata 0x12000 0x1865 0x1A00 5.33 7f96c88475e1ff2ce8f61b81b9f2144f
    .data 0x14000 0xBFF4 0x200 3.55 0ebca16960628061dcf3807fd384d9e9
    .CRT 0x20000 0x10 0x200 0.22 f1d4e1be14bc803c8a864abff67d8999
    .rsrc 0x21000 0x3580 0x3600 5.32 9a220b5576c99e14142fc67ba81dbbf3

    ( 9 imports )

    > advapi32.dll: LookupPrivilegeValueA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, SetFileSecurityW, SetFileSecurityA, OpenProcessToken, AdjustTokenPrivileges
    > comctl32.dll: -
    > comdlg32.dll: GetSaveFileNameA, CommDlgExtendedError, GetOpenFileNameA
    > gdi32.dll: GetDeviceCaps, GetObjectA, CreateCompatibleBitmap, SelectObject, StretchBlt, CreateCompatibleDC, DeleteObject, DeleteDC
    > kernel32.dll: DeleteFileA, DeleteFileW, CreateDirectoryA, CreateDirectoryW, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, FindFirstFileW, GetTickCount, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GlobalAlloc, lstrlenA, GetModuleFileNameA, FindResourceA, GetModuleHandleA, HeapAlloc, GetProcessHeap, HeapFree, HeapReAlloc, CompareStringA, ExitProcess, GetLocaleInfoA, GetNumberFormatA, lstrcmpiA, GetProcAddress, GetDateFormatA, GetTimeFormatA, FileTimeToSystemTime, FileTimeToLocalFileTime, ExpandEnvironmentStringsA, WaitForSingleObject, SetCurrentDirectoryA, Sleep, GetTempPathA, MoveFileExA, UnmapViewOfFile, GetCommandLineA, MapViewOfFile, CreateFileMappingA, GetModuleFileNameW, SetEnvironmentVariableA, OpenFileMappingA, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, IsDBCSLeadByte, GetCPInfo, FreeLibrary, LoadLibraryA, GetCurrentDirectoryA, GetFullPathNameA, SetFileAttributesW, SetFileAttributesA, GetFileAttributesW, GetFileAttributesA, WriteFile, SetLastError, GetStdHandle, ReadFile, CreateFileW, CreateFileA, GetFileType, SetEndOfFile, SetFilePointer, MoveFileA, SetFileTime, GetCurrentProcess, CloseHandle, GetLastError, DosDateTimeToFileTime
    > ole32.dll: CreateStreamOnHGlobal, OleInitialize, CoCreateInstance, OleUninitialize, CLSIDFromString
    > oleaut32.dll: -
    > shell32.dll: ShellExecuteExA, SHFileOperationA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetMalloc, SHBrowseForFolderA, SHGetPathFromIDListA, SHChangeNotify
    > user32.dll: ReleaseDC, GetDC, SendMessageA, wsprintfA, SetDlgItemTextA, EndDialog, DestroyIcon, SendDlgItemMessageA, GetDlgItemTextA, DialogBoxParamA, IsWindowVisible, WaitForInputIdle, GetSysColor, PostMessageA, SetMenu, SetFocus, LoadBitmapA, LoadIconA, CharToOemA, OemToCharA, GetClassNameA, CharUpperA, GetWindowRect, GetParent, MapWindowPoints, CreateWindowExA, UpdateWindow, SetWindowTextA, LoadCursorA, RegisterClassExA, SetWindowLongA, GetWindowLongA, DefWindowProcA, PeekMessageA, GetMessageA, TranslateMessage, DispatchMessageA, GetClientRect, CopyRect, IsWindow, MessageBoxA, ShowWindow, GetDlgItem, EnableWindow, FindWindowExA, wvsprintfA, CharToOemBuffA, LoadStringA, SetWindowPos, GetWindowTextA, GetWindow, GetSystemMetrics, OemToCharBuffA, DestroyWindow

    ( 0 exports )

    TrID : File type identification
    Win64 Executable Generic (59.6%)
    Win32 Executable MS Visual C++ (generic) (26.2%)
    Win32 Executable Generic (5.9%)
    Win32 Dynamic Link Library (generic) (5.2%)
    Generic Win/DOS Executable (1.3%)
    ssdeep: 3072:I27BSpMbTehfcqclWYacI8iJkZOaCTuif13+Fnti+iXJC0:I27gCbTehEqclWYacI5JgOaCTuM3QQ5f
    sigcheck: publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=765CC2BD...
    PEiD : -
    packers (F-Prot): RAR
    RDS : NSRL Reference Data Set
    -


    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
    11 Avril 2010 12:46:47

    A d'accord .

    •Télécharger OTMOVEIT http://oldtimer.geekstogo.com/OTM.exe
    •Enregistrer ce fichier sur le Bureau.
    •Faire un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
    •Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL+ C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

    1. :processes
    2.  
    3. explorer.exe
    4.  
    5. :files
    6. c:\windows\system32\wuaucldt.exe
    7.  
    8. :reg
    9. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    10. "syncman"=-
    11.  
    12. :commands
    13.  
    14. [emptytemp]
    15.  
    16. [start explorer]
    17.  
    18. [reboot]


    •Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la zone "Paste List Instruction for Items to be Moved" (sous la barre bleu clair) puis choisir Coller.
    •Cliquer sur le bouton rouge Moveit!.
    •Fermer OTMoveIt3
    •Reviens sur le forum, et poste le rapport généré. Celui-ci se trouve ici : C:\_OTMoveIt\MovedFiles, poster le rapport le plus récent.
    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.


    Ensuite il y a pas mal de variante du fichier que nous avons détecté comme infectieux via Virustotal .

    Commence par installer un antivirus en l'occurrence installe Antivir : http://www.free-av.com/fr/index.html

    Puis lance un scan complet de ton pc et poste la rapport
    11 Avril 2010 12:57:26

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    c:\windows\system32\wuaucldt.exe moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syncman deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: P
    ->Temp folder emptied: 4780898 bytes
    ->Temporary Internet Files folder emptied: 25900423 bytes
    ->FireFox cache emptied: 38371501 bytes
    ->Flash cache emptied: 6129 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 67149929 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2935793 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 133,00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 04112010_125039

    Files moved on Reboot...
    File C:\Users\P\AppData\Local\Temp\~DF78B9.tmp not found!
    File C:\Users\P\AppData\Local\Temp\~DF78C3.tmp not found!
    C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDR2H6JJ\292848-11-rapport-hijackthis[1].htm moved successfully.
    File move failed. C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTY2F6FQ\EO8CAZJYCZMCAS2R95ICAORYMTFCAEX4L13CASYIH3CCAK51BTQCAPR73V5CATN5JXLCABBXFDPCAZ2QGQ3CA17M3RDCAEE7XKCCAW2QJP4CAMJHMD3CAROEB40CAE6KBPFCAVYN33CCA6GSF06.htm scheduled to be moved on reboot.
    File move failed. C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTY2F6FQ\LS4CA82PCK9CAQ0VRVLCA4XAWCICA8PV0EGCAWL2OJXCA7V5P7WCAYUVCCCCA57BF1ZCAVZWTN3CAWBGCDPCAP77VRRCA7Y23U2CAZS68XVCA18GCH7CAMV004FCA35OAI2CA1PMBGJCAUP6YMD.htm scheduled to be moved on reboot.
    C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YHF4NDR\272538-11-rappels-section-securite-virus[1].htm moved successfully.
    File move failed. C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YHF4NDR\F8UCA05WQAOCAMDIYF0CAWS26ICCAANRZ22CAJJ5ZHPCAGME7CLCA0QTJYSCA2K01A6CA04IOD4CA744VT9CAG6Z981CAEGWY13CARUJDDYCAK3HBXICAGZ9UW1CAP7UU6XCAX1228SCAKXL5GT.htm scheduled to be moved on reboot.
    File move failed. C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YHF4NDR\JZQCAMMC6IDCA3KWUQFCAJ12VKPCAD6166SCA940T50CAPKQ4ROCAFJ9BKRCAZW7JXOCA5WS6PJCA94WLXDCAMDY4KQCAXBCA37CA70ZSUPCAO3Q25OCAVHJCAVCAGBPY6ZCA61FLBBCANNXP38.htm scheduled to be moved on reboot.
    C:\Users\P\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
    File C:\Windows\temp\mpj113853.dll not found!
    C:\Windows\temp\msepdlkp.dll moved successfully.
    C:\Windows\temp\mta13187.dll moved successfully.
    C:\Windows\temp\t4m0_883793128996.bk.old moved successfully.
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECVMSDEU\searchCAVB0DJ2.htm not found!

    Registry entries deleted on Reboot...
    11 Avril 2010 13:06:42

    Pour antivir, j'ai un message d'erreur pendant l'intallation et je ne peux continuer :

    Le fichier c:\Users\P~\AppData\Local\Temp\RarSFXO\basic\setup.exe a été modifié.Impossible de poursuivre le setup
    11 Avril 2010 13:10:24

    En le téléchargeant en mode sans echec avec réseau et en l'installant dans le mode sans echec tu y arrive ?
    11 Avril 2010 13:22:22

    Non, j'ai le même message d'erreur.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS