Demande d'aide éradication virus

[DupondAvecUnD]

Bonjour,

J'ai été contaminé hier en ouvrant un fichier qui m'a été donné et que je n'ai pas vérifié. Il devait s'agir d'un crack nommé setup.exe.

Avast s'est arrété et le PC aussi. J'ai désinstallé et installé Avast en mode Admin même message. J'ai arrété toute manip sauf l'installation de FindyKill. J'avais vu sur différents sites qu'il pouvait m'aider. Par contre il est indiqué qu'il fallait mieux demander de l'aide avant de passer à l'option de nettoyage 2.

J'ai édité le rapport que je vous transmet.

Merci de bien vouloir m'aider à résoudre ma connerie.

 

############################## | FindyKill V6.004 |

 

# User : Administrateur (Administrateurs) # PC-DE-C-H

# Update on 08/07/09 by Chiquitine29 & C_XX

# Start at: 23:32:23 | 09/07/2009

# Website : http://pagesperso-orange.fr/NosTools/index.html

 

#

#

# Internet Explorer 7.0.6001.18000

# Windows Firewall Status : Enabled

 

 

 

############################## | Processus actifs |

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System\sessmgr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Nero\Nero8\InCD\InCD.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Vista Start Menu\VistaStartMenu.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

 

################## | Registre Startup |

 

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"

HKCU_Main: "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

HKCU_Main: "Start Page"="http://www.google.fr/"

HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"

HKLM_logon: "LegalNoticeCaption"=""

HKLM_logon: "LegalNoticeText"=""

HKLM_Run: EoEngine=

HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

HKLM_Run: UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

HKLM_Run: SysTrayApp=%ProgramFiles%\IDT\WDM\sttray.exe

HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"

HKLM_Run: QPService="C:\Program Files\HP\QuickPlay\QPService.exe"

HKLM_Run: QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

HKLM_Run: OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM_Run: HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime

HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"

HKLM_Run: InCD=C:\Program Files\Nero\Nero8\InCD\InCD.exe

HKLM_Run: hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM_Run: Google Quick Search Box="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

HKLM_Run: Windows Mobile-based device management=%windir%\WindowsMobile\wmdc.exe

HKLM_Run: SSBkgdUpdate="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

HKLM_Run: ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKLM_Run: DNS7reminder="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini

HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

HKLM_Run: avast!=C:\PROGRA~1\Alwil\Avast4\ashDisp.exe

HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

HKCU_Run: WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKCU_Run: LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKCU_Run: L08FXLRD_1502773="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m

HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

HKCU_Run: ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

HKCU_Run: VistaStartMenu="C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

 

################## | Fichiers # Dossiers infectieux |

 

Présent ! [cce05eef344ff635b66acfe89b8971eb] C:\Windows\system32\ban_list.txt

 

################## | C:\Users\Administrateur\Temporary Internet Files |

 

 

################## | All Drives ... |

 

Présent ! F:\$Recycle.Bin\S-1-5-21-2064635653-3729951122-4279557079-1000\$R0YM7GZ\keygen.exe

Présent ! [854d1041e6705b8ab53defee411b453a] G:\Delme.bat

 

################## | Registre # Clés Run infectieuses |

 

Présent ! HKCU\Software\MuleAppData

Présent ! HKLM\SYSTEM\CurrentControlSet\Services\111111s1ro1s1a

Présent ! HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a

Présent ! HKLM\SYSTEM\ControlSet003\Services\111111s1ro1s1a

Présent ! HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_111111s1ro1s1a

Présent ! HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a

Présent ! HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_111111s1ro1s1a

Présent ! HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S

Présent ! HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

Présent ! HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S

Présent ! HKU\S-1-5-21-2064635653-3729951122-4279557079-500\Software\MuleAppData

Présent ! HKLM\software\microsoft\security center\Svc "AntiVirusOverride" ( 0x1 )

 

################## | Registre # Mountpoints2 |

 

 

################## | Etat / Services / Informations |

 

# Affichage des fichiers cachés : OK

 

# Mode sans echec : OK

 

# (!) Uac = 0x0

 

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )

# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )

# windefend -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | Cracks / Keygens / Serials |

[Falkra]

Bonjour,

 

ne nettoie pas avec Findykill.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire au navigateur où le télécharger.

 

Télécharge combofix.exe de sUBs et renomme-le TRALALA.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combo-fix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[DupondAvecUnD]

Merci Falkra,

Voilà mon rapport de ComboFix :

 

ComboFix 09-07-09.07 - Administrateur 10/07/2009 11:32.1.2 - NTFSx86

Lancé depuis: c:\users\Administrateur\Desktop\Tralala.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1753393394-1739914917-1163840506-500

c:\users\Administrateur\AppData\Roaming\dllhst3g.exe

c:\users\Administrateur\AppData\Roaming\mstinit.exe

c:\users\Charles-Henry\AppData\Local\Microsoft\logman.exe

c:\users\Charles-Henry\AppData\Local\mstsc.exe

c:\users\Charles-Henry\AppData\Roaming\dllhst3g.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\111wfs1intwq.sys

c:\users\Charles-Henry\AppData\Roaming\drivers\11s11ro1s1a2.sys

c:\users\Charles-Henry\AppData\Roaming\drivers\downld

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162900081.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162904387.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162995803.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162998284.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\163001201.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\163001997.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3403317.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3419307.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3421367.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3526074.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3527369.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3528134.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3528415.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3540645.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3586431.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3589973.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3591283.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3677427.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3680562.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4091921.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4093091.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4094043.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4100611.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4101437.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4108067.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4110002.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4110797.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4111811.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4164150.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329573.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329901.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329916.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4459522.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4460645.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4460910.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4461503.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4462268.exe

c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4462299.exe

c:\users\Charles-Henry\AppData\Roaming\Microsoft\mqtgsvc.exe

c:\windows\Installer\2a551a.msi

c:\windows\Installer\3afe7.msi

c:\windows\system\sessmgr.exe

c:\windows\system32\ban_list.txt

c:\windows\system32\drivers\clipsrv.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_111111S1RO1S1A

-------\Legacy_SK9OU0S

-------\Service_111111s1ro1s1a

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-10 au 2009-07-10 ))))))))))))))))))))))))))))))))))))

.

 

2009-07-10 09:42 . 2009-07-10 09:42 -------- d-----w- c:\users\Charles-Henry\AppData\Local\temp

2009-07-09 21:30 . 2009-07-09 23:13 -------- d-----w- C:\FindyKill

2009-07-09 21:21 . 2009-07-09 21:21 1403940 ----a-w- C:\FindyKill.exe

2009-07-09 20:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-07-09 20:07 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-07-09 20:07 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-07-09 20:06 . 2009-07-09 20:06 -------- d-----w- c:\program files\Alwil

2009-07-09 17:23 . 2009-07-09 17:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes

2009-07-09 14:54 . 2009-07-09 14:54 -------- d-----w- c:\windows\Sun

2009-07-09 13:51 . 2009-07-09 13:51 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ArcticLine

2009-07-09 13:41 . 2009-07-10 09:42 -------- d--h--w- c:\users\Charles-Henry\AppData\Roaming\drivers

2009-07-08 13:02 . 2009-07-08 13:02 -------- d-----w- C:\Capture Jaune

2009-07-08 12:46 . 2009-07-08 12:46 -------- d-----w- C:\AspiWeb_v320

2009-07-08 12:42 . 2009-07-08 12:42 -------- d-----w- c:\program files\TorrentSpeeder

2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Babylon

2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\programdata\Babylon

2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Local\ACD Systems

2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\programdata\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\Common Files\ACD Systems

2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\users\Charles-Henry\AppData\Local\Downloaded Installations

2009-07-07 16:24 . 2004-08-19 15:09 153088 ----a-w- c:\windows\system32\triedit.dll

2009-07-07 16:24 . 2004-02-23 00:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL

2009-07-07 16:24 . 2004-02-23 00:00 322560 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2009-07-07 16:24 . 1998-07-13 00:00 16384 ----a-w- c:\windows\system32\ADODCFR.DLL

2009-07-07 16:24 . 1998-07-13 00:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL

2009-07-07 16:24 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\INetFR.DLL

2009-07-07 16:24 . 2007-10-05 17:18 114688 ----a-w- c:\windows\system32\myodbc3i.exe

2009-07-07 16:24 . 2007-10-05 17:18 106496 ----a-w- c:\windows\system32\myodbc3m.exe

2009-07-07 16:24 . 2007-10-05 17:18 6660096 ----a-w- c:\windows\system32\myodbc3S.dll

2009-07-07 16:24 . 2007-10-05 17:18 2183168 ----a-w- c:\windows\system32\myodbc3.dll

2009-07-07 16:24 . 2009-07-07 17:46 -------- d-----w- c:\program files\REFERENCE SOFTWARE

2009-07-07 14:06 . 2009-07-07 14:06 -------- d-----w- c:\program files\Icon Commander

2009-07-07 06:23 . 2009-07-07 06:25 -------- d-----w- c:\program files\East-Tec Backup

2009-07-02 14:22 . 2009-07-02 15:09 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games

2009-07-02 14:21 . 2009-07-10 08:41 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Vista Start Menu

2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- c:\programdata\HP Product Assistant

2009-07-02 13:47 . 2009-07-02 13:47 -------- d-----w- c:\program files\Common Files\HP

2009-07-02 13:41 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2009-07-02 13:41 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll

2009-07-02 13:41 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll

2009-07-02 13:41 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll

2009-07-02 13:41 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll

2009-07-02 13:31 . 2009-07-02 13:58 178012 ----a-w- c:\windows\hpoins28.dat

2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\users\Administrateur\AppData\Local\Hewlett-Packard

2009-07-02 12:48 . 2009-07-02 12:48 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Hewlett-Packard

2009-06-29 11:09 . 2009-06-29 11:09 -------- d-----w- c:\program files\Adolix

2009-06-29 10:48 . 2009-06-29 11:06 -------- d-----w- c:\program files\eCover Engineer V6

2009-06-25 09:14 . 2009-06-25 09:14 -------- d-----w- C:\Mon Site Web

2009-06-25 07:31 . 2009-06-25 07:43 -------- d-----w- c:\program files\WebSite X5 Smart V7

2009-06-24 16:05 . 2009-06-24 16:33 -------- d-----w- c:\program files\WebSite X5 Smart

2009-06-24 16:04 . 2009-03-15 15:35 207872 ----a-w- c:\windows\system32\iwpsetup.exe

2009-06-24 16:04 . 2001-08-31 12:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll

2009-06-24 16:04 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL

2009-06-23 17:04 . 2009-06-24 15:47 -------- d-----w- c:\program files\Guppy

2009-06-23 16:44 . 2009-06-23 16:55 -------- d-----w- C:\Guppy

2009-06-20 15:34 . 2009-06-20 15:34 -------- d-----w- c:\program files\3D Image Commander

2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ArcticLine

2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\program files\Folder Marker

2009-06-19 08:24 . 2009-06-19 08:24 -------- d-----w- c:\program files\CCleanerV2

2009-06-14 15:51 . 2009-06-14 15:55 -------- d-----w- c:\program files\Extra Screen Capture Pro

2009-06-14 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-14 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-13 18:08 . 2009-06-13 18:08 -------- d-----w- c:\windows\system32\syncdb

2009-06-12 07:28 . 2009-06-12 07:28 -------- d-----w- c:\programdata\is-AES6H

2009-06-12 07:28 . 2009-06-19 08:00 26363936 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-12 07:05 . 2009-06-12 07:05 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAD8F.tmp.exe

2009-06-11 07:11 . 2009-06-11 07:11 110592 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\36F7.tmp_\Antidote - OpenOffice.org 2.0.uno.pkg\Antidote-OOo.dll

2009-06-11 07:03 . 2009-06-11 07:03 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Druide

2009-06-11 06:43 . 2009-06-11 06:43 97280 ----a-r- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe

2009-06-11 06:43 . 2009-06-11 06:43 -------- d-----w- c:\program files\Druide

2009-06-11 06:33 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-06-10 14:14 . 2009-06-10 14:14 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Moyea

2009-06-10 14:13 . 2009-06-10 14:13 -------- d-----w- c:\program files\Moyea

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 09:46 . 2008-09-30 08:18 43414 ----a-w- c:\programdata\nvModes.dat

2009-07-10 09:43 . 2008-07-29 22:20 12 ----a-w- c:\windows\bthservsdp.dat

2009-07-09 20:16 . 2008-07-30 08:06 672322 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-09 20:16 . 2008-07-30 08:06 124434 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-09 14:49 . 2008-12-06 13:29 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-09 14:49 . 2008-07-30 00:18 -------- d-----w- c:\program files\Java

2009-07-09 13:39 . 2008-12-27 10:01 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\DNA

2009-07-09 10:50 . 2009-03-18 08:41 1 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-07-09 10:49 . 2009-04-27 11:06 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Vista Start Menu

2009-07-07 17:46 . 2008-07-29 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-07 16:31 . 2009-04-16 10:23 7592 ----a-w- c:\users\Charles-Henry\AppData\Local\d3d9caps.dat

2009-07-05 06:32 . 2009-03-15 09:25 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\dvdcss

2009-07-02 13:48 . 2008-11-08 14:51 -------- d-----w- c:\programdata\HP

2009-07-02 12:22 . 2009-02-21 10:16 121848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-06-19 15:19 . 2008-11-06 14:40 121848 ----a-w- c:\users\Charles-Henry\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-19 08:00 . 2009-06-12 07:28 313160 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-18 07:39 . 2008-07-29 23:55 -------- d-----w- c:\programdata\Microsoft Help

2009-06-13 18:15 . 2008-07-29 23:58 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-12 06:44 . 2008-07-29 23:32 -------- d-----w- c:\program files\Microsoft Works

2009-06-08 14:02 . 2009-06-08 13:43 -------- d-----w- c:\program files\Aplus Vidéo Suite

2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\AVS4YOU

2009-06-08 07:45 . 2009-06-08 07:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\AVS4YOU

2009-06-08 07:44 . 2009-06-08 07:44 -------- d-----w- c:\programdata\AVS4YOU

2009-06-06 14:48 . 2009-06-06 14:48 -------- d-----w- c:\program files\Adobe Media Player

2009-06-06 14:47 . 2009-06-06 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-06-06 14:46 . 2009-03-09 17:30 38208 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-06-05 06:55 . 2009-04-26 21:35 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Clipdiary

2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\programdata\Martau

2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\program files\Total Uninstall 5

2009-05-24 21:27 . 2008-11-08 10:35 -------- d-----w- c:\program files\PDFCreator Toolbar

2009-05-24 21:11 . 2009-05-04 06:00 -------- d-----w- c:\program files\myBabylon_English

2009-05-23 20:48 . 2009-05-23 20:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Gold Wave Editor Pro

2009-05-23 20:44 . 2009-05-23 20:44 -------- d-----w- c:\program files\Gold Wave Editor Pro

2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w- c:\program files\HandyShopper

2009-05-16 05:28 . 2009-05-16 05:28 -------- d-----w- c:\program files\Ax3soft

2009-05-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Malwarebytes

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\program files\A_Squared

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\programdata\Malwarebytes

2009-05-03 14:13 . 2009-04-26 12:23 3674 ----a-w- c:\users\Charles-Henry\AppData\Roaming\SAS7_000.DAT

2009-04-27 17:03 . 2009-01-01 10:47 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys

2009-04-24 16:05 . 2009-06-11 06:32 827904 ----a-w- c:\windows\system32\wininet.dll

2009-04-24 16:02 . 2009-06-11 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 13:44 . 2009-06-11 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-04-23 12:43 . 2009-06-11 06:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-11 06:32 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-22 23:30 . 2009-04-22 21:28 443 ----a-w- c:\windows\PowerReg.dat

2009-04-22 22:54 . 2009-04-22 22:57 403968 ----a-w- c:\windows\speech.dll

2009-04-22 21:30 . 2009-04-22 21:30 225280 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe

2008-07-30 08:11 . 2008-07-30 08:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-05-24 21:11 2094616 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-02-28 12:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408]

"L08FXLRD_1502773"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-13 2171392]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-05 413696]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-18 68592]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"avast!"="c:\progra~1\Alwil\Avast4\ashDisp.exe" [2009-07-10 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136]

 

c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PowerReg SchedulerV2.exe [2009-4-22 225280]

 

c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-7 110592]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-1000]

"EnableNotificationsRef"=dword:00000006

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-500]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{AFCE2351-7ACC-4803-A7C9-8C259F10BE0D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{22457A67-E72C-4843-88AE-4456E006308A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{167632E7-3791-47A2-9DCA-63D6F80F5C47}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{87F63783-4673-4B3B-A248-B6FABF7AFE8C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CCC78D8F-EB28-4C1E-87D6-87805A606B7D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{0242A80F-567E-42B0-AF27-258D992ECE0B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{DB782A31-6037-4C7E-8665-60B3FC2D4789}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{9AC1FEDD-2FCE-4ED7-BF29-82BBDE91686E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{EF80A058-775E-4A83-9D5F-4B537373AE8C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{9C39EBBB-160E-4C4C-A09E-B3845AE4FE78}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4115CF97-61EE-4B8B-8F0D-E76F9772AFC8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D73932E8-7CA7-404A-9F76-92D05652E920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{598D8F70-6503-4032-85CE-82B201757E5E}h:\\program files\\bittorrent\\bittorrent.exe"= UDP:h:\program files\bittorrent\bittorrent.exe:bittorrent

"UDP Query User{38C83894-E15A-4433-A1D9-AB4BB507A125}h:\\program files\\bittorrent\\bittorrent.exe"= TCP:h:\program files\bittorrent\bittorrent.exe:bittorrent

"TCP Query User{483683A2-8BF6-4238-8E18-D324928479C5}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= UDP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe

"UDP Query User{6E72674C-342B-4156-BB9B-E86EFA131E06}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= TCP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe

"TCP Query User{414C42D2-83E4-4F9A-8397-D857FAABFE83}C:4\\program files\\bittorrent\\bittorrent.exe"= UDP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe

"UDP Query User{9BFC6D7D-D049-41EC-9185-2EEAA18F6F15}C:4\\program files\\bittorrent\\bittorrent.exe"= TCP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe

"{BAA69B85-5D83-48E4-B31F-F8B00A427EED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{0C8A93B8-2268-4738-B66C-34B43DDB904D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{EDAF87EF-05FB-4326-83C8-3B95705F1D29}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{ED783E0E-2A70-43B8-AE34-A44ADE87CCC0}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{AA5ED257-602D-45EA-92DB-EF65F40DFED6}"= UDP:5353:Adobe CSI CS4

"TCP Query User{29E63E8F-D8B3-4251-B515-C360882654F0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= UDP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe

"UDP Query User{DDEBF1ED-CFB7-45ED-8CA3-131D3FE5BBF0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= TCP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe

"{77434250-2D16-4B82-83DE-F8B339D59530}"= Disabled:UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{45A81BC6-70B0-43D1-A796-2BACD54ABBC3}"= Disabled:TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{B049F4A6-89F7-49AA-A75B-ED7650A9F05A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{BD855DAC-0EA1-4EEB-9C9F-4496000618AE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{D7D5C76B-BD83-42DA-A9B0-FD4CBCF1DE44}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{C741FD90-9A59-456A-B0C9-DA347E25CF9C}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost

"UDP Query User{3085F335-4E53-4312-9AC6-14B99CC79B93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost

"TCP Query User{E33A3A7F-9DB1-4B07-A41F-9257C051157F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost

"UDP Query User{54DCD5A3-EB9F-4A92-8D21-BF51E050A181}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost

"TCP Query User{5D18C178-4CB1-48A1-9B0B-105B61290E91}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost

"UDP Query User{05B59112-9223-4E87-8E01-3A7D585EF5D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost

"TCP Query User{C4A48145-90C7-4497-8E12-8829503FB5F3}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost

"UDP Query User{337CF112-14E2-4ACE-8D07-CB4DBE9C621B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost

"TCP Query User{5F596EF7-5943-4FBF-80BC-42478C3310C0}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm

"UDP Query User{726565BA-F867-4828-8B0E-919B449BDC69}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm

"TCP Query User{30FDD1C0-44BD-42FF-B4A9-012C8BB8524E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{B85DCA09-52CB-421B-82E6-A5BECB406D27}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{ACAF0FDF-E1B2-44B1-AB0B-0B94821E3A15}"= UDP:c:\program files\Tidy Favorites\tidyfavorites.exe:TidyFavorites

"TCP Query User{51BDB074-DC32-40C9-803A-77E55C4A6F3A}c:\\program files\\tidy favorites\\tidyfavorites.exe"= UDP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites

"UDP Query User{71115AA5-72C8-40E5-AF8F-9C3FDFCC1BB6}c:\\program files\\tidy favorites\\tidyfavorites.exe"= TCP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites

"{D68260D1-50E4-4611-97CF-75684C1C9A58}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2D2F64F0-4724-4585-B173-8EF6D24BD91C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{8484A375-A354-4878-8272-C60AACA5836E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm

"UDP Query User{97C7CC56-F211-4307-8233-D7F49452A8A5}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"TCP Query User{46EFB20A-9F4C-4DB8-8C0B-3A39E2D59C55}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm

"UDP Query User{0226F124-99C0-478B-B325-8C1C3875BB4B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm

"TCP Query User{92395257-784F-4644-AE67-B2BE4778D302}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm

"UDP Query User{BF9B37CF-0669-48A6-9CC6-99793ACC0062}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm

"TCP Query User{1E6C410F-8A59-4D6D-98BD-C2CF76F9ED24}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm

"UDP Query User{E317A20D-8264-463E-A465-1622EC84F19D}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm

"TCP Query User{4E6D60D4-3F40-4613-9518-BDCA1074AF56}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm

"UDP Query User{39A87C09-8563-4884-9C0C-B7311FE3685E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm

"TCP Query User{DC2E7BCA-0B06-415E-8FA1-90BA8F0FF07E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm

"UDP Query User{779D8DC4-7A88-4771-91E7-C4D1023028D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm

"TCP Query User{948680CE-E76F-4BFD-8D97-5A5548AA6C93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm

"UDP Query User{E774C0B4-BC70-4B25-B209-D0EB74FD385F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm

"TCP Query User{103B4F46-28F5-4821-94D9-D934F595FDA8}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{DC8DE983-6906-4C02-90E2-EE9801ACAD62}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"TCP Query User{D1F23D96-546E-4CA9-9F37-5F3FAD9C70AA}c:\\program files\\guppy\\zazouminiwebserver.exe"= UDP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer

"UDP Query User{E5AB5C28-5DB3-4B73-BDFE-A160D0844A74}c:\\program files\\guppy\\zazouminiwebserver.exe"= TCP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer

"{4A1C5D41-3DDE-409A-B549-DBB76B5CBAFE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{66DAFB14-10EB-4505-A72E-CEC9D6B2F530}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{596913BC-ED04-4B23-828B-E6D485BE2F44}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{2FB10010-C6A6-4D5B-BCAF-47F039D09914}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{EBA1D703-E4B2-4AF0-BDEC-CEB10F60409D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F5E540CA-CD64-4019-835C-D5CE36A6B3E5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{1572AB97-9AB3-4CEC-B029-027E0AF23D40}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{E9560C37-816E-4038-A121-4973523C4BA3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{F3F71ADB-817C-4445-A398-D3721E89FC3D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{2A06A960-1172-41CF-9D4A-F81275B68F63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"h:\\Program Files\\BitTorrent\\bittorrent.exe"= h:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"= c:\program files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia

 

R1 aswSP;avast! Self Protection; [x]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]

R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]

R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]

R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800]

S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-01-27 40368]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

 

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{8827CF3C-668F-46E5-AE67-3DE4C07251ED}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKLM-Run-EoEngine - (no file)

HKLM-Explorer_Run-ClipSrv - c:\windows\System32\drivers\clipsrv.exe

HKCU-Explorer_Run-DllHst - c:\users\ADMINI~1\AppData\Roaming\dllhst3g.exe

HKU-Default-Explorer_Run-ComRepl - c:\users\CHARLE~1\AppData\Local\Temp\comrepl.exe

HKU-Default-Explorer_Run-MstInit - c:\users\ADMINI~1\AppData\Roaming\mstinit.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PROMT5\PROMTIE4\promtie5.htm

IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PROMT5\PROMTIE4\options.htm

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0401

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0402

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0404

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0405

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0406

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0407

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040B

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040C

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040D

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0410

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0415

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0416

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0418

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang041D

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0421

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0422

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0429

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0C1A

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0401

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0402

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0404

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0405

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0406

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0407

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040B

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040C

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040D

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0410

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0415

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0416

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0418

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang041D

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0421

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0422

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0429

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0C1A

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} - c:\progra~1\COMMON~1\TIDYFA~1\AddToFav.dll

IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {9B0CFC24-6650-4BEE-8030-6FCAE4672685} - c:\progra~1\COMMON~1\TIDYFA~1\OpenFav.dll

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 11:48

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.avi"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(3516)

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\program files\Vista Start Menu\VistaStartMenu.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero8\InCD\InCDsrv.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Heure de fin: 2009-07-10 11:53 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-07-10 09:53

 

Avant-CF: 192 093 339 648 octets libres

Après-CF: 192 258 809 856 octets libres

 

627 --- E O F --- 2009-07-07 06:19

[Falkra]

Tu as choppé ça via des cracks sur réseaux p2p.

Tu sais ce qu'il faut faire pour éviter ça.

 

On continue.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

• Télécharge le fichier CFscript.txt depuis ce site :
  http://senduit.com/2aa566
   
  
• Place-le sur le bureau, près de l'icône de combofix.
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

----------

 

Après ça, Avast est mort, à cause de l'infection, et je l'ai achevé pour en faciliter la désinstallation.

Je te conseille de changer d'antivirus. Avast est devenu une passoire et laisse passer tous les gros trucs, + les trucs récents (dommage).

Antivir est tout aussi gratuit (disponible en français maintenant) et surtout bien plus efficace, par ailleurs le support utilisateur est efficace et réactif, comme il doit l'être pour un logiciel de ce type.

Tu peux désinstaller avast par le panneau de configuration / ajout-suppression de programmes. Si ça ne marche pas bien, il y a aussi (au cas où mais normalement pas besoin) cet utilitaire officiel :

http://www.avast.com/fre/avast-uninstall-utility.html

Au besoin en mode sans échec, si ça rouspète vraiment (rarement nécessaire toutefois).

 

Pour Antivir voici un lien de téléchargement direct (version en français) :

http://dlce.antivir.com/package/wks_avira/...personal_fr.exe

[DupondAvecUnD]

Falkra, j'ai un petit problème ! J'ai fait ce que tu m'as demandé mais depuis une 1/2 heure l'écran affiche "Fermeture de session..." Est-ce normal ? Je ne peux t'envoyer le rapport. Faut-il redémarrer ? Merci de ton éclairage.

[DupondAvecUnD]

Bon la machine a rebooté.

Que dois-je faire maintenant STP ?

voici le rapport final :

Merci Falkra

 

ComboFix 09-07-09.07 - Administrateur 10/07/2009 12:27.2.2 - NTFSx86

Lancé depuis: c:\users\Administrateur\Desktop\Tralala.exe

Commutateurs utilisés :: c:\users\Administrateur\Desktop\CFscript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

"C:\FindyKill.exe"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\FindyKill

C:\FindyKill.exe

c:\findykill\$llave

c:\findykill\FindyKill.cmd

c:\findykill\Reg\Hkcu

c:\findykill\Reg\Hkcu_Po

c:\findykill\Reg\Hkcu_Run

c:\findykill\Reg\Hklm_Ifeo

c:\findykill\Reg\Hklm_Logon

c:\findykill\Reg\Hklm_Run

c:\findykill\Reg\Hklm_Serv

c:\findykill\Reg\Hku_Def

c:\findykill\Reg\Rkt

c:\findykill\Reg\ShellExecuteHooks

c:\findykill\Reg\SP2.reg

c:\findykill\Reg\SP3.reg

c:\findykill\Reg\Startup

c:\findykill\Reg\Uac.reg

c:\findykill\Reg\UsbFix.reg

c:\findykill\Reg\Vista.reg

c:\findykill\Tools\EchoX.exe

c:\findykill\Tools\Files.cmd

c:\findykill\Tools\Folders.cmd

c:\findykill\Tools\fsum.exe

c:\findykill\Tools\FyK.ico

c:\findykill\Tools\GREP.EXE

c:\findykill\Tools\IZARCE.exe

c:\findykill\Tools\K_Proc

c:\findykill\Tools\K_Root.cmd

c:\findykill\Tools\Kill_P.exe

c:\findykill\Tools\Langue.cmd

c:\findykill\Tools\md5deep.exe

c:\findykill\Tools\RefMd5.def

c:\findykill\Tools\sed.exe

c:\findykill\Tools\SniffC.exe

c:\findykill\Tools\swreg.exe

c:\findykill\Tools\Usb

c:\findykill\Tools\UsbFix.vbs

c:\findykill\Tools\UsbFix_Setup.ico

c:\findykill\Tools\UsbReg.vbs

c:\findykill\Tools\winupgro.exe

c:\findykill\Uninstal.exe

c:\program files\AskBarDis

c:\program files\AskBarDis\bar\bin\askPopStp.dll

c:\program files\AskBarDis\bar\bin\psvince.dll

c:\program files\AskBarDis\bar\Settings\config.dat

c:\program files\AskBarDis\bar\Settings\config.dat.bak

c:\program files\AskBarDis\unins000.dat

c:\program files\AskBarDis\unins000.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASWFSBLK

-------\Legacy_ASWMONFLT

-------\Legacy_ASWSP

-------\Service_aswFsBlk

-------\Service_aswMonFlt

-------\Service_aswSP

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-10 au 2009-07-10 ))))))))))))))))))))))))))))))))))))

.

 

2009-07-10 10:31 . 2009-07-10 13:14 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2009-07-09 20:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-07-09 20:07 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-07-09 20:07 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-07-09 20:06 . 2009-07-09 20:06 -------- d-----w- c:\program files\Alwil

2009-07-09 17:23 . 2009-07-09 17:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes

2009-07-09 14:54 . 2009-07-09 14:54 -------- d-----w- c:\windows\Sun

2009-07-09 13:51 . 2009-07-09 13:51 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ArcticLine

2009-07-09 13:41 . 2009-07-10 09:42 -------- d--h--w- c:\users\Charles-Henry\AppData\Roaming\drivers

2009-07-08 13:02 . 2009-07-08 13:02 -------- d-----w- C:\Capture Jaune

2009-07-08 12:46 . 2009-07-08 12:46 -------- d-----w- C:\AspiWeb_v320

2009-07-08 12:42 . 2009-07-08 12:42 -------- d-----w- c:\program files\TorrentSpeeder

2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Babylon

2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\programdata\Babylon

2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Local\ACD Systems

2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\programdata\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\ACD Systems

2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\Common Files\ACD Systems

2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\users\Charles-Henry\AppData\Local\Downloaded Installations

2009-07-07 16:24 . 2004-08-19 15:09 153088 ----a-w- c:\windows\system32\triedit.dll

2009-07-07 16:24 . 2004-02-23 00:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL

2009-07-07 16:24 . 2004-02-23 00:00 322560 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2009-07-07 16:24 . 1998-07-13 00:00 16384 ----a-w- c:\windows\system32\ADODCFR.DLL

2009-07-07 16:24 . 1998-07-13 00:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL

2009-07-07 16:24 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\INetFR.DLL

2009-07-07 16:24 . 2007-10-05 17:18 114688 ----a-w- c:\windows\system32\myodbc3i.exe

2009-07-07 16:24 . 2007-10-05 17:18 106496 ----a-w- c:\windows\system32\myodbc3m.exe

2009-07-07 16:24 . 2007-10-05 17:18 6660096 ----a-w- c:\windows\system32\myodbc3S.dll

2009-07-07 16:24 . 2007-10-05 17:18 2183168 ----a-w- c:\windows\system32\myodbc3.dll

2009-07-07 16:24 . 2009-07-07 17:46 -------- d-----w- c:\program files\REFERENCE SOFTWARE

2009-07-07 14:06 . 2009-07-07 14:06 -------- d-----w- c:\program files\Icon Commander

2009-07-07 06:23 . 2009-07-07 06:25 -------- d-----w- c:\program files\East-Tec Backup

2009-07-02 14:22 . 2009-07-02 15:09 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games

2009-07-02 14:21 . 2009-07-10 08:41 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Vista Start Menu

2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- c:\programdata\HP Product Assistant

2009-07-02 13:47 . 2009-07-02 13:47 -------- d-----w- c:\program files\Common Files\HP

2009-07-02 13:41 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2009-07-02 13:41 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll

2009-07-02 13:41 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll

2009-07-02 13:41 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll

2009-07-02 13:41 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll

2009-07-02 13:31 . 2009-07-02 13:58 178012 ----a-w- c:\windows\hpoins28.dat

2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\users\Administrateur\AppData\Local\Hewlett-Packard

2009-07-02 12:48 . 2009-07-02 12:48 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Hewlett-Packard

2009-06-29 11:09 . 2009-06-29 11:09 -------- d-----w- c:\program files\Adolix

2009-06-29 10:48 . 2009-06-29 11:06 -------- d-----w- c:\program files\eCover Engineer V6

2009-06-25 09:14 . 2009-06-25 09:14 -------- d-----w- C:\Mon Site Web

2009-06-25 07:31 . 2009-06-25 07:43 -------- d-----w- c:\program files\WebSite X5 Smart V7

2009-06-24 16:05 . 2009-06-24 16:33 -------- d-----w- c:\program files\WebSite X5 Smart

2009-06-24 16:04 . 2009-03-15 15:35 207872 ----a-w- c:\windows\system32\iwpsetup.exe

2009-06-24 16:04 . 2001-08-31 12:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll

2009-06-24 16:04 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL

2009-06-23 17:04 . 2009-06-24 15:47 -------- d-----w- c:\program files\Guppy

2009-06-23 16:44 . 2009-06-23 16:55 -------- d-----w- C:\Guppy

2009-06-20 15:34 . 2009-06-20 15:34 -------- d-----w- c:\program files\3D Image Commander

2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ArcticLine

2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\program files\Folder Marker

2009-06-19 08:24 . 2009-06-19 08:24 -------- d-----w- c:\program files\CCleanerV2

2009-06-14 15:51 . 2009-06-14 15:55 -------- d-----w- c:\program files\Extra Screen Capture Pro

2009-06-14 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-14 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-13 18:08 . 2009-06-13 18:08 -------- d-----w- c:\windows\system32\syncdb

2009-06-12 07:28 . 2009-06-12 07:28 -------- d-----w- c:\programdata\is-AES6H

2009-06-12 07:28 . 2009-06-19 08:00 26363936 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-12 07:05 . 2009-06-12 07:05 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAD8F.tmp.exe

2009-06-11 07:11 . 2009-06-11 07:11 110592 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\36F7.tmp_\Antidote - OpenOffice.org 2.0.uno.pkg\Antidote-OOo.dll

2009-06-11 07:03 . 2009-06-11 07:03 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Druide

2009-06-11 06:43 . 2009-06-11 06:43 97280 ----a-r- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe

2009-06-11 06:43 . 2009-06-11 06:43 -------- d-----w- c:\program files\Druide

2009-06-11 06:33 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-06-10 14:14 . 2009-06-10 14:14 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Moyea

2009-06-10 14:13 . 2009-06-10 14:13 -------- d-----w- c:\program files\Moyea

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 13:13 . 2008-09-30 08:18 43414 ----a-w- c:\programdata\nvModes.dat

2009-07-10 09:52 . 2008-07-30 08:06 672322 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-10 09:52 . 2008-07-30 08:06 124434 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-10 09:43 . 2008-07-29 22:20 12 ----a-w- c:\windows\bthservsdp.dat

2009-07-09 14:49 . 2008-12-06 13:29 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-09 14:49 . 2008-07-30 00:18 -------- d-----w- c:\program files\Java

2009-07-09 13:39 . 2008-12-27 10:01 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\DNA

2009-07-09 10:50 . 2009-03-18 08:41 1 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-07-09 10:49 . 2009-04-27 11:06 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Vista Start Menu

2009-07-07 17:46 . 2008-07-29 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-07 16:31 . 2009-04-16 10:23 7592 ----a-w- c:\users\Charles-Henry\AppData\Local\d3d9caps.dat

2009-07-05 06:32 . 2009-03-15 09:25 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\dvdcss

2009-07-02 13:48 . 2008-11-08 14:51 -------- d-----w- c:\programdata\HP

2009-07-02 12:22 . 2009-02-21 10:16 121848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-06-19 15:19 . 2008-11-06 14:40 121848 ----a-w- c:\users\Charles-Henry\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-19 08:00 . 2009-06-12 07:28 313160 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-18 07:39 . 2008-07-29 23:55 -------- d-----w- c:\programdata\Microsoft Help

2009-06-13 18:15 . 2008-07-29 23:58 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-12 06:44 . 2008-07-29 23:32 -------- d-----w- c:\program files\Microsoft Works

2009-06-08 14:02 . 2009-06-08 13:43 -------- d-----w- c:\program files\Aplus Vidéo Suite

2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\AVS4YOU

2009-06-08 07:45 . 2009-06-08 07:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\AVS4YOU

2009-06-08 07:44 . 2009-06-08 07:44 -------- d-----w- c:\programdata\AVS4YOU

2009-06-06 14:48 . 2009-06-06 14:48 -------- d-----w- c:\program files\Adobe Media Player

2009-06-06 14:47 . 2009-06-06 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-06-06 14:46 . 2009-03-09 17:30 38208 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-06-05 06:55 . 2009-04-26 21:35 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Clipdiary

2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\programdata\Martau

2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\program files\Total Uninstall 5

2009-05-24 21:27 . 2008-11-08 10:35 -------- d-----w- c:\program files\PDFCreator Toolbar

2009-05-24 21:11 . 2009-05-04 06:00 -------- d-----w- c:\program files\myBabylon_English

2009-05-23 20:48 . 2009-05-23 20:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Gold Wave Editor Pro

2009-05-23 20:44 . 2009-05-23 20:44 -------- d-----w- c:\program files\Gold Wave Editor Pro

2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w- c:\program files\HandyShopper

2009-05-16 05:28 . 2009-05-16 05:28 -------- d-----w- c:\program files\Ax3soft

2009-05-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Malwarebytes

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\program files\A_Squared

2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\programdata\Malwarebytes

2009-05-03 14:13 . 2009-04-26 12:23 3674 ----a-w- c:\users\Charles-Henry\AppData\Roaming\SAS7_000.DAT

2009-04-27 17:03 . 2009-01-01 10:47 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys

2009-04-24 16:05 . 2009-06-11 06:32 827904 ----a-w- c:\windows\system32\wininet.dll

2009-04-24 16:02 . 2009-06-11 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 13:44 . 2009-06-11 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-04-23 12:43 . 2009-06-11 06:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-11 06:32 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-22 23:30 . 2009-04-22 21:28 443 ----a-w- c:\windows\PowerReg.dat

2009-04-22 22:54 . 2009-04-22 22:57 403968 ----a-w- c:\windows\speech.dll

2009-04-22 21:30 . 2009-04-22 21:30 225280 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe

2008-07-30 08:11 . 2008-07-30 08:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\programdata\is-AES6H ----

 

2009-06-12 07:28 . 2009-06-19 08:14 152011 ---ha-w- c:\programdata\is-AES6H\~PRCustomProps#122.dat

2009-06-12 07:28 . 2009-06-19 08:14 64011 ---ha-w- c:\programdata\is-AES6H\~PRObjects#122.dat

 

 

((((((((((((((((((((((((((((( SnapShot@2009-07-10_09.48.19 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-30 07:40 . 2009-07-10 09:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-30 07:40 . 2009-07-10 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-30 07:40 . 2009-07-10 09:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-30 07:40 . 2009-07-10 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-10 09:45 . 2009-07-10 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-07-10 09:45 . 2009-07-10 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-07-10 09:45 . 2009-07-10 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-10 09:45 . 2009-07-10 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-06 21:35 . 2009-07-10 13:09 355946 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 10:33 . 2009-07-10 09:51 590082 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-09 20:16 590082 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-09 20:16 102094 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-07-10 09:51 102094 c:\windows\System32\perfc009.dat

- 2008-09-30 07:40 . 2009-07-10 09:45 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-30 07:40 . 2009-07-10 13:12 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-05-24 21:11 2094616 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-02-28 12:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408]

"L08FXLRD_1502773"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-13 2171392]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-05 413696]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-18 68592]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"avast!"="c:\progra~1\Alwil\Avast4\ashDisp.exe" [2009-07-10 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136]

 

c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PowerReg SchedulerV2.exe [2009-4-22 225280]

 

c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-7 110592]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-1000]

"EnableNotificationsRef"=dword:00000006

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-500]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{AFCE2351-7ACC-4803-A7C9-8C259F10BE0D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{22457A67-E72C-4843-88AE-4456E006308A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{167632E7-3791-47A2-9DCA-63D6F80F5C47}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{87F63783-4673-4B3B-A248-B6FABF7AFE8C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CCC78D8F-EB28-4C1E-87D6-87805A606B7D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{0242A80F-567E-42B0-AF27-258D992ECE0B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{DB782A31-6037-4C7E-8665-60B3FC2D4789}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{9AC1FEDD-2FCE-4ED7-BF29-82BBDE91686E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{EF80A058-775E-4A83-9D5F-4B537373AE8C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{9C39EBBB-160E-4C4C-A09E-B3845AE4FE78}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4115CF97-61EE-4B8B-8F0D-E76F9772AFC8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D73932E8-7CA7-404A-9F76-92D05652E920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{598D8F70-6503-4032-85CE-82B201757E5E}h:\\program files\\bittorrent\\bittorrent.exe"= UDP:h:\program files\bittorrent\bittorrent.exe:bittorrent

"UDP Query User{38C83894-E15A-4433-A1D9-AB4BB507A125}h:\\program files\\bittorrent\\bittorrent.exe"= TCP:h:\program files\bittorrent\bittorrent.exe:bittorrent

"TCP Query User{483683A2-8BF6-4238-8E18-D324928479C5}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= UDP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe

"UDP Query User{6E72674C-342B-4156-BB9B-E86EFA131E06}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= TCP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe

"TCP Query User{414C42D2-83E4-4F9A-8397-D857FAABFE83}C:4\\program files\\bittorrent\\bittorrent.exe"= UDP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe

"UDP Query User{9BFC6D7D-D049-41EC-9185-2EEAA18F6F15}C:4\\program files\\bittorrent\\bittorrent.exe"= TCP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe

"{BAA69B85-5D83-48E4-B31F-F8B00A427EED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{0C8A93B8-2268-4738-B66C-34B43DDB904D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{EDAF87EF-05FB-4326-83C8-3B95705F1D29}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{ED783E0E-2A70-43B8-AE34-A44ADE87CCC0}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{AA5ED257-602D-45EA-92DB-EF65F40DFED6}"= UDP:5353:Adobe CSI CS4

"TCP Query User{29E63E8F-D8B3-4251-B515-C360882654F0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= UDP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe

"UDP Query User{DDEBF1ED-CFB7-45ED-8CA3-131D3FE5BBF0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= TCP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe

"{77434250-2D16-4B82-83DE-F8B339D59530}"= Disabled:UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{45A81BC6-70B0-43D1-A796-2BACD54ABBC3}"= Disabled:TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{B049F4A6-89F7-49AA-A75B-ED7650A9F05A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{BD855DAC-0EA1-4EEB-9C9F-4496000618AE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{D7D5C76B-BD83-42DA-A9B0-FD4CBCF1DE44}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{C741FD90-9A59-456A-B0C9-DA347E25CF9C}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost

"UDP Query User{3085F335-4E53-4312-9AC6-14B99CC79B93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost

"TCP Query User{E33A3A7F-9DB1-4B07-A41F-9257C051157F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost

"UDP Query User{54DCD5A3-EB9F-4A92-8D21-BF51E050A181}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost

"TCP Query User{5D18C178-4CB1-48A1-9B0B-105B61290E91}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost

"UDP Query User{05B59112-9223-4E87-8E01-3A7D585EF5D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost

"TCP Query User{C4A48145-90C7-4497-8E12-8829503FB5F3}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost

"UDP Query User{337CF112-14E2-4ACE-8D07-CB4DBE9C621B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost

"TCP Query User{5F596EF7-5943-4FBF-80BC-42478C3310C0}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm

"UDP Query User{726565BA-F867-4828-8B0E-919B449BDC69}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm

"TCP Query User{30FDD1C0-44BD-42FF-B4A9-012C8BB8524E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{B85DCA09-52CB-421B-82E6-A5BECB406D27}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{ACAF0FDF-E1B2-44B1-AB0B-0B94821E3A15}"= UDP:c:\program files\Tidy Favorites\tidyfavorites.exe:TidyFavorites

"TCP Query User{51BDB074-DC32-40C9-803A-77E55C4A6F3A}c:\\program files\\tidy favorites\\tidyfavorites.exe"= UDP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites

"UDP Query User{71115AA5-72C8-40E5-AF8F-9C3FDFCC1BB6}c:\\program files\\tidy favorites\\tidyfavorites.exe"= TCP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites

"{D68260D1-50E4-4611-97CF-75684C1C9A58}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2D2F64F0-4724-4585-B173-8EF6D24BD91C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{8484A375-A354-4878-8272-C60AACA5836E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm

"UDP Query User{97C7CC56-F211-4307-8233-D7F49452A8A5}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard

"TCP Query User{46EFB20A-9F4C-4DB8-8C0B-3A39E2D59C55}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm

"UDP Query User{0226F124-99C0-478B-B325-8C1C3875BB4B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm

"TCP Query User{92395257-784F-4644-AE67-B2BE4778D302}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm

"UDP Query User{BF9B37CF-0669-48A6-9CC6-99793ACC0062}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm

"TCP Query User{1E6C410F-8A59-4D6D-98BD-C2CF76F9ED24}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm

"UDP Query User{E317A20D-8264-463E-A465-1622EC84F19D}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm

"TCP Query User{4E6D60D4-3F40-4613-9518-BDCA1074AF56}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm

"UDP Query User{39A87C09-8563-4884-9C0C-B7311FE3685E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm

"TCP Query User{DC2E7BCA-0B06-415E-8FA1-90BA8F0FF07E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm

"UDP Query User{779D8DC4-7A88-4771-91E7-C4D1023028D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm

"TCP Query User{948680CE-E76F-4BFD-8D97-5A5548AA6C93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm

"UDP Query User{E774C0B4-BC70-4B25-B209-D0EB74FD385F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm

"TCP Query User{103B4F46-28F5-4821-94D9-D934F595FDA8}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{DC8DE983-6906-4C02-90E2-EE9801ACAD62}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"TCP Query User{D1F23D96-546E-4CA9-9F37-5F3FAD9C70AA}c:\\program files\\guppy\\zazouminiwebserver.exe"= UDP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer

"UDP Query User{E5AB5C28-5DB3-4B73-BDFE-A160D0844A74}c:\\program files\\guppy\\zazouminiwebserver.exe"= TCP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer

"{4A1C5D41-3DDE-409A-B549-DBB76B5CBAFE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{66DAFB14-10EB-4505-A72E-CEC9D6B2F530}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{596913BC-ED04-4B23-828B-E6D485BE2F44}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{2FB10010-C6A6-4D5B-BCAF-47F039D09914}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{EBA1D703-E4B2-4AF0-BDEC-CEB10F60409D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F5E540CA-CD64-4019-835C-D5CE36A6B3E5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{1572AB97-9AB3-4CEC-B029-027E0AF23D40}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{E9560C37-816E-4038-A121-4973523C4BA3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{F3F71ADB-817C-4445-A398-D3721E89FC3D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{2A06A960-1172-41CF-9D4A-F81275B68F63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

"UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"h:\\Program Files\\BitTorrent\\bittorrent.exe"= h:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"= c:\program files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia

 

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]

R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]

R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]

R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800]

S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-01-27 40368]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

 

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{8827CF3C-668F-46E5-AE67-3DE4C07251ED}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PROMT5\PROMTIE4\promtie5.htm

IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PROMT5\PROMTIE4\options.htm

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0401

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0402

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0404

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0405

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0406

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0407

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040B

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040C

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040D

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0410

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0415

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0416

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0418

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang041D

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0421

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0422

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0429

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0C1A

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0401

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0402

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0404

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0405

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0406

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0407

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040B

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040C

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040D

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0410

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0415

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0416

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0418

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang041D

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0421

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0422

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0429

IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0C1A

IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} - c:\progra~1\COMMON~1\TIDYFA~1\AddToFav.dll

IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {9B0CFC24-6650-4BEE-8030-6FCAE4672685} - c:\progra~1\COMMON~1\TIDYFA~1\OpenFav.dll

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 15:14

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.avi"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

 

[HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(6056)

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\program files\Vista Start Menu\VistaStartMenu.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero8\InCD\InCDsrv.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Heure de fin: 2009-07-10 15:20 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-07-10 13:20

ComboFix2.txt 2009-07-10 09:54

 

Avant-CF: 192 284 545 024 octets libres

Après-CF: 192 028 131 328 octets libres

 

630 --- E O F --- 2009-07-07 06:19

[DupondAvecUnD]

Help ! J'ai voulu recopier le rapport dans le bloc note mais en voulant l'ouvrir j'ai un message :

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk

Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression

 

Je crains qu'il y ait encore un problème...

 

Aidez-moi SVP

[DupondAvecUnD]

Help !

 

J'ai effectué les manipulations qui m'ont été données et en voulant recopier le rapport j'ai voulu ouvrir le bloc note microsoft dans Accesoires. J'ai le message suivant :

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk

Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression

Je voudrai pouvoir avancer et je remercie toute personne qui pourrait m'indiquer la marche à suivre...

Merci.

[Falkra]

Wordpad est une bouse, on regardera ça après.

 

Tu as troqué Avast pour Antivir, comme demandé précédemment, plus haut ?

[DupondAvecUnD]

Wordpad est une bouse, on regardera ça après.

 

Tu as troqué Avast pour Antivir, comme demandé précédemment, plus haut ?

 

Bonsoir Falkra,

Yes ! J'ai pu désinstaller Avast puis réinstaller la version française d'Antivir. J'ai mis à jour et j'ai lancé le scan. Horreur j'avais un nombre incalculable de vers don Bagle (175). J'avais fait les MàJ d'Avast et il ne m'en a jamais trouvé ! C'est fondamentalement dramatique de faire confiance à ce type de produit qui n'est plus ce qu'il était... Je recommanderais la suppression d'Avast (qui était bien dans le principe pour Internet initialement ce que ne fait pas Antivir) et l'installation d'Antivir.

Bien évidemment je lirait tout ce que je pourrai trouver sur le site de Zébulon.

J'aurai au moins appris qu'il ne faut pas faire confiance à qui que ce soit même si c'est pour aider et j'ai appris (je n'ai pourtant jamais eu en 15 ans le moindre problème de virus) que le meilleur ATV était entre la chaise et le clavier !

Je pense que maintenant tout est redevenu en ordre sauf peut-être certaines lignes dans le Registre ? Il reste peut être quelque chose à terminer ?

Merci de me le faire savoir.

Je te remercie pour ton aide et la rapidité des solutions apportées.

Bon WE et Bonnes Vacances.

DUPOND