Malware ?

Bonjour,

Je suis nouveau ici et peu expert. Depuis hier aprés-midi, il m'est impossible de me connecter à mon portail orange. Ce n'est pas un problème de connection ou de livebox puisque je peux me connecter par ailleurs sur mon portable (avec lequel je vous écrit). J'ai lancé Bit Defender qui n'a rien trouvé, Ad-Aware pas plus. Ce matin j'ai pu de nouveau me connecter sans problème.J'ai téléchargé Super Anti Spyware, l'ai installé, voulu scanner en mode sans échec et rien à faire. Depuis, de nouveau impossible de se connecter, j'ai désinstallé Super antispyware et impossible de le réinstaller. Que dois-je faire ? Merci

Salut

poste un Log hijackthis -->Hijackthis

regarde--> renommer correctement Hijackthis ==>installer et renommer correctement

pourquoi ??-->certaines infections "Vundos" se cachent au lancement de hijackthis.exe et pas d'un autre .exe)

regarde générer un rapport-->Tutoriel


aprés

télécharges --> Malwarebytes (mbam) -->Malwarebytes

installes + mise a jour
et
Redémarre en "Mode sans échec" : redémarres ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lances--> Malwarebytes (MBAM)
- Puis vas dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionnse tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> cliques sur Supprimer la sélection a faire Impérativement==> Pas oubier "supprimer"
- S'il t' es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

---

oups!! Sinon Fais "Malwarebytes " en Mode Classique ==> analyse Compléte

Si pas moyen


grosse Artillerie

Télécharger==> [/b] Combofix [b] ==> que tu mets a partir de ton autre PC==> sur une clé USB

==>ComboFix.exe

==>enregistres sur le bureau de ton PC infecté

==>Tutoriel

=Double-clic sur Combofix
= Presses 1 quand demandé
= Attendre la fermeture de l’outil ( 5 à 10 mn)
=Copier/coller le rapport ici même
Un rapport dans C:\Combofix.txt à mettre

Pour Malwarebytes comme tu n as pas de connection tu ne pourras le mettre à jour ==> il y à une base de données

hijackthis,malwarebytes et combofix tu pourras les transférer sur ton PC infecté via " clé USB "

tu rajouteras en dernier ==>SDFix

==>SDFix

Problème Hijack This: j'ai un message en anglais qui me dit (à peu près) que mon système refuse d'écrire le fichier hosts...

Ca y est : un peu prise de tete mais bon, ça c'est fait ... Alors qu'en pensez-vous ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:13, on 18/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Nosibay\Mon Widget RMC\Launcher.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Nosibay\Mon Widget RMC\Mon Widget RMC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Mon Widget RMC] "C:\Program Files\Nosibay\Mon Widget RMC\launcher.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B137F01C-BE9C-4C2D-BC8E-8E7AF30E086E}: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10134 bytes

impossible de lancer MBAM en mode sans échec... que faire ?

cricri58

(Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21

dans un premier temps a supprimer

O17 - HKLM\System\CCS\Services\Tcpip\..\{B137F01C-BE9C-4C2D-BC8E-8E7AF30E086E}: NameServer = 85.255.112.105,85.255.112.21
.
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21

impossible de lancer MBAM en mode sans échec... que faire ?

ben tu le passz en mode normal mais avant tu supprime les lignes citées

as tu passé comme demandé Malwarebytes (mbam) -->Malwarebytes si oui post le rapport
Edité le 18/05/2009 à 14:46

Merci, mais comment je fais pour les supprimer ? (je sais, je suis un boulet ...)

Non, parce que je les ai coché mais il ne veut pas les "fixés"

De plus, j'installe mbam, ne peux faire les mises à jour (car impossible de me connecter) et impossible de le lancer....

Bon, j'ai réussi à saquer ces 3 P.... de lignes , mais je n'arrive toujours pas à lancer MBAM en mode normal ou sans échec....

Du coup j'envoie ComboFix ... Et, voilà :

ComboFix 09-05-17.04 - Gilles 18/05/2009 19:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1316 [GMT 2:00]
Lancé depuis: J:\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender AntiSpam *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-5-0-18-100007161-100004074-100006056-6632.com
c:\windows\system32\drivers\gxvxcdvevxwptgbrbvfrfrvkmeejxdpixtsri.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcqmnupoqbjqcliqunyacfrenhxitcayku.dll
c:\windows\system32\mfc70.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-18 au 2009-05-18 ))))))))))))))))))))))))))))))))))))
.

2009-05-18 16:33 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-18 16:33 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 16:33 . 2009-05-18 16:33 -------- d-----w c:\programdata\Malwarebytes
2009-05-18 16:33 . 2009-05-18 16:33 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-18 16:33 . 2009-05-18 16:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 10:25 . 2009-05-18 10:25 -------- d-----w c:\program files\Trend Micro
2009-05-18 09:03 . 2009-05-18 09:03 -------- d-----w c:\program files\ToniArts
2009-05-18 08:06 . 2009-05-18 08:06 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-18 08:06 . 2009-05-18 08:06 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-05-18 08:04 . 2009-05-18 08:36 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 21:08 . 2008-04-03 10:56 2677280 ----a-w c:\windows\system32\nvwssr.dll
2009-05-16 16:36 . 2009-01-18 21:30 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-16 16:36 . 2009-05-16 16:36 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-16 16:35 . 2009-05-16 16:35 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-16 16:35 . 2009-05-16 16:35 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-16 16:35 . 2009-05-16 16:35 -------- d-----w c:\program files\Lavasoft
2009-05-16 16:35 . 2009-05-16 16:36 -------- d-----w c:\programdata\Lavasoft
2009-05-16 16:35 . 2009-05-16 16:36 -------- d-----w c:\users\All Users\Lavasoft
2009-05-16 15:03 . 2009-05-16 16:56 -------- d-----w c:\program files\RegistrySmart
2009-05-15 16:42 . 2009-05-15 16:42 -------- d-----w c:\program files\CCleaner
2009-05-15 09:02 . 2009-05-15 13:36 -------- d-----w c:\program files\Air Battles
2009-05-14 12:50 . 2009-05-14 12:50 217088 ----a-w c:\windows\system32\UAService7.exe
2009-05-14 12:47 . 2009-05-14 12:47 -------- d-----w c:\program files\Codemasters
2009-05-08 17:34 . 2009-05-08 17:34 -------- d-----w c:\windows\Profiles
2009-05-08 17:34 . 2009-05-08 17:34 -------- d-----w c:\windows\system32\Adobe
2009-05-08 17:34 . 2009-05-08 17:34 -------- d-----w c:\windows\Application Data\InterTrust
2009-05-08 17:34 . 2009-05-16 16:35 -------- d-----w c:\windows\Application Data
2009-05-07 12:18 . 2009-05-11 07:50 -------- d-----w c:\program files\City Interactive
2009-05-07 10:12 . 2009-05-07 10:12 -------- d-----w c:\windows\Gary Grigsby's World At War
2009-05-07 10:12 . 2009-05-07 10:12 -------- d-----w C:\Matrix Games
2009-04-28 07:59 . 2007-06-12 17:33 61440 ----a-w c:\windows\system32\Autodial2000.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 17:06 . 2007-12-16 09:52 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-18 16:46 . 2009-03-10 11:06 -------- d-----w c:\program files\Steam
2009-05-18 09:03 . 2007-09-13 08:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 08:36 . 2007-12-14 22:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-17 18:05 . 2009-02-25 13:03 -------- d-----w c:\program files\Anuman Interactive
2009-05-16 21:35 . 2007-12-16 09:30 -------- d-----w c:\program files\Packard Bell ImageWriter
2009-05-16 21:13 . 2007-09-13 08:30 -------- d-----w c:\program files\Picasa2
2009-05-16 21:13 . 2007-09-13 08:20 -------- d-----w c:\program files\Google
2009-05-16 17:38 . 2008-01-02 13:21 1356 ----a-w c:\users\Gilles\AppData\Local\d3d9caps.dat
2009-05-16 15:55 . 2009-01-13 08:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-16 15:55 . 2007-12-16 14:04 -------- d-----w c:\program files\Java
2009-05-16 15:05 . 2007-09-13 17:34 678718 ----a-w c:\windows\system32\perfh00C.dat
2009-05-16 15:05 . 2007-09-13 17:34 127798 ----a-w c:\windows\system32\perfc00C.dat
2009-05-16 13:54 . 2009-05-16 13:54 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-16 12:15 . 2007-12-15 18:01 -------- d-----w c:\program files\OrangeHSS
2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-08 17:34 . 2008-03-09 10:18 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 17:51 . 2008-04-11 15:55 -------- d-----w c:\program files\Call of Duty
2009-05-02 13:34 . 2009-02-13 13:10 -------- d-----w c:\program files\Micro Application
2009-05-01 17:16 . 2009-03-29 12:12 -------- d-----w c:\program files\Oberon Media
2009-04-22 09:10 . 2009-03-10 11:08 -------- d-----w c:\program files\Common Files\Steam
2009-04-16 15:52 . 2007-12-14 22:43 -------- d-----w c:\program files\Electronic Arts
2009-04-15 16:35 . 2009-04-15 16:35 -------- d-----w c:\program files\2K Games
2009-04-10 13:28 . 2009-04-10 13:28 5184 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-10 12:57 . 2008-04-10 16:42 -------- d-----w c:\program files\EA GAMES
2009-04-09 14:17 . 2008-04-14 17:11 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-09 14:17 . 2008-04-14 17:11 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-09 14:09 . 2009-04-09 14:09 -------- d-----w c:\program files\OpenAL
2009-04-09 13:13 . 2009-04-09 13:13 -------- d-----w c:\program files\CENEGA
2009-04-09 09:13 . 2009-04-09 09:12 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 09:00 . 2009-04-09 09:00 -------- d-----w c:\program files\Full Pack Codecs
2009-04-07 17:29 . 2009-04-07 17:29 -------- d-----w c:\program files\Chaos Concept
2009-04-04 10:42 . 2007-12-14 18:38 85960 ----a-w c:\users\Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-04 09:31 . 2009-02-08 18:20 -------- d-----w c:\program files\Firefly Studios
2009-03-29 12:12 . 2008-01-25 11:54 -------- d-----w c:\program files\GamesBar
2009-03-29 12:12 . 2009-03-29 12:12 -------- d-----w c:\program files\Common Files\Oberon Media
2009-03-25 13:53 . 2009-03-25 13:53 533 ----a-w c:\windows\eReg.dat
2009-03-25 13:53 . 2008-07-18 15:50 -------- d-----w c:\program files\Maxis
2009-03-24 10:05 . 2009-03-24 10:05 -------- d-----w c:\program files\StopClope
2009-03-17 03:38 . 2009-04-15 18:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 18:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-16 15:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-16 15:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-16 15:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-16 15:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-16 15:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-16 15:23 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-16 15:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-16 15:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-16 15:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-16 15:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-16 15:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-16 15:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-16 15:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-16 15:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-16 15:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-16 15:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-16 15:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-16 15:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 18:38 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 18:38 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 18:38 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 18:38 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 18:38 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 18:38 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 18:38 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-15 18:38 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-15 18:38 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 18:38 17408 ----a-w c:\windows\system32\iashost.exe
2008-07-23 09:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-05-16 21:14 . 2007-09-13 08:21 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2007-09-13 08:15 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2007-09-13 08:15 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2007-09-13 08:15 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2007-09-13 08:15 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2007-09-13 08:15 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-09-13 17:39 . 2007-09-13 17:38 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"Mon Widget RMC"="c:\program files\Nosibay\Mon Widget RMC\launcher.exe" [2008-10-13 185872]
"Steam"="c:\program files\steam\steam.exe" [2009-03-10 1410296]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-16 29744]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-06-12 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-16 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'?cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0D821845-D5C3-4F5E-8105-E4C1646C5D63}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{B4FD8EB8-98DC-4776-8187-BA312C39C20F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{14F4313F-7191-4C44-95AA-D0AEED04473B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91631EDA-E21C-40C1-9E6B-F525FEC18158}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{C6199811-6C7E-4E11-ADDF-BE94EA936B6F}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{FF5E6DAD-0609-4A92-BBCD-DF4F35B245F2}"= UDP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{F57F27BD-832D-4947-B672-34B438C85B04}"= TCP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{FC8C9BA4-A51E-4060-9140-E41E9DF974D4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3E30CB1F-A58B-47D8-BA11-54A0DABC84BB}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3D1307B2-2015-48B7-8228-B6F66F8B8E5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1DE9C5D1-AFC2-4508-BA24-66D0A57110A1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{0DDCF442-9075-48CC-A6D9-42566B58A522}"= UDPeMule tcp
"{EC5192E7-083F-44AD-A974-573056CE0E87}"= TCPeMule udp
"TCP Query User{BEB01C17-E149-4A14-ABB9-AF7BED9F615E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4BF4B818-A06D-4CD3-B0E2-83D573589BA2}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5796F6E2-6341-4033-8D31-9527DE0FD268}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{4A027C81-B303-4B4E-AF31-A2DDAB128C83}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{383B0711-A3AF-4931-84F9-5CD341B9FA40}"= UDPshareaza tcp
"{08932700-6178-49AB-9FEA-87CA79210AA5}"= TCPshareaza udp
"TCP Query User{7776BCF9-74A0-4D0A-91DC-C8E0160EA109}c:\\program files\\anno 1701\\anno1701addon.exe"= UDP:c:\program files\anno 1701\anno1701addon.exe:Anno 1701
"UDP Query User{43EC0828-1BEB-4A34-B84A-AB828666B94E}c:\\program files\\anno 1701\\anno1701addon.exe"= TCP:c:\program files\anno 1701\anno1701addon.exe:Anno 1701
"TCP Query User{42A085AE-3658-4376-9103-BA784D405A5F}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{D233FA39-579F-45B0-A847-FCFA7EF52E99}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"{1374D3BA-7C92-4055-96DC-23C033290B10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D938EEDC-3996-4800-912B-B7B917360D79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B8026C-E693-4496-9756-FFDB2A78C167}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{22231C14-8E57-4B5B-9494-C5C77696E1FD}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{370529C5-D81F-4ED6-94D5-2B31934ADEEA}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{E98827BB-2DAB-4179-8769-D2A56688BBA8}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"{D9F61621-E1BC-422C-851C-A9C6085A97DC}"= Disabled19123:limewire tcp
"{8E5FE192-A080-46E1-811A-C5425D25D1FA}"= Disabled19123:limewire udp
"TCP Query User{0F96D18F-A877-469E-BF19-D01700198C2D}c:\\program files\\limewire\\limewire.exe"= Disabledc:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{65C1B1A1-9AD1-4CCB-BE95-6E3B1A1859DC}c:\\program files\\limewire\\limewire.exe"= Disabledc:\program files\limewire\limewire.exe:LimeWire
"{4B3FBFBB-22A6-4AFF-8EDC-D5EB99DC3091}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8FD84E07-2D91-4A51-A898-AE296A4EDAA7}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D9F8AA6F-51EA-4B49-A164-C28B60C6DC6E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{DDA1B8EE-77AB-427E-96EE-BA75044F5631}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{85F17CB1-0DBD-4E3E-8FE6-DA53228EA7CE}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{62638EAA-3BBC-4FC7-A57F-17D8ACAB0F73}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1E60874C-4432-44F9-9525-A1A0DE62F10C}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{3D4A8790-1790-4C69-BA08-019A6CCC01DF}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{A0D77C9C-299B-41E5-8222-71BC303D4A67}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{BBA74EA2-843A-4CD0-9965-F0F501474CA0}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{27E05397-8262-4767-886E-BE3524158DC0}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{B3000977-02EA-451F-A534-FE84927F0DB1}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D4D2FBC0-5463-4C3D-8853-DC1FFC372C9F}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{8891799E-D00A-40A0-A36D-445B5A9A6ACB}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{02E0815E-DAE5-4692-968E-B744650EB093}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{4E8D15C2-8297-41B1-9A0D-C4942DCF0567}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"TCP Query User{DFC11855-A73E-4B44-B8FC-E26DD6049802}c:\\program files\\nosibay\\mon widget rmc\\mon widget rmc.exe"= UDP:c:\program files\nosibay\mon widget rmc\mon widget rmc.exe:Mon Widget RMC
"UDP Query User{D3364F8F-CC5B-490C-A81B-A68C5F860F48}c:\\program files\\nosibay\\mon widget rmc\\mon widget rmc.exe"= TCP:c:\program files\nosibay\mon widget rmc\mon widget rmc.exe:Mon Widget RMC
"{B6632F4D-2E82-4447-84B7-10DD9CFF665D}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{EB5293CE-D8E9-48A6-8FAE-720F30F444FD}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{A616E902-6490-44A5-8F43-66C3FD99F427}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{78D4F09A-4435-494E-B8B9-4A1D24A1E097}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{83CC8FA9-C592-4175-854A-CC7455BFA6BB}c:\\program files\\activision value\\battle for the pacific\\bftp.exe"= UDP:c:\program files\activision value\battle for the pacific\bftp.exe:bftp
"UDP Query User{2B5D8C63-ADEB-49D3-B7E4-18C4934CBE63}c:\\program files\\activision value\\battle for the pacific\\bftp.exe"= TCP:c:\program files\activision value\battle for the pacific\bftp.exe:bftp
"{FB6A61EB-E58A-4850-B4DF-97492B55F328}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{3B30AA4A-D04C-4262-A6E3-01D6287E17DD}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{DFA1C788-7D63-4203-A7F1-33FFD3186892}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F836FB68-C652-4DF4-B410-8401C6E25034}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{70CADF3D-7CB8-4F87-9C07-781B5F5ACFAA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"{9B1AFE7B-733A-4D09-B161-77DE95E903C6}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"{489848EA-3DC5-47BF-AB9C-EAB72D0EE930}"= UDP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe Total War
"{7FCD14B5-370F-471D-8960-C38D187AEFC3}"= TCP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe Total War
"{08CF86B7-5F76-4740-BFCF-8F92A1115CE5}"= UDP:c:\program files\Air Conflicts\Air Conflicts.exe:Air Conflicts
"{8CC99CD3-E527-4DD9-9B3D-64343137B217}"= TCP:c:\program files\Air Conflicts\Air Conflicts.exe:Air Conflicts
"TCP Query User{C4C5A535-0634-47F1-BD2C-C067FC8B3248}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4BB6493F-0C92-47A6-85A5-C61628C8029F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{126E9F25-0017-4568-9213-BA78DA6EC3DC}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{C73A3716-88F5-406C-A125-592298BB907E}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{E322D05C-34FB-42BA-A654-098C3F09ABF9}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{BF8781DC-6714-4D8D-ACB4-D42EA9D5601D}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*CSS

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [16/05/2009 18:36 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [13/02/2009 16:53 2915944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 921936]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/09/2007 10:21 29744]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [15/12/2007 20:02 28224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-05-18 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-09-13 16:38]

2009-05-18 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-09-13 16:34]

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{BD7E716D-697D-4D40-9134-389199B9CA2F}.job
- c:\windows\system32\msfeedssync.exe [2009-05-16 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe


.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr...
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net...
Rootkit scan 2009-05-18 19:29
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-4136909641-628859927-358492942-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2b,37,e6,d9,24,22,65,25,6e,e8,2f,22,c4,28,c5,b7,2c,f9,c0,98,ce,ee,7d,
2f,65,cd,58,f5,87,b0,bb,0b,2d,66,b9,08,94,ab,01,39,ab,a5,66,4a,7e,40,b7,a8,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\S-1-5-21-4136909641-628859927-358492942-1002\Software\SecuROM\License information*]
"datasecu"=hex:75,10,22,e1,52,60,c0,fe,c3,7b,df,c4,dd,b3,18,08,bc,b5,61,ad,e6,
74,83,97,49,09,7e,cb,08,c0,d6,7e,7d,0f,a5,40,be,34,2e,d4,c8,7d,22,81,17,47,\
"rkeysecu"=hex:87,c2,7e,30,da,50,80,6b,a9,9e,a2,21,70,cb,d6,8d
.
Heure de fin: 2009-05-18 19:30
ComboFix-quarantined-files.txt 2009-05-18 17:30

Avant-CF: 202 784 722 944 octets libres
Après-CF: 203 264 667 648 octets libres

591 --- E O F --- 2009-05-15 13:45

Qu'en pensez_vous ?
Edité le 18/05/2009 à 19:34

Et voilà le rapport MBAM :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2147
Windows 6.0.6001 Service Pack 1

18/05/2009 19:51:50
mbam-log-2009-05-18 (19-49-36).txt

Type de recherche: Examen rapide
Eléments examinés: 73027
Temps écoulé: 3 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\ (Rogue.RegistrySmart) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.

Fichier(s) infecté(s):
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 05_03_18 PM_951.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 05_12_22 PM_077.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 05_31_28 PM_150.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 06_06_39 PM_094.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 06_18_52 PM_024.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 06_26_15 PM_888.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Log\2009 May 16 - 06_37_27 PM_041.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Gilles\AppData\Roaming\RegistrySmart\Registry Backups\2009-05-16_17-04-49.reg (Rogue.RegistrySmart) -> No action taken.

Bon, à priori, tout a l'air d'etre rentré dans l'ordre, j'ai pu de nouveau me connecté

Par contre, j'aimerais bien savoir ce que j'ai chopé et ou ... Et si vous pouviez me dire s'il reste des m... à virer aux vues des différents rapports...

En tout cas, un grand merci à cricri58 et alain77310 pour leur aide précieuse

Salut

ok==> tu n as rien supprimé avec Malwarebytes==>No action Taken

tu ouvres => Malwarebytes==>cliques sur "Quarantaine "=>selectionnes tout et supprimes tout==> tu me confirmeras les suppression

ensuite


mets à jour " Malwarebytes " et fais une Analyse Compléte + Suppressions

Poste le rapport

aprés

Windows XP--> désactiver ou activer la restauration système==>désactiver ou activer la restauration système

tu desactives et active comme d écris

en fait ceci==>--> Désactivation :
Cliques droit sur -->démarre--> "Poste de travail" --> afficher les informations du Systéme--> onglet "Restauration du système" --> coches la case "Désactiver la Restauration du système sur tous les lecteurs"
--> Appliquer attends jusqu 'a que cela soit marqué "désactivée" puis Ok.

et--> Activation :
le même chemin qu avant--> décoches la case "Désactiver la Restauration du système sur tous les lecteurs"
--> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok.

tu me le confirmeras

ensuite
installes Ccleaner

==>Ccleaner


Une fois sur le bureau, clic sur l'install de CCleaner.
-> Mais avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires".(install de la barre yahoo,etc...)

-->Ensuite, clique sur "Options", "Avancé" et décoche la case
-->"Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
-->Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
--> Ensuite clique sur l'icone Registre, à droite, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées".

Accepte la sauvegarde, de la BDR (base de registre )qu'il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu'à qu'il ne trouve plus d'erreurs.)


Redémarres ton Pc-

aprés ==>poste un nouveau log Hijackthis

---

Oups !!

tu as vista

Activer ou désactiver la Restauration du système S’applique à toutes les éditions de Windows Vista.
Quelle édition de Windows Vista suis-je en train d’utiliser ?


La Restauration du système suit régulièrement les modifications des fichiers système sur votre ordinateur et utilise la fonctionnalité Protection du système pour créer des points de restauration. La Protection du système est activée par défaut sur tous les disques durs de votre ordinateur. Vous pouvez sélectionner les disques pour lesquels la Protection du système est activée.

Si vous désactivez la Protection du système pour un disque, les points de restauration de ce disque sont supprimés. Vous ne pouvez pas restaurer un disque tant que la Protection du système n'est pas activée de nouveau et qu'un point de restauration n'est pas créé. Pour activer ou désactiver la Protection du système pour un disque
1.
Pour ouvrir Système, cliquez sur le bouton Démarrer, sur Panneau de configuration, sur Système et maintenance, puis sur Système.
2.
Dans le volet gauche, cliquez sur Protection du système. Si vous êtes invité à fournir un mot de passe administrateur ou une confirmation, fournissez le mot de passe ou la confirmation.
3.
Pour activer la Protection du système pour un disque dur, activez la case à cocher en regard du disque, puis cliquez sur OK.
? ou ?
Pour désactiver la Protection du système pour un disque dur, désactivez la case à cocher en regard du disque, puis cliquez sur OK.

RemarqueLa restauration du système ne protège pas les disques FAT32, ni les autres disques FAT, car ces derniers ne prennent pas en charge l’utilisation des clichés instantanés. Les clichés instantanés contiennent des informations sur les modifications des documents et des fichiers système. Les clichés instantanés nécessitent le système de fichiers NTFS. Dans cette version de Windows, la restauration du système utilise les clichés instantanés pour créer des points de restauration. Si vous stockez des fichiers système sur un disque FAT, vous ne pouvez pas utiliser la restauration du système pour annuler les modifications.

re

A faire

avant de faire restauration du systéme , Ccleaner et de posté un nouveau Log hijackthis


Télécharges sur le bureau

OTMoveIt3.exe==>OTMOvelt.exe

==>Copier ce texte qui est en gras

:Processes
explorer.exe

:Files
C:\WINDOWS\System32\appdrvrem01.exe


:Commands
[emptytemp]
[start explorer]
[Reboot]

==>Double-clic sur OTMoveIt
==> Dans le cadre de Gauche ==> clic-droit ==> coller
==> Cliques==> MoveIt!
==> si redémarrage demandé==> Clic : YES
==> Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour_heure à copier puis à coller ici

Jai oublié


lances hijackthis

cliques sur do a system scan only

coches ces lignes
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CCS\Services\Tcpip\..\{B137F01C-BE9C-4C2D-BC8E-8E7AF30E086E}: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
fermes tes autres applications==>cliques sur Fix Cheked

et

Télécharger FixWareout d'un de ces deux sites sur le bureau :

==>FixWareout

* Lancer le fix, cliquer sur Next, puis Install, s'assurer que "Run fixit" est activé, ensuite cliquer sur Finish.


Le fix commencera, suivre les messages à l'écran. Il sera demandé à la fin de redémarrer l'ordinateur (si le système met un peu plus de temps au démarrage, c'est normal !)

Remarque 1 :

En cas d'infections d'autres types venant s'additionner avec Wareout, et nécessitant eux-mêmes l'utilisation d'un fix (exemple : les variantes de Smitfraud, Vundo ...), privilégier d'abord l'élimination de Wareout car sa présence dans le système peut rendre inutilisable les autres fix ...

Remarque 2 :

Il se peut, dans certains cas, que même après l’utilisation de FixWareout, et de HijackThis, ces fameuses 017 résistent, et réapparaissent dans les rapports HijackThis par la suite. Voici une astuce permettant de neutraliser définitivement ces lignes des rapports :

Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (TCP/IP) puis cliquer sur le bouton Propriétés.
Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 => (85.255.114.73 / 85.255.112.227 etc...)

Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"OK" et redémarrer le PC.

lien de Fixwareout==>Fixwareout.exe

---

t as du pain sur la planche !!!
on fera aprés un "SmitFrauFix " mais je te le dirai comment

@+

salut cricri58

Moi qui pensais en avoir fini ... je m'y mets

Pendant l'analyse complète avec Malawarebytes, Bit Defender m'a signalé 2 virus

Trojan.Generic.1812896
Chemin : C:\Program Files\mediainfo.dll

Gen: Rootkit.Heur.207887C6C6
Chemin : C:\Qoobox\Qu...dpixtsri.sys.vir

Celà vous dit-il quelquechose ?

Voilà le rapport MBAM :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2149
Windows 6.0.6001 Service Pack 1

19/05/2009 11:15:31
mbam-log-2009-05-19 (11-15-31).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 304383
Temps écoulé: 2 hour(s), 17 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Je n'arrive pas à télécharger OTMoveIt3.exe

Concernant HJT, j'ai supprimé les 2 lignes R0 mais la O23 résiste (cf rapport suivant)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:38, on 19/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Nosibay\Mon Widget RMC\Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Nosibay\Mon Widget RMC\Mon Widget RMC.exe
C:\Program Files\Steam\steam.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Mon Widget RMC] "C:\Program Files\Nosibay\Mon Widget RMC\launcher.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9015 bytes

---

Pour Fixwareout, il refuse de se lancer (Unsupported windows version)...

Salut

Redémarre en "Mode sans échec" : redémarres ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lances Hijackthis
cliques sur=>Do a System scan Only

coches
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe

cliques sur Fix Cheked

redémarres ton PC

Pourquoi n arrives tu pas à télécharger OtMvelt le lien Fonctionne?? réessayes si il fonctionne fais ce qui est marqué plus haut

ensuite
Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) et installes
smitfraudfix

==> Option:1 => Recherche:

==>Double cliquer sur SmitfraudFix.exe

==> Sélectionnes 1 et presses =>Entrée dans le menu pour créer

un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque

système

C:\rapport.txt

==>et colle le rapport ici