Mise a jour impossible [RESOLU]

[mpfao]

Bonjour,
Mon soucis se trouve au niveau des MAJ celles de windows et celle de mes logiciels.
Je suis sous Vista avec Firefox, firewall Windows, antivir...

Déjà rien que de me connecter a Windows iodate le site je n'y arrive pas! "coNnexion impossible"!
Ensuite pour les MAJ impossible aussi il ne les recherches même pas!! MAJ de mes logiciels impossible aussi en général ça me met que le serveur n'est pas accessible ou autre chose de ce genre.

J'ajoute que j'ai analyser le système avec antivir et l'outil Windows mais rien de malsain alors que je suis sur d'avoir un truc en relation avec Internet.
Je n'arrive même pas a lancer hijackthis et malwarebytes!

le code erreur est 80072EFE pour win update

De l'aide??

Merci par avance
Jeremy.

[nardino]

Bonjour,

Télécharge Gmer.exe

Clique sur Download EXE
Tu vas obtenir une fichier avec une suite de caractères.exe.
Tu cliques droit sur le fichier et Exécuter en tant qu'administrateur.
Tu cliques sur l'onglet Rootkit/Malware
Tu coches le disque C au minimum.
Tu coches tout et tu cliques sur scan.
Laisse l'outil travailler, cela peut prendre un quart d'heure.
Quand le scan sera terminé, clique sur Save..., choisis le nom de ton choix pour le rapport ainsi que son dossier d'enregistrement pour le retrouver.
Tu l'ouvres et tu postes un copier-coller dans ta réponse

Tu supprimes les lignes en rouge s'il y en a.



Tu cliques droit sur la ligne et tu sélectionnes l'action appropriée : Delete File ou Delete the service selon le type dela colonne de gauche.


@+

[mpfao]

Alors il y a deux soucis.

Un quand je lance le logiciel il me parle de rootkit en me donnant ok ou pas je clique sur quoi?
Ensuite a partir d'un moment il y a écran bleu et mon pc s'eteint...

[nardino]

Bonsoir.
L'explication en image ne suffit-elle pas ?

@+

[mpfao]

Voila l'analyse, j"ai réussi a supprimé une chose mais il y en a une qui est impossible car il faut apparement supprimé le svchost.
Library \\?\globalroot\systemroot\system32\gxvxcywrxjbfqpooquvdmscpfgfnpmrmixrqg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [652] 0x10000000

ANALYSE

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-04 12:38:05
Windows 6.0.6001 Service Pack 1
Running: glz7ut20.exe; Driver: C:\Users\MALARD~1\AppData\Local\Temp\uwldakod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 8660DBF8
INT 0x62 ? 8660DBF8
INT 0x72 ? 8660DBF8
INT 0x72 ? 8660DBF8
INT 0x82 ? 85925BF8
INT 0x92 ? 85921BF8
INT 0xA2 ? 85921BF8
INT 0xB3 ? 8660DBF8

Code 86A52F40 ZwEnumerateKey
Code 86A52F08 ZwFlushInstructionCache
Code 86A50D75 IofCallDriver
Code 86A50DAE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81E89FE2 5 Bytes JMP 86A50DB3
.text ntkrnlpa.exe!IofCallDriver 81F0BF6F 5 Bytes JMP 86A50D7A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 8200230B 5 Bytes JMP 86A52F0C
PAGE ntkrnlpa.exe!ZwEnumerateKey 82057BA2 5 Bytes JMP 86A52F44
? System32\Drivers\spow.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8A7AC46F 5 Bytes JMP 8660D1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806966D2] \SystemRoot\System32\Drivers\spow.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80696040] \SystemRoot\System32\Drivers\spow.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806967FC] \SystemRoot\System32\Drivers\spow.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806960BE] \SystemRoot\System32\Drivers\spow.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069613C] \SystemRoot\System32\Drivers\spow.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A6048] \SystemRoot\System32\Drivers\spow.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859281F8

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 859231F8
Device \Driver\usbuhci \Device\USBPDO-0 8660E1F8
Device \Driver\usbuhci \Device\USBPDO-1 8660E1F8
Device \Driver\usbehci \Device\USBPDO-2 8660B1F8
Device \Driver\usbuhci \Device\USBPDO-3 8660E1F8
Device \Driver\usbuhci \Device\USBPDO-4 8660E1F8
Device \Driver\PCI_PNP1444 \Device\00000055 spow.sys
Device \Driver\usbuhci \Device\USBPDO-5 8660E1F8
Device \Driver\usbehci \Device\USBPDO-6 8660B1F8
Device \Driver\volmgr \Device\HarddiskVolume1 859231F8
Device \Driver\volmgr \Device\HarddiskVolume2 859231F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859261F8
Device \Driver\atapi \Device\Ide\IdePort0 859261F8
Device \Driver\atapi \Device\Ide\IdePort1 859261F8
Device \Driver\iScsiPrt \Device\RaidPort0 866B71F8
Device \Driver\sptd \Device\1572587455 spow.sys
Device \Driver\usbuhci \Device\USBFDO-0 8660E1F8
Device \Driver\usbuhci \Device\USBFDO-1 8660E1F8
Device \Driver\usbehci \Device\USBFDO-2 8660B1F8
Device \Driver\usbuhci \Device\USBFDO-3 8660E1F8
Device \Driver\usbuhci \Device\USBFDO-4 8660E1F8
Device \Driver\usbuhci \Device\USBFDO-5 8660E1F8
Device \Driver\usbehci \Device\USBFDO-6 8660B1F8
Device \Driver\awix0pdd \Device\Scsi\awix0pdd1 866B51F8
Device \Driver\awix0pdd \Device\Scsi\awix0pdd1Port4Path0Target1Lun0 866B51F8
Device \Driver\awix0pdd \Device\Scsi\awix0pdd1Port4Path0Target0Lun0 866B51F8
Device \FileSystem\cdfs \Cdfs 86CEC1F8
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcywrxjbfqpooquvdmscpfgfnpmrmixrqg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [652] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcepihbniygcsjqitpmhlthitnaouvvpbb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcepihbniygcsjqitpmhlthitnaouvvpbb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcywrxjbfqpooquvdmscpfgfnpmrmixrqg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcarqadxvmdnqtogtxlfjneucysritbtqs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0x64 0x54 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x10 0x7F 0x6E 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0xC4 0x4F 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x34 0xA8 0xFE 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcepihbniygcsjqitpmhlthitnaouvvpbb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcepihbniygcsjqitpmhlthitnaouvvpbb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcywrxjbfqpooquvdmscpfgfnpmrmixrqg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcarqadxvmdnqtogtxlfjneucysritbtqs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0x64 0x54 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x10 0x7F 0x6E 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0xC4 0x4F 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x34 0xA8 0xFE 0x13 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 3996904EAF0CB7EEFB6355BBDE16E83B8E051AC99846A38C77810BB00E0533621913C80F460F832C16875341A4D2EBE08128BA3FC2EF4D2FDE40A3161A387D3774A61DDF7B45054EE5DC43DED5A42B622DBDB59ED287CF5FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5CA2D97226D213B55535F52ABF6ADFAE403060CF3593188EA97C6C218ABEE71E33356FAB61357DA768DBD453A46A64FE164EC9C7308C31D7AD0677C404F8D0F543265B2E026BDC2B17DB1C6DC688811E2F13FE2806B8F0ED03F1E0C6014FEF19362F49C50802683CE1AB87DE0D33109FF0E55FF644892291884047E75BD71F1482063B93B4D5AB577B5419C5C12BF08B67C98BEE60449377C1040D20CD7C3FE64672F4E8AC96B8E938F49572130582DB40506BFBAF04184659E65A997A7D3488C1D3FC4EFAC7A25492C1066893A92B0050202740EDB4079A97A51933E4EC6460DA1AA17E8A41836E2AFD3761BAD555DA0D752F11BB19B8856F0E79FEF5313CCB1ACAF0EAAEAE76823E84BB496099EEC39120B4781CC78D897287ED43F905AA9BAB7FC0359C8F1ECCB6C5E640C5D968059C82ACB3F5A8681F5A882E7BA0F8A416E06528B5ECB81E801D41D39C0B50B7DD91145335947B2FB2021D3654FE6D21F22

---- EOF - GMER 1.0.15 ----

[nardino]

Bonjour.
Infection par TIBS.(gxvxc*******)

Télécharge Combofix
IMPORTANT. Enregistre ComboFix.exe sur le Bureau.
Désactive les applications antivirus et anti-malware, en général via un clic droit sur l'icône de la Zone de notification.
Sinon, elles risquent d'interférer avec l'outil.
Clic droit sur l'icône et Exécuter en tant qu'administrateur.

Suis les invites.
Lorsque l'outil aura terminé, il affichera un rapport.
Copie le contenu dans ta prochaine réponse.
Il sera enregistré sous C:\Combofix.txt
Un redémarrage sera surement éxigé et il faut laisser l'outil travailler même si tu as l'impression que rien ne se passe.
Donc ne lance pas d'applications avant l'arrivée du rapport.
@+

[mpfao]

ComboFix 09-10-04.01 - MALARD Jérémy 04/10/2009 20:59.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1918 [GMT 2:00]
Lancé depuis: c:\users\MALARD Jérémy\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Sunbelt CounterSpy *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4065092391-1469159174-1700121007-500
c:\$recycle.bin\S-1-5-21-980460687-1634674314-3639616997-500
c:\users\MALARD Jérémy\AppData\Local\gwohwp.dat
c:\users\MALARD Jérémy\AppData\Local\gwohwp.exe
c:\users\MALARD Jérémy\AppData\Local\gwohwp_nav.dat
c:\users\MALARD Jérémy\AppData\Local\gwohwp_navps.dat
c:\windows\Installer\1415d954.msi
c:\windows\Installer\3a0c2.msi
c:\windows\Installer\3b09c557.msi
c:\windows\Installer\536ba67.msi
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-04 au 2009-10-04 ))))))))))))))))))))))))))))))))))))
.

2009-10-04 19:07 . 2009-10-04 19:07 -------- d-----w- c:\users\MALARD~2\AppData\Local\temp
2009-10-04 19:07 . 2009-10-04 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 11:00 . 2009-10-03 11:00 -------- d-----w- C:\Intel
2009-10-03 11:00 . 2009-06-04 16:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-02 17:21 . 2009-10-02 17:21 -------- d-----w- c:\windows\Sun
2009-10-01 19:22 . 2003-03-25 04:00 9216 ----a-w- c:\windows\proxycfg.exe
2009-10-01 19:21 . 2009-10-01 19:22 -------- d-----w- C:\AULOGS
2009-10-01 18:19 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-10-01 18:19 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-10-01 18:19 . 2009-10-01 18:19 -------- d-----w- c:\programdata\page
2009-10-01 18:19 . 2009-10-01 18:19 -------- d-----w- c:\program files\Ashampoo
2009-10-01 16:45 . 2009-10-01 16:45 -------- d-----w- c:\windows\system32\oodag
2009-10-01 15:47 . 2008-10-30 08:21 75072 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-01 15:47 . 2009-10-01 15:47 -------- d-----w- c:\programdata\Avira
2009-10-01 15:47 . 2009-10-01 15:47 -------- d-----w- c:\program files\Avira
2009-10-01 15:25 . 2009-10-01 15:25 -------- d-----w- c:\program files\Guitar Pro 5
2009-10-01 13:04 . 2009-01-14 14:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 13:04 . 2009-10-01 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 13:04 . 2009-10-01 13:04 -------- d-----w- c:\programdata\Malwarebytes
2009-10-01 13:04 . 2009-01-14 14:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 12:13 . 2009-10-01 12:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-01 11:47 . 2009-10-01 11:47 -------- d-----w- c:\program files\PHPNukeFR
2009-10-01 11:47 . 2009-10-01 11:47 -------- d-----w- c:\program files\Conduit
2009-10-01 11:41 . 2009-10-01 11:41 -------- d-----w- c:\programdata\Sunbelt
2009-10-01 10:51 . 2009-10-01 11:03 -------- d-----w- c:\programdata\STOPzilla!
2009-09-26 00:26 . 2009-09-26 00:26 -------- d-----w- c:\programdata\Microgaming
2009-09-26 00:26 . 2009-09-26 00:26 -------- d-----w- c:\programdata\MGS
2009-09-26 00:26 . 2009-09-26 00:26 -------- d-----w- C:\Microgaming
2009-09-24 18:38 . 2009-09-24 18:38 -------- d-----w- c:\program files\iPod
2009-09-24 18:38 . 2009-09-24 18:39 -------- d-----w- c:\program files\iTunes
2009-09-20 15:50 . 2009-09-20 15:50 -------- d-----w- c:\program files\WahOO
2009-09-19 20:49 . 2009-09-19 20:49 -------- d-----w- c:\program files\Eidos
2009-09-19 20:47 . 2009-09-19 21:01 -------- d-----w- C:\temp
2009-09-19 19:53 . 2009-10-01 14:03 -------- d-----w- c:\program files\Common Files\Steam
2009-09-19 19:53 . 2009-10-03 11:20 -------- d-----w- c:\program files\Steam
2009-09-19 12:56 . 2009-09-19 12:56 -------- d-----w- c:\program files\Utilitaire de configuration iPhone
2009-09-19 12:50 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-19 12:50 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-19 12:49 . 2009-09-19 12:50 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 12:46 . 2009-09-19 12:47 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 13:09 . 2008-03-09 04:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 17:11 . 2008-10-28 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 16:59 . 2009-05-26 22:03 -------- d-----w- c:\program files\Vuze
2009-10-01 16:35 . 2008-06-03 19:51 -------- d-----w- c:\programdata\WildTangent
2009-10-01 15:35 . 2009-05-08 15:25 -------- d-----w- c:\program files\Lavasoft
2009-10-01 15:35 . 2009-04-23 14:12 -------- d-----w- c:\programdata\Lavasoft
2009-09-30 16:41 . 2009-05-27 10:36 -------- d-----w- c:\programdata\BitDefender
2009-09-30 16:41 . 2009-06-22 05:13 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-30 16:03 . 2008-03-09 13:16 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-30 16:03 . 2008-03-09 13:16 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-30 11:34 . 2009-05-27 09:24 -------- d-----w- c:\program files\VirtualDJ
2009-09-26 18:03 . 2009-05-27 10:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-26 08:57 . 2008-03-09 05:52 -------- d-----w- c:\program files\Java
2009-09-24 18:38 . 2008-10-07 20:53 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 15:23 . 2009-05-26 23:35 -------- d-----w- c:\program files\ClubDJ ProVJ
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-06 14:34 . 2009-08-06 14:34 71176 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-07-25 03:23 . 2008-12-08 20:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-05 16:08 . 2008-10-30 15:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\PHPNukeFR\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1C491116-C175-45E1-A570-6FB14FEA8B7B}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WahOO"="c:\program files\WahOO\WahOO.exe" [2009-09-15 1839616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-09 4702208]

c:\users\MALARD J‚r‚my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0o

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CF56EE87-3255-4F75-9569-E4BD5033A6E6}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{27DA28C7-00AD-4753-9858-0BDDED7D8752}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D587D31A-8B46-4EFA-B935-FF83EBF02909}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39D1E530-FF40-4E75-865F-3FCE8707DDDB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F15B3E8-9831-42CC-8BA6-1F91E2BD2DBE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BB565962-6A0B-4A22-8D59-1DFE1494A0CA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{961C7B03-EAAE-419C-BB41-E07A791D3726}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FCED7718-7EC0-4FD4-B443-684DB36919BE}"= UDP:c:\program files\eMule\emule.exe:eMule
"{1B73B8C3-E9A0-4698-9F2D-3419B0D91CB6}"= TCP:c:\program files\eMule\emule.exe:eMule
"{AB82989F-87A3-4349-82A5-5B51EA1412A1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{F848815F-CE13-4AA4-9356-1B3196E6F465}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{B570E016-7E55-4723-8E4F-D42B40A1015C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{6D8E2C77-F6DA-416C-ACCE-612B57DD66F2}"= Disabled:UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{6586BFCE-F6ED-4631-9873-3E9177CB9BA1}"= Disabled:TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{59004629-6718-4668-B86D-4E1D1347160D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A72658A7-3AD1-4D1C-A382-66F96E9D2E13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{410FF76D-F17E-49A8-91E6-0948E38605B8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{271B39DE-87F8-43B6-B054-C73A91DAB202}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BB72432F-B530-496C-93E7-BEEDB973FA9A}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{EDA41B98-4097-40F5-A78B-3D65A1972F94}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{EFD1B64A-8480-4F31-9EF9-D7EE833903DE}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{5A714E62-AF15-4A43-8358-CB0CA3626FCE}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{E96032D7-B898-42D1-8FAE-586579B23446}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{8EE74C79-2ADF-47C1-B406-A22765CC8699}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{03D332EF-E39F-4399-8A0A-75E5DC75AC45}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{27DA3242-DFF0-4258-B68B-14F999F3DFCD}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{F841F67B-0F34-414B-BA39-D922FD8A6812}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{7FE1463D-C5E6-4D39-84CC-ECC545F75096}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{2D535EBE-7AA5-43D5-B0D4-DDC167031316}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{CC0E266C-3456-4956-A631-4AC253B1C537}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{D40EC1C7-355A-4250-BA97-5148D050EA41}"= UDP:80:Orb port
"TCP Query User{0AC96D9D-80BA-471F-A236-BD5609AEE7A6}c:\\program files\\orb networks\\orb\\bin\\orbtray.exe"= UDP:c:\program files\orb networks\orb\bin\orbtray.exe:Orb
"UDP Query User{F10FDE39-B740-4CEA-9F4C-A5982F8AF898}c:\\program files\\orb networks\\orb\\bin\\orbtray.exe"= TCP:c:\program files\orb networks\orb\bin\orbtray.exe:Orb
"{0A835394-208D-4593-A2E3-FA0215457D56}"= TCP:554:Real/3GP Media Port
"{70D5633E-6F89-48BE-9262-5DE657C82CBB}"= UDP:80:Widows media
"{83C3AE10-3E5B-47CB-A8C7-20AF72860DD5}"= UDP:c:\program files\Windows Media Player\wmplayer.exe:wmplayer
"{4434BF39-2DBB-407F-A074-40D214983940}"= TCP:c:\program files\Windows Media Player\wmplayer.exe:wmplayer
"TCP Query User{56941B00-5DFA-440C-94D2-C07A9B334CF5}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{362E2169-31BB-4F81-BAF1-2C990761ABBB}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"TCP Query User{45DDF1C9-DB78-4952-8C3B-A13A007D069F}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{52F52E8D-C6CF-4CBB-9648-EA9636734C08}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"TCP Query User{A87C2E83-BFB9-440F-BB70-3B5F6E88C82B}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{1D354DF2-8379-4C9F-B83D-183C8C06202C}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"{CDE506EA-124B-471F-A15C-12B8B43F23B9}"= UDP:5901:Iphone
"{6CD41C23-CE59-4A7D-B2D4-515E5298439B}"= TCP:80:Windows media port
"{C99F32B4-CD3E-4656-8A6F-FA52BBD9D3A8}"= UDP:554:CP Orb
"{3E5F2383-C3D0-4AB8-9D42-BB5B592A15D2}"= TCPUDP Orb
"TCP Query User{83B12CF2-06CE-4821-81C0-09667A6D85C8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{EDCB4C53-9083-4F23-A88F-83DC6826E9E6}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{3D450DB0-3B0B-4A00-BC9C-E337B33A55A6}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{53BCF534-B40F-42CE-B9FD-0E8B759166EE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{6E538ACC-7A05-4486-B23C-DAA9942F1462}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{1354661D-7E16-428C-98A4-84BB509781BA}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{AAE43659-9786-4DDA-9367-E2628BF98F7C}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{9B0B21CE-E48F-4F40-A53A-FA1DE967974A}"= TCP:c:\program files\Steam\Steam.exe:Steam
"{F7FD48F4-9936-4E0A-BEF3-CDDA6895F072}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3297ACAA-9E6F-447D-BD4C-2500C966352C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6D70F32A-780B-4A65-B79A-11907702B2C6}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{DD655879-7F1D-499B-9979-CAE68CC0BDBA}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"TCP Query User{EAC24C3B-8562-496E-B890-285BF868721B}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{33ED2E42-85F4-42D9-9ACD-543A3A104F30}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"{463E270D-589A-4D21-8F0B-65C0F951EAF9}"= UDP:c:\program files\Microsoft Security Essentials\msseces.exe:Microsoft Security Essentials
"{F1F8C4BA-A7A7-4202-A776-564C67B924E7}"= TCP:c:\program files\Microsoft Security Essentials\msseces.exe:Microsoft Security Essentials
"TCP Query User{162E48BA-9A5D-468D-BD14-286595A9EEB0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{08601D04-6B33-4001-A9A3-E8F0558BB790}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"{A909E0DB-68CF-45FD-9F12-E414A80CF18B}"= UDP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender
"{49E374EC-02EE-4284-8CB4-7762E5E1DB94}"= TCP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 DwProt;DrWeb Protection;c:\windows\System32\drivers\dwprot.sys [29/01/2009 23:57 99704]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\ACEDRV11.sys [23/01/2008 10:19 501560]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [01/10/2009 17:47 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [01/10/2009 17:47 258305]
R2 AVEService;Service d'assistance Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [01/10/2009 17:47 41217]
R2 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [15/12/2008 14:08 886072]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe --> c:\progra~1\DrWeb\spidernt.exe [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [01/10/2009 20:19 410976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\MALARD Jérémy\AppData\Roaming\Mozilla\Firefox\Profiles\gyowxwbt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-gwohwp - c:\users\malard jérémy\appdata\local\gwohwp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 21:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4065092391-1469159174-1700121007-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,fe,fd,6d,b9,12,38,f8,b3,33,16,14,a8,9c,ea,d2,d7,56,52,2f,73,
e8,76,8e,81,0d,af,8a,42,25,c8,f5,03,a4,0a,c8,59,20,b7,83,a7,f6,74,e0,8f,a1,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-10-04 21:10
ComboFix-quarantined-files.txt 2009-10-04 19:10

Avant-CF: 65 445 793 792 octets libres
Après-CF: 65 641 848 832 octets libres

308

[nardino]

Bonsoir.

Quelles sont les nouvelles après Combofix ?
Télécharge RSIT de random/random, sur le Bureau :
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe afin de lancer l'outil, il ne nécessite pas d'installation.
Clique Continue à l'écran Disclaimer si tu acceptes les conditions.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et accepte la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt, celui qui va s'ouvrir et de info.txt qui est réduit dans la Barre des Tâches.

NB :
Ces rapports sont enregistrés dans le dossier C:\rsit
Sous Vista/Sept, il faut lancer le fichier en cliquant droit dessus et par Exécuter en tant qu'administrateur.

@+

[mpfao]

Alors après ces premières étapes les MAJ de tout mes logiciels et Windows refonctionnent donc déjà merci!
Mon navigateur a l'air d'être a nouveau sain!

Voici les rapports que tu m'a demandé et au faite merci par avance!

1
Logfile of random's system information tool 1.06 (written by random/random)
Run by MALARD Jérémy at 2009-10-05 19:47:02
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 60 GB (27%) free of 227 GB
Total RAM: 3070 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:30, on 05/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wuauclt.exe
C:\Users\MALARD Jérémy\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\MALARD Jérémy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WahOO] "C:\Program Files\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Dr.Web ® Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Unknown owner - C:\PROGRA~1\DrWeb\spidernt.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 9821 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
ECarteBleueBrowserHelper Class - C:\Windows\system32\BhoECart.dll [2003-10-31 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{1c491116-c175-45e1-a570-6fb14fea8b7b} - PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-09 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-10-04 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WahOO"=C:\Program Files\WahOO\WahOO.exe [2009-09-15 1839616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-09-19 1217784]

C:\Users\MALARD Jérémy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-05 19:47:03 ----D---- C:\Program Files\trend micro
2009-10-05 19:47:02 ----D---- C:\rsit
2009-10-05 07:42:28 ----D---- C:\Program Files\Avira
2009-10-04 22:10:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-04 22:10:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\wdigest.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\kerberos.dll
2009-10-04 22:09:00 ----A---- C:\Windows\system32\schannel.dll
2009-10-04 22:08:59 ----A---- C:\Windows\system32\secur32.dll
2009-10-04 22:08:59 ----A---- C:\Windows\system32\lsass.exe
2009-10-04 22:08:13 ----A---- C:\Windows\system32\mshtml.dll
2009-10-04 22:08:12 ----A---- C:\Windows\system32\occache.dll
2009-10-04 22:08:11 ----A---- C:\Windows\system32\ieframe.dll
2009-10-04 22:08:10 ----A---- C:\Windows\system32\urlmon.dll
2009-10-04 22:08:09 ----A---- C:\Windows\system32\wininet.dll
2009-10-04 22:08:08 ----A---- C:\Windows\system32\iertutil.dll
2009-10-04 22:08:08 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-04 22:08:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-04 22:08:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-04 22:08:06 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-04 22:08:06 ----A---- C:\Windows\system32\ieencode.dll
2009-10-04 22:08:05 ----A---- C:\Windows\system32\mstime.dll
2009-10-04 22:08:04 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-04 22:07:30 ----A---- C:\Windows\system32\mstscax.dll
2009-10-04 22:06:29 ----A---- C:\Windows\system32\localspl.dll
2009-10-04 22:05:16 ----A---- C:\Windows\system32\avifil32.dll
2009-10-04 22:04:43 ----A---- C:\Windows\system32\jscript.dll
2009-10-04 22:04:29 ----A---- C:\Windows\system32\wmp.dll
2009-10-04 22:04:27 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-04 22:04:26 ----A---- C:\Windows\system32\spwmp.dll
2009-10-04 22:04:25 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-04 22:04:24 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-04 22:04:07 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-04 21:30:00 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-04 21:26:56 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Malwarebytes
2009-10-04 21:10:28 ----SHD---- C:\$RECYCLE.BIN
2009-10-04 21:10:25 ----A---- C:\ComboFix.txt
2009-10-04 21:07:44 ----D---- C:\Windows\temp
2009-10-04 20:57:35 ----A---- C:\Windows\zip.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWXCACLS.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWSC.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWREG.exe
2009-10-04 20:57:35 ----A---- C:\Windows\sed.exe
2009-10-04 20:57:35 ----A---- C:\Windows\PEV.exe
2009-10-04 20:57:35 ----A---- C:\Windows\NIRCMD.exe
2009-10-04 20:57:35 ----A---- C:\Windows\grep.exe
2009-10-04 20:57:26 ----D---- C:\Windows\ERDNT
2009-10-04 20:57:25 ----D---- C:\ComboFix
2009-10-04 20:49:39 ----D---- C:\Qoobox
2009-10-04 11:54:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-03 13:00:50 ----D---- C:\Intel
2009-10-03 13:00:41 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\InstallShield
2009-10-02 19:21:49 ----D---- C:\Windows\Sun
2009-10-01 21:22:14 ----A---- C:\Windows\proxycfg.exe
2009-10-01 21:21:42 ----A---- C:\Descriptors.txt
2009-10-01 21:21:22 ----D---- C:\AULOGS
2009-10-01 20:52:39 ----D---- C:\Windows\SoftwareDistribution
2009-10-01 20:19:44 ----A---- C:\Windows\system32\DfSdkBt64.exe
2009-10-01 20:19:43 ----A---- C:\Windows\system32\DfSdkBt.exe
2009-10-01 20:19:37 ----D---- C:\ProgramData\page
2009-10-01 20:19:37 ----D---- C:\Program Files\Ashampoo
2009-10-01 19:05:21 ----A---- C:\Windows\OODCNT.INI
2009-10-01 18:45:02 ----D---- C:\Windows\system32\oodag
2009-10-01 17:47:52 ----D---- C:\ProgramData\Avira
2009-10-01 17:25:15 ----D---- C:\Program Files\Guitar Pro 5
2009-10-01 15:04:19 ----D---- C:\ProgramData\Malwarebytes
2009-10-01 15:04:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 14:13:43 ----D---- C:\Program Files\Microsoft Security Essentials
2009-10-01 13:47:57 ----D---- C:\Program Files\PHPNukeFR
2009-10-01 13:47:57 ----D---- C:\Program Files\Conduit
2009-10-01 13:41:10 ----D---- C:\ProgramData\Sunbelt
2009-10-01 13:03:22 ----D---- C:\Config.Msi
2009-10-01 12:51:59 ----D---- C:\ProgramData\STOPzilla!
2009-09-26 10:57:19 ----A---- C:\Windows\system32\javaws.exe
2009-09-26 10:57:19 ----A---- C:\Windows\system32\javaw.exe
2009-09-26 10:57:19 ----A---- C:\Windows\system32\java.exe
2009-09-26 02:26:11 ----D---- C:\ProgramData\Microgaming
2009-09-26 02:26:11 ----D---- C:\ProgramData\MGS
2009-09-26 02:26:11 ----D---- C:\Microgaming
2009-09-24 20:38:34 ----D---- C:\Program Files\iPod
2009-09-24 20:38:32 ----D---- C:\Program Files\iTunes
2009-09-20 17:50:31 ----D---- C:\Program Files\WahOO
2009-09-19 23:50:06 ----RHD---- C:\Users\MALARD Jérémy\AppData\Roaming\SecuROM
2009-09-19 22:49:42 ----D---- C:\Program Files\Eidos
2009-09-19 22:47:00 ----D---- C:\temp
2009-09-19 21:53:50 ----D---- C:\Program Files\Common Files\Steam
2009-09-19 21:53:47 ----D---- C:\Program Files\Steam
2009-09-19 17:29:59 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\LimeWire
2009-09-19 14:56:36 ----D---- C:\Program Files\Utilitaire de configuration iPhone
2009-09-19 14:50:14 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-19 14:49:13 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 14:46:36 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-10-05 19:47:30 ----D---- C:\Windows\Prefetch
2009-10-05 19:47:03 ----D---- C:\Program Files
2009-10-05 07:45:34 ----SHD---- C:\Windows\Installer
2009-10-05 07:45:22 ----SHD---- C:\System Volume Information
2009-10-05 07:42:38 ----D---- C:\Windows\system32\drivers
2009-10-05 07:39:57 ----D---- C:\Windows\winsxs
2009-10-05 07:29:38 ----D---- C:\Windows\system32\catroot
2009-10-05 07:28:31 ----D---- C:\Windows\System32
2009-10-05 07:25:01 ----D---- C:\Program Files\Windows Mail
2009-10-05 07:25:00 ----D---- C:\Windows\AppPatch
2009-10-05 07:25:00 ----D---- C:\Program Files\Windows Media Player
2009-10-05 07:25:00 ----D---- C:\Program Files\Internet Explorer
2009-10-04 22:28:38 ----D---- C:\Windows\Microsoft.NET
2009-10-04 22:27:12 ----D---- C:\Windows
2009-10-04 22:23:22 ----RSD---- C:\Windows\assembly
2009-10-04 22:22:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-04 22:22:09 ----D---- C:\Windows\inf
2009-10-04 22:22:04 ----D---- C:\Windows\registration
2009-10-04 22:20:26 ----D---- C:\Windows\ehome
2009-10-04 22:09:49 ----D---- C:\Windows\system32\catroot2
2009-10-04 21:10:31 ----D---- C:\Windows\system32\fr-FR
2009-10-04 21:09:09 ----D---- C:\Windows\Tasks
2009-10-04 21:08:07 ----A---- C:\Windows\system.ini
2009-10-04 21:04:42 ----D---- C:\Program Files\Common Files
2009-10-03 15:09:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-03 13:18:13 ----D---- C:\ProgramData
2009-10-02 19:59:44 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 19:11:38 ----D---- C:\ProgramData\Adobe
2009-10-02 19:11:05 ----D---- C:\Program Files\Common Files\Adobe
2009-10-02 19:10:59 ----D---- C:\Program Files\Adobe
2009-10-01 20:27:35 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Azureus
2009-10-01 20:23:54 ----D---- C:\Windows\SMINST
2009-10-01 20:23:53 ----D---- C:\found.000
2009-10-01 19:01:37 ----D---- C:\Windows\system32\Tasks
2009-10-01 18:59:43 ----D---- C:\Program Files\Vuze
2009-10-01 18:35:44 ----D---- C:\ProgramData\WildTangent
2009-10-01 17:35:49 ----D---- C:\ProgramData\Lavasoft
2009-10-01 17:35:49 ----D---- C:\Program Files\Lavasoft
2009-10-01 17:35:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-01 17:25:16 ----RSD---- C:\Windows\Fonts
2009-10-01 14:13:54 ----SD---- C:\ProgramData\Microsoft
2009-09-30 18:41:18 ----D---- C:\ProgramData\BitDefender
2009-09-30 18:41:00 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-30 13:53:28 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\CyberLink
2009-09-30 13:34:25 ----D---- C:\Program Files\VirtualDJ
2009-09-26 10:57:17 ----D---- C:\Program Files\Java
2009-09-26 02:26:49 ----SD---- C:\Windows\Downloaded Program Files
2009-09-24 20:38:33 ----D---- C:\Program Files\Common Files\Apple
2009-09-19 14:51:30 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-10-04 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-10-04 96104]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-10-04 55656]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-09 1970712]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 anqkyoxn;anqkyoxn; \??\C:\Windows\system32\drivers\anqkyoxn.sys []
S1 awzozvlv;awzozvlv; \??\C:\Windows\system32\drivers\awzozvlv.sys []
S1 mdzlqdyl;mdzlqdyl; \??\C:\Windows\system32\drivers\mdzlqdyl.sys []
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-10-04 28520]
S1 wqfsbnzu;wqfsbnzu; \??\C:\Windows\system32\drivers\wqfsbnzu.sys []
S2 SPIDER;SpIDer Guard File System Monitor; \??\C:\PROGRA~1\DrWeb\spider.sys []
S3 a28gipd8;a28gipd8; C:\Windows\system32\drivers\a28gipd8.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\Users\MALARD~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-04 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2009-02-05 886072]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MsMpSvc;@c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-10-04 194817]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-04 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-10-04 434945]
S2 SPIDERNT;SpIDer Guard for Windows; C:\PROGRA~1\DrWeb\spidernt.exe []
S2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe -service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-09 72704]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-01 316664]

-----------------EOF-----------------


2
info.txt logfile of random's system information tool 1.06 2009-10-05 19:47:33

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo WinOptimizer 6.30-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Championship Manager L'Entraîneur 2010 (Données Patch de septembre)-->"C:\Program Files\InstallShield Installation Information\{14592A8E-4DA6-4338-A9D5-E16449647EC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\malard jérémy\appdata\local\wkcegya.bat
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Integrated Performance Primitives RTI 4.0-->MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 2.72 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
L'Entraîneur 2010-->"C:\Program Files\InstallShield Installation Information\{5CA7899B-FFEC-4254-A05B-448420831F37}\Setup.exe" -runfromtemp -l0x040c -removeonly
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-019A-X6AM-Z365-28EH-AX3K-LL1X-19HP"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PHPNukeFR Toolbar-->C:\PROGRA~1\PHPNUK~1\UNWISE.EXE /U C:\PROGRA~1\PHPNUK~1\INSTALL.LOG
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Utilitaire de configuration iPhone-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 4.07-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtualis Crédit Mutuel-->C:\Program Files\Virtualis\Désinstallation Virtualis Crédit Mutuel
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vuze-->C:\Program Files\Vuze\uninstall.exe
WahOO-->"C:\Program Files\WahOO\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: Doctor Web Anti-Virus
AV: BitDefender Antivirus (disabled) (outdated)
FW: BitDefender Firewall (disabled)
AS: BitDefender Antispyware (disabled)
AS: Windows Defender
AS: Sunbelt CounterSpy (disabled) (outdated)

======System event log======

Computer Name: PC-de-MALARDJér
Event Code: 7001
Message: Le service SpIDer Guard for Windows dépend du service SpIDer Guard File System Monitor qui n'a pas pu démarrer en raison de l'erreur :
Le chemin d'accès spécifié est introuvable.
Record Number: 170679
Source Name: Service Control Manager
Time Written: 20090612212436.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-MALARDJér
Event Code: 7000
Message: Le service VNC Server n'a pas pu démarrer en raison de l'erreur :
Le chemin d'accès spécifié est introuvable.
Record Number: 170685
Source Name: Service Control Manager
Time Written: 20090612212436.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-MALARDJér
Event Code: 7022
Message: Le service QuickPlay Background Capture Service (QBCS) est en attente de démarrage.
Record Number: 170698
Source Name: Service Control Manager
Time Written: 20090612212502.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-MALARDJér
Event Code: 7001
Message: Le service QuickPlay Task Scheduler (QTS) dépend du service QuickPlay Background Capture Service (QBCS) qui n'a pas pu démarrer en raison de l'erreur :
Après démarrage, le service s'est arrêté dans un état d'attente.
Record Number: 170699
Source Name: Service Control Manager
Time Written: 20090612212503.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-MALARDJér
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 170724
Source Name: Tcpip
Time Written: 20090612212804.876000-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: PC-de-MALARDJér
Event Code: 4117
Message: Le fichier de licence ne contient pas de licence valable. Le service va être arrêté !
Record Number: 30052
Source Name: Avira AntiVir
Time Written: 20091005114426.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-MALARDJér
Event Code: 4117
Message: Le fichier de licence ne contient pas de licence valable. Le service va être arrêté !
Record Number: 30054
Source Name: Avira AntiVir
Time Written: 20091005134355.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-MALARDJér
Event Code: 4117
Message: Le fichier de licence ne contient pas de licence valable. Le service va être arrêté !
Record Number: 30056
Source Name: Avira AntiVir
Time Written: 20091005134425.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-MALARDJér
Event Code: 4117
Message: Le fichier de licence ne contient pas de licence valable. Le service va être arrêté !
Record Number: 30060
Source Name: Avira AntiVir
Time Written: 20091005174411.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-MALARDJér
Event Code: 4117
Message: Le fichier de licence ne contient pas de licence valable. Le service va être arrêté !
Record Number: 30062
Source Name: Avira AntiVir
Time Written: 20091005174441.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-MALARDJér
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 15411
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091005174729.075902-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-MALARDJér
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 15412
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091005174729.115902-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-MALARDJér
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 15413
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091005174729.152902-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-MALARDJér
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 15414
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091005174729.206902-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-MALARDJér
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 15415
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091005174729.244902-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[nardino]

Bonsoir.
Il y a du boulot sur ton pc, je n'aimerais pas y habiter.

1- Télécharge OTM de OldTimer :

Enregistres-le sur le Bureau.
Double-clique sur OTM.exe pour lancer l'outil.
Note :
Sous Vista, clic droit sur le fichier et Exécuter en tant qu'administrateur.
Copie toutes les lignes ci-dessous en citation par CTRL+C dans le presse-papier.

:files
C:\Windows\system32\drivers\anqkyoxn.sys
C:\Windows\system32\drivers\awzozvlv.sys
C:\Windows\system32\drivers\mdzlqdyl.sys
C:\Windows\system32\drivers\wqfsbnzu.sys
C:\Windows\system32\drivers\a28gipd8.sys
c:\users\malard jérémy\appdata\local\wkcegya.bat

:commands
[purity]
[emptytemp]
[reboot]

Dans OTM.exe, place le curseur dans la la fenêtre "Paste List Of Files/Folders to Move" et tu cliques sur CTRL+V pour coller le contenu du presse-papier.
Clique sur le bouton MoveIt!, le rouge.



Ferme l'outil.
Poste le contenu du rapport C:\_OTM\MovedFiles\********_******.log
Les * représentent Mois/Jour/Année_Heure/Minutes/Secondes

2- Tu as quatre pack de codec , donc trois de trop.

Satsuki Decoder Pack 4000 suffit amplement
Désinstalle ceux-ci :
K-Lite Codec Pack 2.72 Ful
DivX Codec
Xvid 1.1.3 final uninstall

3- Java n'est pas à jour.
-Java Runtime Environment (JRE)6u16 :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6 update16
Dans la page suivante, choisis Windows dans Platform coche I agree to the Java SE Runtime Environment 6 License Agreement et Continue
Dans la nouvelle page, coche Windows Offline Installation, et clique sur jre-6u16-windows-i586-p.exe //15.89 MB.
Tu l'installeras hors connexion.
Supprime toutes les autres versions.
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 7

4- Les antivirus
Si tu n'as pas la licence pour Antivir, désinstalle-le et remplace-le par Microsoft Security Essentials ou par Antivir Personal Free Edition.
Tu as aussi DrWeb à désinstaller.
Un seul antivirus pour un bon fonctionnement du système.

5- Deux belles raisons de t'infecter :
eMule
Vuze
Ainsi que des traces de Limewire.

@+

[mpfao]

Voici le rapport!

All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\drivers\anqkyoxn.sys not found.
File/Folder C:\Windows\system32\drivers\awzozvlv.sys not found.
File/Folder C:\Windows\system32\drivers\mdzlqdyl.sys not found.
File/Folder C:\Windows\system32\drivers\wqfsbnzu.sys not found.
File/Folder C:\Windows\system32\drivers\a28gipd8.sys not found.
c:\users\malard jérémy\appdata\local\wkcegya.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MALARD Jérémy
File delete failed. C:\Users\MALARD Jérémy\AppData\Local\Temp\BIT16F9.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 39415681 bytes
->Temporary Internet Files folder emptied: 4056979 bytes
->Java cache emptied: 64710537 bytes
->FireFox cache emptied: 67578156 bytes

User: MALARD J?r?my
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
File delete failed. C:\Windows\System32\SET198E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\System32\SET2008.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\System32\SET555.tmp scheduled to be deleted on reboot.
%systemroot%\System32 .tmp files removed: 20351104 bytes
Windows Temp folder emptied: 804422 bytes
RecycleBin emptied: 31827 bytes

Total Files Cleaned = 187,82 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10052009_205415

Files moved on Reboot...
File move failed. C:\Users\MALARD Jérémy\AppData\Local\Temp\BIT16F9.tmp scheduled to be moved on reboot.
File C:\Windows\System32\SET198E.tmp not found!
File C:\Windows\System32\SET2008.tmp not found!
File C:\Windows\System32\SET555.tmp not found!

Registry entries deleted on Reboot...


Par contre je ne trouve pas doctor Web dans mon PC serait tu ou dois-je aller car je pensais l'avoir supprimé!
Limeware aussi bizarre.
Si tu voit d'autres choses a faire hésite pas tout est bon a prendre.

MERCI

[nardino]

Bonsoir,
As-tu déjà fait tout ce que j'ai dit ?
Poste un nouveau rapport RSIT.
@+

[mpfao]

Logfile of random's system information tool 1.06 (written by random/random)
Run by MALARD Jérémy at 2009-10-06 20:28:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 56 GB (25%) free of 227 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:20, on 06/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MALARD Jérémy\Desktop\Internet reparation\RSIT.exe
C:\Program Files\trend micro\MALARD Jérémy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WahOO] "C:\Program Files\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Dr.Web ® Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Unknown owner - C:\PROGRA~1\DrWeb\spidernt.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 10080 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
ECarteBleueBrowserHelper Class - C:\Windows\system32\BhoECart.dll [2003-10-31 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-05 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{1c491116-c175-45e1-a570-6fb14fea8b7b} - PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-09 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-10-04 209153]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WahOO"=C:\Program Files\WahOO\WahOO.exe [2009-09-15 1839616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-09-19 1217784]

C:\Users\MALARD Jérémy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-06 03:03:01 ----A---- C:\Windows\system32\tzres.dll
2009-10-05 21:49:05 ----A---- C:\Windows\system32\javaws.exe
2009-10-05 21:49:05 ----A---- C:\Windows\system32\javaw.exe
2009-10-05 21:49:05 ----A---- C:\Windows\system32\java.exe
2009-10-05 20:54:15 ----D---- C:\_OTM
2009-10-05 19:47:03 ----D---- C:\Program Files\trend micro
2009-10-05 19:47:02 ----D---- C:\rsit
2009-10-05 07:44:57 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-05 07:44:56 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-05 07:44:56 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-05 07:44:56 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-05 07:44:56 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-05 07:44:56 ----A---- C:\Windows\system32\finger.exe
2009-10-05 07:44:56 ----A---- C:\Windows\system32\ARP.EXE
2009-10-05 07:44:55 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-05 07:44:55 ----A---- C:\Windows\system32\netevent.dll
2009-10-05 07:42:28 ----D---- C:\Program Files\Avira
2009-10-04 22:11:02 ----A---- C:\Windows\system32\EncDec.dll
2009-10-04 22:11:01 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-04 22:10:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-04 22:10:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\wdigest.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-04 22:09:01 ----A---- C:\Windows\system32\kerberos.dll
2009-10-04 22:09:00 ----A---- C:\Windows\system32\schannel.dll
2009-10-04 22:08:59 ----A---- C:\Windows\system32\secur32.dll
2009-10-04 22:08:59 ----A---- C:\Windows\system32\lsass.exe
2009-10-04 22:08:34 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-04 22:08:34 ----A---- C:\Windows\system32\wlansec.dll
2009-10-04 22:08:34 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-04 22:08:34 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-04 22:08:21 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-04 22:08:21 ----A---- C:\Windows\system32\mf.dll
2009-10-04 22:08:13 ----A---- C:\Windows\system32\mshtml.dll
2009-10-04 22:08:12 ----A---- C:\Windows\system32\occache.dll
2009-10-04 22:08:11 ----A---- C:\Windows\system32\ieframe.dll
2009-10-04 22:08:10 ----A---- C:\Windows\system32\urlmon.dll
2009-10-04 22:08:09 ----A---- C:\Windows\system32\wininet.dll
2009-10-04 22:08:08 ----A---- C:\Windows\system32\iertutil.dll
2009-10-04 22:08:08 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-04 22:08:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-04 22:08:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-04 22:08:06 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-04 22:08:06 ----A---- C:\Windows\system32\ieencode.dll
2009-10-04 22:08:05 ----A---- C:\Windows\system32\mstime.dll
2009-10-04 22:08:04 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-04 22:07:56 ----A---- C:\Windows\system32\t2embed.dll
2009-10-04 22:07:55 ----A---- C:\Windows\system32\fontsub.dll
2009-10-04 22:07:55 ----A---- C:\Windows\system32\dciman32.dll
2009-10-04 22:07:55 ----A---- C:\Windows\system32\atmfd.dll
2009-10-04 22:07:33 ----A---- C:\Windows\system32\atl.dll
2009-10-04 22:07:30 ----A---- C:\Windows\system32\mstscax.dll
2009-10-04 22:06:31 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-04 22:06:29 ----A---- C:\Windows\system32\localspl.dll
2009-10-04 22:05:16 ----A---- C:\Windows\system32\avifil32.dll
2009-10-04 22:04:43 ----A---- C:\Windows\system32\jscript.dll
2009-10-04 22:04:29 ----A---- C:\Windows\system32\wmp.dll
2009-10-04 22:04:27 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-04 22:04:26 ----A---- C:\Windows\system32\spwmp.dll
2009-10-04 22:04:25 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-04 22:04:24 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-04 22:04:07 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-04 21:30:00 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-04 21:26:56 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Malwarebytes
2009-10-04 21:10:28 ----SHD---- C:\$RECYCLE.BIN
2009-10-04 21:10:25 ----A---- C:\ComboFix.txt
2009-10-04 21:07:44 ----D---- C:\Windows\temp
2009-10-04 20:57:35 ----A---- C:\Windows\zip.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWXCACLS.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWSC.exe
2009-10-04 20:57:35 ----A---- C:\Windows\SWREG.exe
2009-10-04 20:57:35 ----A---- C:\Windows\sed.exe
2009-10-04 20:57:35 ----A---- C:\Windows\PEV.exe
2009-10-04 20:57:35 ----A---- C:\Windows\NIRCMD.exe
2009-10-04 20:57:35 ----A---- C:\Windows\grep.exe
2009-10-04 20:57:26 ----D---- C:\Windows\ERDNT
2009-10-04 20:57:25 ----D---- C:\ComboFix
2009-10-04 20:49:39 ----D---- C:\Qoobox
2009-10-04 11:54:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-03 13:00:50 ----D---- C:\Intel
2009-10-03 13:00:41 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\InstallShield
2009-10-02 19:21:49 ----D---- C:\Windows\Sun
2009-10-01 21:22:14 ----A---- C:\Windows\proxycfg.exe
2009-10-01 21:21:42 ----A---- C:\Descriptors.txt
2009-10-01 21:21:22 ----D---- C:\AULOGS
2009-10-01 20:52:39 ----D---- C:\Windows\SoftwareDistribution
2009-10-01 20:19:44 ----A---- C:\Windows\system32\DfSdkBt64.exe
2009-10-01 20:19:43 ----A---- C:\Windows\system32\DfSdkBt.exe
2009-10-01 20:19:37 ----D---- C:\ProgramData\page
2009-10-01 20:19:37 ----D---- C:\Program Files\Ashampoo
2009-10-01 19:05:21 ----A---- C:\Windows\OODCNT.INI
2009-10-01 18:45:02 ----D---- C:\Windows\system32\oodag
2009-10-01 17:47:52 ----D---- C:\ProgramData\Avira
2009-10-01 17:25:15 ----D---- C:\Program Files\Guitar Pro 5
2009-10-01 15:04:19 ----D---- C:\ProgramData\Malwarebytes
2009-10-01 15:04:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 14:13:43 ----D---- C:\Program Files\Microsoft Security Essentials
2009-10-01 13:47:57 ----D---- C:\Program Files\PHPNukeFR
2009-10-01 13:47:57 ----D---- C:\Program Files\Conduit
2009-10-01 13:41:10 ----D---- C:\ProgramData\Sunbelt
2009-10-01 13:03:22 ----D---- C:\Config.Msi
2009-10-01 12:51:59 ----D---- C:\ProgramData\STOPzilla!
2009-09-26 02:26:11 ----D---- C:\ProgramData\Microgaming
2009-09-26 02:26:11 ----D---- C:\ProgramData\MGS
2009-09-26 02:26:11 ----D---- C:\Microgaming
2009-09-24 20:38:34 ----D---- C:\Program Files\iPod
2009-09-24 20:38:32 ----D---- C:\Program Files\iTunes
2009-09-20 17:50:31 ----D---- C:\Program Files\WahOO
2009-09-19 23:50:06 ----RHD---- C:\Users\MALARD Jérémy\AppData\Roaming\SecuROM
2009-09-19 22:49:42 ----D---- C:\Program Files\Eidos
2009-09-19 22:47:00 ----D---- C:\temp
2009-09-19 21:53:50 ----D---- C:\Program Files\Common Files\Steam
2009-09-19 21:53:47 ----D---- C:\Program Files\Steam
2009-09-19 17:29:59 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\LimeWire
2009-09-19 14:56:36 ----D---- C:\Program Files\Utilitaire de configuration iPhone
2009-09-19 14:50:14 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-19 14:49:13 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 14:46:36 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-10-06 07:25:21 ----D---- C:\Windows\Prefetch
2009-10-06 03:25:51 ----D---- C:\Windows\rescache
2009-10-06 03:16:00 ----D---- C:\Windows\Microsoft.NET
2009-10-06 03:15:28 ----RSD---- C:\Windows\assembly
2009-10-06 03:04:44 ----D---- C:\Windows\system32\fr-FR
2009-10-06 03:04:44 ----D---- C:\Windows\System32
2009-10-06 03:04:42 ----D---- C:\Windows\ehome
2009-10-06 03:04:39 ----D---- C:\Windows\system32\drivers
2009-10-06 03:03:49 ----D---- C:\Windows\winsxs
2009-10-06 03:03:45 ----D---- C:\Windows\system32\catroot
2009-10-06 03:00:34 ----D---- C:\Windows
2009-10-06 03:00:28 ----SHD---- C:\Windows\Installer
2009-10-06 03:00:19 ----SHD---- C:\System Volume Information
2009-10-05 21:52:17 ----D---- C:\Program Files\Java
2009-10-05 21:52:16 ----D---- C:\Program Files\Common Files
2009-10-05 21:48:45 ----A---- C:\Windows\system32\deploytk.dll
2009-10-05 21:05:19 ----D---- C:\Program Files
2009-10-05 21:05:08 ----D---- C:\Program Files\DivX
2009-10-05 20:02:09 ----D---- C:\Windows\inf
2009-10-05 20:02:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-05 19:58:14 ----D---- C:\Windows\system32\catroot2
2009-10-05 07:25:01 ----D---- C:\Program Files\Windows Mail
2009-10-05 07:25:00 ----D---- C:\Windows\AppPatch
2009-10-05 07:25:00 ----D---- C:\Program Files\Windows Media Player
2009-10-05 07:25:00 ----D---- C:\Program Files\Internet Explorer
2009-10-04 22:22:04 ----D---- C:\Windows\registration
2009-10-04 21:09:09 ----D---- C:\Windows\Tasks
2009-10-04 21:08:07 ----A---- C:\Windows\system.ini
2009-10-03 15:09:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-03 13:18:13 ----D---- C:\ProgramData
2009-10-02 19:59:44 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 19:11:38 ----D---- C:\ProgramData\Adobe
2009-10-02 19:11:05 ----D---- C:\Program Files\Common Files\Adobe
2009-10-02 19:10:59 ----D---- C:\Program Files\Adobe
2009-10-01 20:27:35 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Azureus
2009-10-01 20:23:54 ----D---- C:\Windows\SMINST
2009-10-01 20:23:53 ----D---- C:\found.000
2009-10-01 19:01:37 ----D---- C:\Windows\system32\Tasks
2009-10-01 18:59:43 ----D---- C:\Program Files\Vuze
2009-10-01 18:35:44 ----D---- C:\ProgramData\WildTangent
2009-10-01 17:35:49 ----D---- C:\ProgramData\Lavasoft
2009-10-01 17:35:49 ----D---- C:\Program Files\Lavasoft
2009-10-01 17:35:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-01 17:25:16 ----RSD---- C:\Windows\Fonts
2009-10-01 14:13:54 ----SD---- C:\ProgramData\Microsoft
2009-09-30 18:41:18 ----D---- C:\ProgramData\BitDefender
2009-09-30 18:41:00 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-30 13:53:28 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\CyberLink
2009-09-30 13:34:25 ----D---- C:\Program Files\VirtualDJ
2009-09-26 02:26:49 ----SD---- C:\Windows\Downloaded Program Files
2009-09-24 20:38:33 ----D---- C:\Program Files\Common Files\Apple
2009-09-19 14:51:30 ----D---- C:\Users\MALARD Jérémy\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-10-04 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-10-04 96104]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-10-04 28520]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-10-04 55656]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-09 1970712]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 anqkyoxn;anqkyoxn; \??\C:\Windows\system32\drivers\anqkyoxn.sys []
S1 awzozvlv;awzozvlv; \??\C:\Windows\system32\drivers\awzozvlv.sys []
S1 mdzlqdyl;mdzlqdyl; \??\C:\Windows\system32\drivers\mdzlqdyl.sys []
S1 wqfsbnzu;wqfsbnzu; \??\C:\Windows\system32\drivers\wqfsbnzu.sys []
S2 SPIDER;SpIDer Guard File System Monitor; \??\C:\PROGRA~1\DrWeb\spider.sys []
S3 aefmzsl8;aefmzsl8; C:\Windows\system32\drivers\aefmzsl8.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\Users\MALARD~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-04 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2009-02-05 886072]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MsMpSvc;@c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-10-04 194817]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-04 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-10-04 434945]
S2 SPIDERNT;SpIDer Guard for Windows; C:\PROGRA~1\DrWeb\spidernt.exe []
S2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe -service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-09 72704]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-01 316664]

-----------------EOF-----------------

[nardino]

Bonsoir.
Pourquoi avoir installé deux antivirus.
Je ne l'ai jamais préconisé, c'est l'un ou l'autre.
Télécharge SF.exe de C_XX
http://sd-1.archive-host.com/membres/up ... 868/SF.exe
Double-clique sur le fichier SF.exe.
Dans la fenêtre DOS tape :
anqkyoxn,awzozvlv,mdzlqdyl,wqfsbnzu,aefmzsl8
Valide par Entrer.
Le scan prendra quelques minutes et un fichier texte va s'ouvrir que tu postes par copier-coller.
Tu refermes le fichier et l'outil.

@+

[mpfao]

========================= SF 1.0.0.2 - C_XX | 11:50:11,56

Valeur(s) recherchée(s):

aefmzsl
anqkyoxn
awzozvlv
mdzlqdyl
wqfsbnzu


========================= Fichier(s):

Aucun fichier/Dossier trouvé.

========================= Registre:



[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 4]
"Driver"="aefmzsl8"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNPA000\4&5d18f2df&0]
"DeviceDesc"="AEFMZSL8 IDE Controller"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNPA000\4&5d18f2df&0]
"Service"="aefmzsl8"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNPA000\4&5d18f2df&0\Control]
"ActiveService"="aefmzsl8"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNPA000\4&5d18f2df&0]
"DeviceDesc"="AEFMZSL8 IDE Controller"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNPA000\4&5d18f2df&0]
"Service"="aefmzsl8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNPA000\4&5d18f2df&0]
"DeviceDesc"="AEFMZSL8 IDE Controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNPA000\4&5d18f2df&0]
"Service"="aefmzsl8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNPA000\4&5d18f2df&0\Control]
"ActiveService"="aefmzsl8"



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\anqkyoxn]
"Args"="C:\Windows\system32\drivers\anqkyoxn.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\anqkyoxn]
"ImagePath"="\??\C:\Windows\system32\drivers\anqkyoxn.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\anqkyoxn]
"Args"="C:\Windows\system32\drivers\anqkyoxn.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\anqkyoxn]
"ImagePath"="\??\C:\Windows\system32\drivers\anqkyoxn.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\anqkyoxn]
"Args"="C:\Windows\system32\drivers\anqkyoxn.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\anqkyoxn]
"ImagePath"="\??\C:\Windows\system32\drivers\anqkyoxn.sys"



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\awzozvlv]
"Args"="C:\Windows\system32\drivers\awzozvlv.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\awzozvlv]
"ImagePath"="\??\C:\Windows\system32\drivers\awzozvlv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\awzozvlv]
"Args"="C:\Windows\system32\drivers\awzozvlv.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\awzozvlv]
"ImagePath"="\??\C:\Windows\system32\drivers\awzozvlv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awzozvlv]
"Args"="C:\Windows\system32\drivers\awzozvlv.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awzozvlv]
"ImagePath"="\??\C:\Windows\system32\drivers\awzozvlv.sys"



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdzlqdyl]
"Args"="C:\Windows\system32\drivers\mdzlqdyl.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdzlqdyl]
"ImagePath"="\??\C:\Windows\system32\drivers\mdzlqdyl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mdzlqdyl]
"Args"="C:\Windows\system32\drivers\mdzlqdyl.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mdzlqdyl]
"ImagePath"="\??\C:\Windows\system32\drivers\mdzlqdyl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mdzlqdyl]
"Args"="C:\Windows\system32\drivers\mdzlqdyl.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mdzlqdyl]
"ImagePath"="\??\C:\Windows\system32\drivers\mdzlqdyl.sys"



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wqfsbnzu]
"Args"="C:\Windows\system32\drivers\wqfsbnzu.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wqfsbnzu]
"ImagePath"="\??\C:\Windows\system32\drivers\wqfsbnzu.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wqfsbnzu]
"Args"="C:\Windows\system32\drivers\wqfsbnzu.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wqfsbnzu]
"ImagePath"="\??\C:\Windows\system32\drivers\wqfsbnzu.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wqfsbnzu]
"Args"="C:\Windows\system32\drivers\wqfsbnzu.sys:changelist"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wqfsbnzu]
"ImagePath"="\??\C:\Windows\system32\drivers\wqfsbnzu.sys"


========================= E.O.F | 11:57:56,33


J'ai désinstallé AntiVir.
Merci