[Résolu] VBS : malware-gen

[alissia75]

Désolée mais je n'ai pas réussi à t'envoyer Zhp (trop de caractères) et j'ai failli être en retard au boulo. Je réitère donc l'opération
Maintenant ca me dit l'extension txt n'est pas autorisée................

[alissia75]

Rapport de ZHPDiag v1.27.1515 par Nicolas Coolman, Update du 26/01/2011
Run by CHRISTINE at 26/01/2011 14:43:30
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v9.0.7930.16406
GCIE: Google Chrome v8.0.552.237 (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 402 GB (86%) free of 466 GB

---\\ Logged in mode
Computer Name: CHRISTINE-PC
User Name: CHRISTINE
All Users Names: HomeGroupUser$, Corentin, CHRISTINE, Brice, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=%USERPROFILE%\AppData\Roaming
%LocalAppData%=%USERPROFILE%\AppData\Local
%StartMenu%=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 402 Go of 466 Go)
D:\ CD-ROM drive (Free 0 Go of 0 Go)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
J:\ Hard drive, Flash drive, Thumb drive (Free 379 Go of 437 Go)
M:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\\ Recherche particulière de fichiers génériques
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 07:34:59.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]


---\\ Processus lancés
[MD5.0AA080277A2101D70EC87885EC3CEB52] - (.ASUSTeK Computer Inc. - TurboVHelp.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [1043968]
[MD5.018DC160E37294F7543D67CC15975B7F] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [6154240]
[MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC220NC\Monitor.exe [323584]
[MD5.6912D02CC912B980C8C12F9CDADB8763] - (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe [956416]
[MD5.BC9C9BE7BB74D629362608ACE470E7DA] - (.Microsoft Corporation - Notification de cadeaux MSN.) -- C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [135680]
[MD5.08B438A5A06CD877F19B92F6868C031D] - (.NEC Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496]
[MD5.7418ECB1335EE96A861FED63DBCE5DA8] - (.ASUSTeK Computer Inc. - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [8619008]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3396624]
[MD5.B4C1C657FCCCAF24EBF028CE68E6D086] - (.PC Tools - PC Tools Firewall GUI.) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe [3168216]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552]
[MD5.4D5D968FE6AE6BF94A807F73F7FF6B3D] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168]
[MD5.7FBE43046EFDF24FC9375024E4D02AC9] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\qttask.exe [282624]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe [221184]
[MD5.4BFE28145799174386393B1E09764ED4] - (.Google Inc. - Google Chrome.) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe [991800]
[MD5.C6A360D467CFF0A50566B6E26DD8ADE1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [624128]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Users\CHRISTINE\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.fr
G2 - GCE: Preference [User Data\Default] [aapbdbdomjkkjkaonfhkkikfgjllcleb] Google Translate v.1.2.3.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ajnbnekhpkkfaobjalnhdoofajkghidp] Quickrr World Clock v.1.4 (Activé)
G2 - GCE: Preference [User Data\Default] [baohinapilmkigilbbbcccncoljkdpnd] Google Shortcuts (official Firefox port) v.1.5.8.1 (Activé)
G2 - GCE: Preference [User Data\Default] [bmnlnjnbhpkmchibcapneipmphjndghk] Quickrr Notepad v.1.3 (Activé)
G2 - GCE: Preference [User Data\Default] [boidnimkebefpfgbeekbjoponilnomle] Radio Player Live v.1.4.4 (Activé)
G2 - GCE: Preference [User Data\Default] [emambmpgicpidmncfacjkeicobamadod] DayHiker v.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [enggflalpipaefdpfehdcbmklnbhndfn] VDM - viedemerde.fr RSS Viewer v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] V\u00E9rificateur de messages Google v.3.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mmiboiefncpfjihjdedpaoammipkilla] Grass v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [oojbgadfejifecebmdnhhkbhdjaphole] Diigo Bookmark, Archive, Highlight & Sticky-Note v.1.6.2.9 (Activé)
G2 - GCE: Preference [User Data\Default] [52ddc2d12a8367f505841d715f7e4e91] Chrome PDF Viewer v. (Désactivé)


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.7930.16406 (WIN7_IE9_Beta.100831-2345)) -- C:\Windows\System32\ieframe.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CHRISTINE\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (.Pas de propriétaire - Pas de description.) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.NEC Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [TurboV EVO] . (.ASUSTeK Computer Inc. - TurboV EVO.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [00PCTFW] . (.PC Tools - PC Tools Firewall GUI.) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\qttask.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-4238013777-99600414-2200620389-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CHRISTINE\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-4238013777-99600414-2200620389-1000\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk . (.Microsoft Corporation.) -- C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\CHRISTINE\Desktop\Mathematiques CE2.lnk . (.Macromedia, Inc..) -- C:\Program Files (x86)\Nathan\Mathematiques CE2\MathCE2.exe
O4 - Global Startup: C:\Documents And Settings\CHRISTINE\Desktop\On-Screen Keyboard.lnk . (.Microsoft Corporation.) -- C:\Windows\system32\osk.exe
O4 - Global Startup: C:\Documents And Settings\CHRISTINE\Desktop\Revo Uninstaller.lnk . (.VS Revo Group.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\CHRISTINE\Desktop\Mathematiques CE2.lnk . (.Macromedia, Inc..) -- C:\Program Files (x86)\Nathan\Mathematiques CE2\MathCE2.exe
O4 - Global Startup: C:\Users\CHRISTINE\Desktop\On-Screen Keyboard.lnk . (.Microsoft Corporation.) -- C:\Windows\system32\osk.exe
O4 - Global Startup: C:\Users\CHRISTINE\Desktop\Revo Uninstaller.lnk . (.VS Revo Group.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{08094E03-AFE4-4853-9D31-6D0743DF5328}\QTPlayer.ico
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Evernote 4.0 . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper for Microsoft Internet Explorer.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\Windows\system32\GPhotos.scr


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{E18C94A2-793F-4ABA-ACCD-035BD546DB45}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: C:\Windows\system32\drivers\afd.sys (AMD External Events Utility) - Clé orpheline
O23 - Service: (AsSysCtrlService) . (.ASUSTeK Computer Inc. - AsSysCtr Application.) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (PCToolsFirewallPlus) . (.PC Tools - PC Tools Firewall Plus service.) - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: (YahooAUService) . (.Yahoo! Inc. - AutoUpater Service Module.) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002UA.job
[MD5.ACCF8BABEBB0EADE39B372D0DA330879] [APT] [AppleSoftwareUpdate] (.Apple Computer, Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000Core] (.Google Inc..) -- C:\Users\CHRISTINE\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000UA] (.Google Inc..) -- C:\Users\CHRISTINE\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001Core] (.Google Inc..) -- C:\Users\Brice\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001UA] (.Google Inc..) -- C:\Users\Brice\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002Core] (.Google Inc..) -- C:\Users\Corentin\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002UA] (.Google Inc..) -- C:\Users\Corentin\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.018DC160E37294F7543D67CC15975B7F] [APT] [ASUS SIX Engine] (.ASUSTeK Computer Inc..) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
[MD5.0AA080277A2101D70EC87885EC3CEB52] [APT] [TurboVHelp] (.ASUSTeK Computer Inc..) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AsIO) . (.Pas de propriétaire - Pas de description.) - C:\Windows\Syswow64\drivers\AsIO.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: (pctgntdi) . (.PC Tools - PC Tools Generic TDI Driver.) - C:\Windows\system32\drivers\pctgntdi64.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: DCP-153C - (.Brother Industries, Ltd..) [HKLM][64Bits] -- {A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}
O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM] -- {D08C812A-2C35-6151-E597-442886FC4E45}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.4.1 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Anglais primaire - (.Mindscape.) [HKLM][64Bits] -- {9136DF01-5A2B-4ED7-A7F5-3BD478D5564C}
O42 - Logiciel: Apple Software Update - (.Apple Computer, Inc..) [HKLM][64Bits] -- {A260B422-70E1-41E2-957D-F76FA21266D5}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {A961C6FD-C583-45F6-A0A4-5E4376C29E41}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Comptes et Budget (Mono-compte) V6.0 - (.Michel ALAUX..) [HKLM][64Bits] -- Comptes_et_Budget (Mono-compte) V6.0_is1
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: EA SPORTS online 2004 - (.Pas de propriétaire.) [HKLM][64Bits] -- 82A44D22-9452-49FB-00FB-CEC7DCAF7E23
O42 - Logiciel: EA.com Matchup - (.Pas de propriétaire.) [HKLM][64Bits] -- {2F173C40-563E-11D4-89C5-0010ADDAAC33}
O42 - Logiciel: EA.com Update - (.Pas de propriétaire.) [HKLM][64Bits] -- {9AB97F52-512B-43EF-AAEC-4825C17B32ED}
O42 - Logiciel: EPU-6 Engine - (.Pas de propriétaire.) [HKLM][64Bits] -- {56B83336-FBC1-4C46-8613-90A9E3B440D6}
O42 - Logiciel: Evernote v. 4.1 - (.Evernote Corp..) [HKLM][64Bits] -- {F761359C-9CED-45AE-9A51-9D6605CD55C4}
O42 - Logiciel: Express Gate - (.DeviceVM, Inc..) [HKLM][64Bits] -- {99AD9D6D-A456-49EE-8360-F22EE7AA1272}
O42 - Logiciel: FIFA 2004 - (.Pas de propriétaire.) [HKLM][64Bits] -- {782DDB70-3DF4-4366-00BF-E3767BCD173B}
O42 - Logiciel: Feedback Tool - (.Microsoft Corporation.) [HKLM][64Bits] -- {13A5E785-5197-4EAD-8EE3-D660271E49BC}
O42 - Logiciel: Feedback Tool - (.Microsoft Corporation.) [HKLM][64Bits] -- {90024193-9F13-4877-89D5-A1CDF0CBBF28}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM][64Bits] -- {4286E640-B5FB-11DF-AC4B-005056C00008}
O42 - Logiciel: Graines de Génie Ce1 - (.Mindscape.) [HKLM][64Bits] -- {294950DF-7272-48F6-9D85-35AF22A9FD60}
O42 - Logiciel: JMicron JMB36X Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}
O42 - Logiciel: Java(TM) 6 Update 23 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Maths 5e - (.Mindscape.) [HKLM][64Bits] -- {0BDDE766-851A-466E-8F45-9C37CE1F6A4E}
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM][64Bits] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {EE936C7A-EA40-31D5-9B65-8E3E089C3828}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {350AA351-21FA-3270-8B7A-835434E766AD}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: NBA LIVE 06 - (.Pas de propriétaire.) [HKLM][64Bits] -- {A4513A7E-CF21-44D2-0082-E6498D9D70D4}
O42 - Logiciel: NEC Electronics USB 3.0 Host Controller Driver - (.NEC Electronics Corporation.) [HKLM][64Bits] -- InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
O42 - Logiciel: NEC Electronics USB 3.0 Host Controller Driver - (.NEC Electronics Corporation.) [HKLM][64Bits] -- {D7BF9739-8A68-4335-BBEE-37752AD9E86B}
O42 - Logiciel: NHL 2002 - (.Pas de propriétaire.) [HKLM][64Bits] -- {FDF3A1E0-186A-11D5-0089-C400C04FAE70}
O42 - Logiciel: Nathan Mathématiques CE2 - (.Pas de propriétaire.) [HKLM][64Bits] -- Nathan Mathématiques CE2
O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN
O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM][64Bits] -- {266517E6-D866-439D-919C-B8B1A52E6080}
O42 - Logiciel: PC Tools Firewall Plus 6.0 - (.PC Tools.) [HKLM][64Bits] -- PC Tools Firewall Plus
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM][64Bits] -- {08094E03-AFE4-4853-9D31-6D0743DF5328}
O42 - Logiciel: Realtek 8136 8168 8169 Ethernet Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Revo Uninstaller 1.91 - (.VS Revo Group.) [HKLM][64Bits] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
O42 - Logiciel: TurboV EVO - (.Pas de propriétaire.) [HKLM][64Bits] -- {491D92A9-69CA-4EB4-81D3-0106F9337957}
O42 - Logiciel: VIA Gestionnaire de périphériques de plate-forme - (.VIA Technologies, Inc..) [HKLM][64Bits] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
O42 - Logiciel: Visionneuse Microsoft PowerPoint - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-00AF-040C-0000-0000000FF1CE}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM][64Bits] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: Yahoo! Software Update - (.Pas de propriétaire.) [HKLM][64Bits] -- Yahoo! Software Update
O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM][64Bits] -- Yahoo! Companion
O42 - Logiciel: [HKLM\Software\DirectDrawEx] - (.Pas de propriétaire.) [HKLM][64Bits] -- ESET Online Scanner
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM][64Bits] -- avast5

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASUS]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Brother]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ESET]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Evernote]
[HKCU\Software\Google]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mindscape]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NEC Electronics]
[HKCU\Software\Netscape]
[HKCU\Software\Norton]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PCTools]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DeviceVM]
[HKLM\Software\Intel]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\PCTools]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\QSound Labs, Inc.]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Software]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\Wow6432Node]


---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/10/2010 - 07:43:10 ----D- C:\Program Files\Alwil Software
O43 - CFD: 16/10/2010 - 16:20:14 ----D- C:\Program Files\ASUS
O43 - CFD: 16/10/2010 - 16:38:02 ----D- C:\Program Files\ATI
O43 - CFD: 16/10/2010 - 16:38:50 ----D- C:\Program Files\ATI Technologies
O43 - CFD: 04/11/2010 - 20:42:12 ----D- C:\Program Files\CCleaner
O43 - CFD: 16/10/2010 - 16:38:32 ----D- C:\Program Files\Common Files
O43 - CFD: 14/07/2009 - 16:35:28 ----D- C:\Program Files\DVD Maker
O43 - CFD: 16/10/2010 - 16:12:18 -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 21/10/2010 - 08:39:38 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 14/07/2009 - 16:35:26 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 19/12/2010 - 19:40:16 ----D- C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 21/12/2010 - 20:34:28 ----D- C:\Program Files\Microsoft IntelliType Pro
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 06:09:28 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 16:35:28 ----D- C:\Program Files\Windows Journal
O43 - CFD: 21/10/2010 - 09:01:30 ----D- C:\Program Files\Windows Live
O43 - CFD: 16/12/2010 - 01:49:48 ----D- C:\Program Files\Windows Mail
O43 - CFD: 21/10/2010 - 06:39:02 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 16/10/2010 - 16:12:18 ----D- C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 16/10/2010 - 16:38:32 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 23/10/2010 - 11:37:54 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files\Common Files\System
O43 - CFD: 24/10/2010 - 12:56:06 ----D- C:\ProgramData\Adobe
O43 - CFD: 21/10/2010 - 07:43:10 ----D- C:\ProgramData\Alwil Software
O43 - CFD: 24/12/2010 - 12:41:14 ----D- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 16/10/2010 - 16:32:30 ----D- C:\ProgramData\ASUS OC Profiles
O43 - CFD: 16/10/2010 - 16:58:18 ----D- C:\ProgramData\ATI
O43 - CFD: 24/10/2010 - 12:19:54 ----D- C:\ProgramData\Brother
O43 - CFD: 16/10/2010 - 16:12:18 -SH-D- C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Documents
O43 - CFD: 16/10/2010 - 16:32:30 ----D- C:\ProgramData\EPU
O43 - CFD: 16/10/2010 - 16:12:18 -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 25/01/2011 - 19:48:50 ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 16/10/2010 - 16:12:18 -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 01/01/2011 - 15:56:52 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 16/10/2010 - 16:12:18 -SH-D- C:\ProgramData\Modèles
O43 - CFD: 08/01/2011 - 02:06:08 ----D- C:\ProgramData\Norton
O43 - CFD: 16/10/2010 - 16:21:58 ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 23/10/2010 - 11:37:36 ----D- C:\ProgramData\Sun
O43 - CFD: 26/10/2010 - 19:44:12 ----D- C:\ProgramData\Symantec
O43 - CFD: 26/01/2011 - 13:21:32 ---AD- C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Templates
O43 - CFD: 01/11/2010 - 00:23:04 ----D- C:\ProgramData\Yahoo!
O43 - CFD: 01/11/2010 - 00:23:10 ----D- C:\ProgramData\Yahoo! Companion
O43 - CFD: 24/10/2010 - 12:55:48 ----D- C:\Users\CHRISTINE\AppData\Roaming\Adobe
O43 - CFD: 21/10/2010 - 22:11:34 ----D- C:\Users\CHRISTINE\AppData\Roaming\AlauxSoft
O43 - CFD: 16/10/2010 - 16:58:18 ----D- C:\Users\CHRISTINE\AppData\Roaming\ATI
O43 - CFD: 12/12/2010 - 19:01:42 R---D- C:\Users\CHRISTINE\AppData\Roaming\Brother
O43 - CFD: 11/01/2011 - 13:59:40 ----D- C:\Users\CHRISTINE\AppData\Roaming\Emjysoft
O43 - CFD: 16/10/2010 - 16:12:32 ----D- C:\Users\CHRISTINE\AppData\Roaming\Identities
O43 - CFD: 01/11/2010 - 18:50:06 ----D- C:\Users\CHRISTINE\AppData\Roaming\InstallShield
O43 - CFD: 20/10/2010 - 20:24:02 ----D- C:\Users\CHRISTINE\AppData\Roaming\Macromedia
O43 - CFD: 25/01/2011 - 19:48:58 ----D- C:\Users\CHRISTINE\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 16:35:06 ----D- C:\Users\CHRISTINE\AppData\Roaming\Media Center Programs
O43 - CFD: 21/12/2010 - 20:31:14 -S--D- C:\Users\CHRISTINE\AppData\Roaming\Microsoft
O43 - CFD: 23/10/2010 - 11:42:00 ----D- C:\Users\CHRISTINE\AppData\Roaming\OpenOffice.org
O43 - CFD: 24/10/2010 - 19:07:06 ----D- C:\Users\CHRISTINE\AppData\Roaming\PCToolsFirewallPlus
O43 - CFD: 21/10/2010 - 08:33:34 ----D- C:\Users\CHRISTINE\AppData\Roaming\Raccourcis applicatifs
O43 - CFD: 01/11/2010 - 00:29:34 ----D- C:\Users\CHRISTINE\AppData\Roaming\vlc
O43 - CFD: 26/10/2010 - 21:57:04 ----D- C:\Users\CHRISTINE\AppData\Roaming\Windows Live Writer
O43 - CFD: 01/11/2010 - 00:22:56 ----D- C:\Users\CHRISTINE\AppData\Roaming\Yahoo!
O43 - CFD: 24/10/2010 - 12:54:54 ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 24/12/2010 - 12:41:14 ----D- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 16/10/2010 - 16:19:56 ----D- C:\Program Files (x86)\ASUS
O43 - CFD: 16/10/2010 - 16:38:00 ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 21/10/2010 - 07:25:22 ----D- C:\Program Files (x86)\Bbox
O43 - CFD: 21/10/2010 - 07:25:34 ----D- C:\Program Files (x86)\BboxUpdate
O43 - CFD: 01/11/2010 - 19:10:12 ----D- C:\Program Files (x86)\Brother
O43 - CFD: 31/10/2010 - 23:16:20 ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 02/01/2011 - 16:08:12 ----D- C:\Program Files (x86)\Comptes et Budget Free V6.0
O43 - CFD: 06/11/2010 - 09:02:08 ----D- C:\Program Files (x86)\EA SPORTS
O43 - CFD: 05/11/2010 - 16:01:58 ----D- C:\Program Files (x86)\EACOM
O43 - CFD: 26/01/2011 - 11:05:34 ----D- C:\Program Files (x86)\ESET
O43 - CFD: 09/01/2011 - 16:58:18 ----D- C:\Program Files (x86)\Evernote
O43 - CFD: 25/11/2010 - 00:07:28 ----D- C:\Program Files (x86)\Feedback Tool
O43 - CFD: 24/12/2010 - 12:24:16 ----D- C:\Program Files (x86)\GdgFRCE1
O43 - CFD: 06/01/2011 - 00:28:12 ----D- C:\Program Files (x86)\Google
O43 - CFD: 17/01/2011 - 10:20:02 ----D- C:\Program Files (x86)\Iminent
O43 - CFD: 24/12/2010 - 12:46:54 --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 16/10/2010 - 16:15:06 ----D- C:\Program Files (x86)\Intel
O43 - CFD: 24/12/2010 - 12:41:42 ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 04/01/2011 - 09:11:16 ----D- C:\Program Files (x86)\Java
O43 - CFD: 23/10/2010 - 11:38:46 ----D- C:\Program Files (x86)\JRE
O43 - CFD: 25/01/2011 - 19:48:50 ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 21/10/2010 - 09:14:50 ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 23/10/2010 - 11:54:16 ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 07/01/2011 - 07:47:52 ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 21/10/2010 - 09:02:30 ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 22/10/2010 - 10:55:28 ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 24/12/2010 - 12:46:54 ----D- C:\Program Files (x86)\Mindscape
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 23/10/2010 - 11:53:54 ----D- C:\Program Files (x86)\MSECache
O43 - CFD: 24/12/2010 - 12:31:58 ----D- C:\Program Files (x86)\Nathan
O43 - CFD: 16/10/2010 - 16:19:26 ----D- C:\Program Files (x86)\NEC Electronics
O43 - CFD: 23/10/2010 - 11:38:44 ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD: 24/10/2010 - 19:07:08 ----D- C:\Program Files (x86)\PC Tools Firewall Plus
O43 - CFD: 24/12/2010 - 12:41:42 ----D- C:\Program Files (x86)\QuickTime
O43 - CFD: 16/10/2010 - 16:18:28 ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 21/10/2010 - 07:21:24 ----D- C:\Program Files (x86)\Techcity
O43 - CFD: 14/07/2009 - 05:57:08 --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 16/10/2010 - 16:16:16 ----D- C:\Program Files (x86)\VIA
O43 - CFD: 14/12/2010 - 10:38:32 ----D- C:\Program Files (x86)\VS Revo Group
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 21/10/2010 - 09:04:12 ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 16/12/2010 - 01:49:48 ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 21/10/2010 - 06:39:02 ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:42 ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 01/11/2010 - 00:23:04 ----D- C:\Program Files (x86)\Yahoo!
O43 - CFD: 26/01/2011 - 14:43:38 ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 16/10/2010 - 16:38:32 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 23/10/2010 - 11:37:54 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 16:24:10 ----D- C:\Program Files\Common Files\System


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7FBBA0483D279468B09295A5C07C5F53] - 26/01/2011 - 14:30:44 --H-- . (.Pas de propriétaire - Pas de description.) -- C:\dvmexp.idx [177]
O44 - LFC:[MD5.01000000000000000000000060EE1800] - 26/01/2011 - 13:43:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1722089]
O44 - LFC:[MD5.DC9520DB2CBA9EA9BC83648A82514819] - 26/01/2011 - 10:15:14 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.B96CC1A0DFE42102D4DF25707FEC1663] - 26/01/2011 - 06:28:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.B615403C3902AF59E68DCA1A42F85E4B] - 26/01/2011 - 06:28:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat [106190]
O44 - LFC:[MD5.0BAF4CE1B5E985DB35614A592CD191CF] - 26/01/2011 - 06:28:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc00C.dat [130548]
O44 - LFC:[MD5.5053448D83402E79C173AE77F9B0CB78] - 26/01/2011 - 06:28:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat [615810]
O44 - LFC:[MD5.26F048BC0840BA8318DE3BAA210F51A5] - 26/01/2011 - 06:28:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh00C.dat [704242]
O44 - LFC:[MD5.496FD809581EF106AB247734C7FDC0E9] - 26/01/2011 - 06:24:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [44916]
O44 - LFC:[MD5.F6CD0CCF5488F8D936DD6131BC9ABFAE] - 26/01/2011 - 01:14:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\TDSSKiller.2.4.15.0_25.01.2011_21.37.46_log.txt [60978]
O44 - LFC:[MD5.50F6C017223B985398D4B68107338ECB] - 13/01/2011 - 09:47:35 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [38848]
O44 - LFC:[MD5.0AAF681770781C346A388B03FC421688] - 13/01/2011 - 09:47:32 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [188216]
O44 - LFC:[MD5.0AAF681770781C346A388B03FC421688] - 13/01/2011 - 09:47:23 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe [237168]
O44 - LFC:[MD5.EF5633616C20299D982CAF8DD28285D4] - 08/01/2011 - 09:04:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [180168]


---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll


---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm


---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll


---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0


---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

[alissia75]

et voici la suite... :



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]
O58 - SDL:[MD5.19B006B181E3875FD254F7B67ACF1E7C] - 16/07/2009 - 04:38:40 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [15416]
O58 - SDL:[MD5.6923740DB573B46FDDA13E1DF412C577] - 13/01/2011 - 09:37:12 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.DE001B988B58BFD453F667842655B22E] - 13/01/2011 - 09:37:23 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [62032]
O58 - SDL:[MD5.E0D1002D7FA65DD023788B17F714E682] - 13/01/2011 - 09:37:34 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [29264]
O58 - SDL:[MD5.C3EAFDC0F533425614430A112BA71E9A] - 13/01/2011 - 09:41:44 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [273488]
O58 - SDL:[MD5.0226FFBC420D8FB67BA3B9DBDD1F2DCA] - 13/01/2011 - 09:40:20 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51792]
O58 - SDL:[MD5.FB7602C5C508BE281368AAE0B61B51C6] - 30/09/2009 - 02:34:30 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys [121872]
O58 - SDL:[MD5.7052120D5AB25AB292E8C9DA46BB2FE1] - 10/11/2009 - 17:34:52 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [6108672]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888]
O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]
O58 - SDL:[MD5.6EBE4832B1A7C063FDF87035AFC1E3DC] - 19/10/2009 - 02:56:10 ---A- . (.JMicron Technology Corp. - JMicron JMB36X RAID Driver.) -- C:\Windows\system32\drivers\jraid.sys [115312]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]
O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [24152]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]
O58 - SDL:[MD5.F5BC2345E8C89D4E90FAFD23A2239935] - 26/10/2009 - 22:19:46 ---A- . (.NEC Electronics Corporation - USB 3.0 Hub Driver.) -- C:\Windows\system32\drivers\nusb3hub.sys [75264]
O58 - SDL:[MD5.5D42578241BC2A9B4A64837077436D5F] - 26/10/2009 - 22:19:48 ---A- . (.NEC Electronics Corporation - USB 3.0 Host Controller Driver.) -- C:\Windows\system32\drivers\nusb3xhc.sys [176640]
O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 14/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056]
O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 14/07/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488]
O58 - SDL:[MD5.AEA68392399A11A8C4F9DB0FA47DC0DD] - 09/11/2009 - 10:20:10 ---A- . (.PC Tools - PC Tools KDS Core Driver.) -- C:\Windows\system32\drivers\PCTCore64.sys [218056]
O58 - SDL:[MD5.CDF6BB7848FFD3C5C41860138ED7CE0F] - 07/01/2010 - 11:40:24 ---A- . (.PC Tools - PC Tools Generic TDI Driver.) -- C:\Windows\system32\drivers\pctgntdi64.sys [306648]
O58 - SDL:[MD5.D56925F29CC2CE2152FF9B8DB12F7659] - 07/01/2010 - 10:35:04 ---A- . (.PC Tools - PC Tools NDIS - DNS.) -- C:\Windows\system32\drivers\pctNdis-DNS64.sys [42456]
O58 - SDL:[MD5.725C8D3E1C7BE65C0918A9EBB0249081] - 12/01/2010 - 08:34:16 ---A- . (.PC Tools - PC Tools NDIS - Packet Filter.) -- C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [95504]
O58 - SDL:[MD5.8BC4989FC22515FC95E85F51294C4740] - 07/01/2010 - 10:35:10 ---A- . (.PC Tools - PC Tools NDIS Driver.) -- C:\Windows\system32\drivers\pctNdis64.sys [81584]
O58 - SDL:[MD5.1B71BB46BD125144147727EB78E353FB] - 13/01/2010 - 07:59:28 ---A- . (.PC Tools - PC Tools FW Plugin Driver.) -- C:\Windows\system32\drivers\pctplfw64.sys [164496]
O58 - SDL:[MD5.516E755CE447DEED5FBAB3E91B5E2785] - 07/01/2010 - 11:40:24 ---A- . (.PC Tools - PC Tools WFP kernel DLL.) -- C:\Windows\system32\drivers\pctwfpfilter64.sys [133072]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]
O58 - SDL:[MD5.3B01789EE4EAEE97F5EB46B711387D5E] - 19/08/2009 - 08:05:06 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [239616]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]
O58 - SDL:[MD5.C9043FC737FA1C520571EF31AD45A6E4] - 16/05/2007 - 09:05:10 ---A- . (.PixArt Imaging Inc. - SPC220NC.) -- C:\Windows\system32\drivers\SPC220NC.SYS [572928]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]
O58 - SDL:[MD5.0D0FB2EE4333AA6808592A2AB0EBDD0F] - 08/10/2010 - 15:52:38 ---A- . (.Oracle Corporation - VirtualBox Support Driver.) -- C:\Windows\system32\drivers\VBoxDrv.sys [203024]
O58 - SDL:[MD5.626F0A31303B999EA4999138AC63C3E9] - 08/10/2010 - 15:52:38 ---A- . (.Oracle Corporation - VirtualBox Host-Only Network Adapter Driver.) -- C:\Windows\system32\drivers\VBoxNetAdp.sys [144784]
O58 - SDL:[MD5.D31EF2F40E092501F2752A5BA766F193] - 08/10/2010 - 15:52:38 ---A- . (.Oracle Corporation - VirtualBox USB Monitor Driver.) -- C:\Windows\system32\drivers\VBoxUSBMon.sys [53968]
O58 - SDL:[MD5.906A7C6B6659A650648CF21998270945] - 17/09/2009 - 12:04:18 ---A- . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\viahduaa.sys [1250816]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 12:34:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 12:34:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:[MD5.A82C01606DC27D05D9D3BFB6BB807E32] - 04/08/2009 - 03:28:28 R--A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]


---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1
O63 - Logiciel: OTL - (.OldTimer.)


---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\Windows\Syswow64\drivers\AsIO.sys - AsIO (AsIO) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASIO
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWFSBLK.sys - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - C:\Windows\system32\drivers\aswMonFlt.sys - aswMonFlt (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWRDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSP.sys - (.not file.) - aswSP (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWTDI
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP
O64 - Services: CurCS - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\cdfs.sys - CD/DVD File System Reader (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - C:\Windows\System32\Drivers\cng.sys - CNG (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE
O64 - Services: CurCS - C:\Windows\system32\drivers\dxgkrnl.sys - LDDM Graphics Subsystem (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY
O64 - Services: CurCS - (.not file.) - klmd25 (klmd25) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMD25
O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecdd.sys - KSecDD (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecpkg.sys - KSecPkg (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\lltdio.sys - Link-Layer Topology Discovery Mapper I/O Driver (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV
O64 - Services: CurCS - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10
O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msisadrv.sys - msisadrv (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - C:\Windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP
O64 - Services: CurCS - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - NetBIOS Interface (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL
O64 - Services: CurCS - C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys - PCTools Firewall - Packet filter driver (PCTFW-PacketFilter) .(.PC Tools - PC Tools NDIS - Packet Filter.) - LEGACY_PCTFW-PACKETFILTER
O64 - Services: CurCS - C:\Windows\system32\drivers\pctgntdi64.sys - pctgntdi (pctgntdi) .(.PC Tools - PC Tools Generic TDI Driver.) - LEGACY_PCTGNTDI
O64 - Services: CurCS - C:\Windows\system32\drivers\pctplfw64.sys - pctplfw (pctplfw) .(.PC Tools - PC Tools FW Plugin Driver.) - LEGACY_PCTPLFW
O64 - Services: CurCS - C:\Windows\System32\drivers\pcw.sys - Performance Counters for Windows Driver (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW
O64 - Services: CurCS - C:\Windows\System32\drivers\peauth.sys - PEAUTH (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - C:\Windows\system32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Link-Layer Topology Discovery Responder (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPLDR
O64 - Services: CurCS - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV
O64 - Services: CurCS - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srvnet.sys - srvnet (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP
O64 - Services: CurCS - C:\Windows\System32\drivers\tcpipreg.sys - TCP/IP Registry Compatibility (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\udfs.sys - udfs (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - C:\Windows\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\volsnap.sys - Volumes de stockage (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6
O64 - Services: CurCS - C:\Windows\System32\drivers\Wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wfplwf.sys - WFP Lightweight Filter (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF
O64 - Services: CurCS - C:\Windows\System32\drivers\WudfPf.sys - User Mode Driver Frameworks Platform Driver (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe


---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.Brice> <Google Chrome.Brice>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Brice\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.Corentin> <Google Chrome.Corentin>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Corentin\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {82937F72-0A1C-44E0-ACBD-9E76CFD4C8D9} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Bing) - http://www.bing.com


---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.7949C6EE4292D7266F3269BAE4FCA82D] [SPRF] (.Electronic Arts Inc. - Electronic Arts AutoRun.) -- C:\Users\CHRISTINE\AppData\Local\Temp\AutoRun.exe [618496]
[MD5.ABB350F1AFAA2284453236B9C7DBAAAA] [SPRF] (.Electronic Arts Inc. - AutoRun GUI.) -- C:\Users\CHRISTINE\AppData\Local\Temp\AutoRunGUI.dll [532480]
[MD5.C517689D6E619CCBA3F468CC9EF0639D] [SPRF] (.Microsoft Corporation - Programme d’installation Windows Internet Explorer 9.) -- C:\Users\CHRISTINE\AppData\Local\Temp\IE9-Windows7-x64.exe [38488376]
[MD5.1613633355818CA05AB56E573C72B510] [SPRF] (.Microsoft Corporation - Programme d’installation Windows Internet Explorer 9.) -- C:\Users\CHRISTINE\AppData\Local\Temp\iesetup-win7-x64.exe [518656]
[MD5.676A86173A1FE2698C6F049D74DC6EB2] [SPRF] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\CHRISTINE\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe [875296]
[MD5.34908E446D09432BD17830458D242BD2] [SPRF] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\CHRISTINE\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe [884512]
[MD5.81EBC5DB32DA754CAE9E200B70F06DE2] [SPRF] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\CHRISTINE\AppData\Local\Temp\MSN5CE0.exe [469256]
[MD5.6613446B661075DCF0EF150E7EE42F9C] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\CHRISTINE\AppData\Local\Temp\ShortcutsEx.exe [207872]
[MD5.5044E41710E1AE8A3C43139EE3666EEE] [SPRF] (.VS Revo Group Ltd. - Revo Uninstaller Setup.) -- C:\Users\CHRISTINE\AppData\Local\Temp\VSUSetup.exe [2649016]
[MD5.ED324284FA119EF0F240AC9E2262D666] [SPRF] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Users\CHRISTINE\AppData\Local\Temp\wmpfirefoxplugin.exe [318904]
[MD5.FBAB280D0CAC5E21C72F0A1A7B5B9608] [SPRF] (.Macrovision Corporation - Setup.exe.) -- C:\Users\CHRISTINE\AppData\Local\Temp\_is379F.exe [455600]


---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 0 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 19/08/2009 90112 | (AsSysCtrlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
SR - | Auto 13/01/2011 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Auto 01/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/06/2010 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 09/11/2009 818432 | (PCToolsFirewallPlus) . (.PC Tools.) - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by CHRISTINE at 26/01/2011 14:44:07

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by CHRISTINE at 26/01/2011 14:44:07
Use the desktop link 'MBRCheck' to have full report




End of the scan (851 lines in 00mn 36s)(0)

[alissia75]

Suis trop bête !
En survolant ZHPDiag j'ai aperçu "virtual box"
Je ne m'en souvenais plus mais j'"avais installé un logiciel gratuit pour essayer de faire tourner mes anciens cdroms sous windows 7. N'ayant rien compris à l'utilisation de ce truc j'avais finis par le supprimer. Ca vient peut-être de ça le fameux volume I de 0 octets.?

[alissia75]

Bon voilà j'ai réactivé les fichiers de ma liscence
Tu me demandes le type exact de machine : c'est à dire ? Quelles données je dois te fournir exactement ?
Pour l'installation d'origine ca ne m'emballe pas trop mais si vraiment besoin est j'avais quand même réussi à faire un disque de réparation.
A bientôt

[MoJac]

Bonjour alissia75,

Parfait. Les nouvelles sont plutôt bonnes si on croise les différents rapports (OTL et ZHPDiag). En effet chacun d'eux a ses petites limites face aux machines 64 bit ...

- La machine ne semble définitivement pas infectée.

- Les mises à jours Windows sont bien activées.

- L'UAC est bien activée aussi.

Il ne faut pas se préoccuper de l'alerte MBR:

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR

Car ce logiciel n'est pas compatible 64 bit ... Ton MBR va bien il a été vérifié par Kaspersy TDSSKiller.

j'ai réactivé les fichiers de ma liscence

--> Donc plus d'alerte de ce coté ?

En survolant ZHPDiag j'ai aperçu "virtual box"
Je ne m'en souvenais plus mais j'"avais installé un logiciel gratuit pour essayer de faire tourner mes anciens cdroms sous windows 7. N'ayant rien compris à l'utilisation de ce truc j'avais finis par le supprimer. Ca vient peut-être de ça le fameux volume I de 0 octets.?

VirtualBox permet effectivement ce type de manip. Il n'y a pas de miracle, il faut installer un OS (windows) sous cet environnement. Un minimum de maitrise technique est nécessaire, mais c'est tout à fait possible sans être ingé informatique !!!.

--un tutoriel assez complet et bien fait ici si tu veux creuser le sujet:

http://www.siteduzero.com/tutoriel-3-36 ... albox.html

Tu me demandes le type exact de machine : c'est à dire ? Quelles données je dois te fournir exactement ?

Le but était de chercher chez Asus les procédures de remise en condition usine de la machine - juste au cas où ... Je pense que ce ne sera pas nécessaire !

Donc à ce stade il s'agit maintenant de savoir si la machine se comporte normalement. Il n'y a pas d'infection flagrante, il n'est sans doute pas nécessaire de faire d'autres recherches sauf si la machine a un fonctionnement bizarre.

Que s'est il passé ?

Difficile à dire. Si tu peux retrouver les logs de Avast cela permettrai peut être de le savoir. A mon sens Avast a bien éradiqué le pb, même si il a eu des difficultés.
Un autre pb est sans doute venu interférer avec l'action d'Avast: une mise à jour foireuse de Quick Time:

Error - 25/01/2011 03:24:47 | Computer Name = CHRISTINE-PC | Source = SideBySide | ID = 16842814
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\SoftwareUpdateFilesLocalized.dll.Manifest ».
Erreur dans le fichier de manifeste ou de stratégie « C:\Program Files (x86)\Apple
Software Update\SoftwareUpdateFiles.Resources\fi.lproj\SoftwareUpdateFilesLocalized.dll.Manifest »
à la ligne 2. L’attribut nécessaire version est absent de l’élément assemblyIdentity.

il a été rapporté des erreurs de validation de licence Windows, dans ce cas là. C'est ce qui s'est sans doute passé.

- La solution peut être de désinstaller et éventuellement réinstaller les mises à jour auto de Apple (un élément appelé Apple Software Update dans la liste des programmes pouvant être désinstallés)

La suite:

je te propose un dernier scan rapide de OTL -> clic droit sur OTL et éxécuter en tant qu'admin et clic sur Analyse Rapide

Télécharge Security Check de screen317 et enregistre le sur ton Bureau.

• Double-clique sur Security Check.exe afin de l'exécuter (ou clic droit et exécuter en tant qu'administrateur si tu es sous Vista).
• Suis les instructions affichées à l'écran.
  
  Lors del a phase "DNS Vulnerability Check: / Vulnérabilité DNS", le processus DIG.exe va demander une connexion en sortie qu'il faut autoriser.
  
  
• Un document texte appelé checkup.txt va s'ouvrir automatiquement dans le Bloc-notes.
• Poste le contenu dans ta prochaine réponse

Sont attendus:

• Un avis sur le comportement de la machine et l'absence d'alerte (y compris de licence Windows).
• Le log OTL rapide
• Le log de Security check

On fera sans doute un petit ménage en fonction des résultats.

A plus

[alissia75]

Non plus de problème de liscence windows
J'ai desinstallé les mises à jour d'apple
J'ai relancé un scan minutieux avec avast et bizarrement il ne detecte plus rien. Peut-être comme tu disais le malware a bien été éradiqué malgré les messages d'erreurs de mise en quarantaine.
voici maintenant le rapport OTH


OTL logfile created on: 27/01/2011 23:48:44 - Run 2
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\CHRISTINE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 403,30 Gb Free Space | 86,61% Space Free | Partition Type: NTFS
Drive D: | 418,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 436,89 Gb Total Space | 378,63 Gb Free Space | 86,67% Space Free | Partition Type: NTFS

Computer Name: CHRISTINE-PC | User Name: CHRISTINE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 19:54:48 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\CHRISTINE\Desktop\OTL.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/12/16 11:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/10/21 08:33:33 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2009/11/06 14:00:44 | 008,619,008 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009/10/21 11:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/02 18:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/08/19 18:12:08 | 001,043,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
PRC - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/17 14:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/05/26 16:46:10 | 001,159,168 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009/03/23 17:02:50 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/12/10 06:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC220NC\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/01/25 19:54:48 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\CHRISTINE\Desktop\OTL.exe
MOD - [2011/01/20 07:40:48 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/10 16:58:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/17 14:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/10/08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/21 17:00:44 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/01/13 07:59:28 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/01/12 08:34:16 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/01/07 11:40:24 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/01/07 10:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009/11/10 17:34:52 | 006,108,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/19 02:56:10 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/30 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 12:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/19 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/16 09:05:10 | 000,572,928 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPC220NC.SYS -- (SPC220NC)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 58 0C 58 8C 70 CB 01 [binary data]
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4238013777-99600414-2200620389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\Philips\SPC220NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4238013777-99600414-2200620389-1000..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Brice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/13 15:27:21 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/06/12 11:49:58 | 000,006,494 | R--- | M] () - D:\AUTORUN.ini -- [ CDFS ]
O32 - AutoRun File - [2006/11/09 17:41:02 | 002,668,640 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 14:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2011/01/26 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2011/01/26 14:42:45 | 002,296,565 | ---- | C] (Nicolas Coolman ) -- C:\Users\CHRISTINE\Desktop\ZHPDiag2.exe
[2011/01/26 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/01/25 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\Desktop\tdsskiller
[2011/01/25 19:54:55 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\CHRISTINE\Desktop\OTL.exe
[2011/01/25 19:48:56 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Roaming\Malwarebytes
[2011/01/25 19:48:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/25 19:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/25 19:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/25 19:48:45 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/25 19:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/25 19:47:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\CHRISTINE\Desktop\mbam-setup.exe
[2011/01/24 18:39:09 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\Desktop\assurance voiture
[2011/01/17 10:07:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/17 09:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2011/01/16 03:21:03 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/11 17:27:04 | 000,000,000 | R--D | C] -- C:\Users\CHRISTINE\Documents\Scanned Documents
[2011/01/11 17:27:04 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\Documents\Fax
[2011/01/11 14:04:32 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Local\Xenocode
[2011/01/11 13:59:38 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Roaming\Emjysoft
[2011/01/09 16:58:21 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Local\Evernote
[2011/01/09 16:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/01/09 16:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2011/01/06 00:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/01/01 16:28:36 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Local\ElevatedDiagnostics
[2010/12/31 15:19:55 | 000,000,000 | ---D | C] -- C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

========== Files - Modified Within 30 Days ==========

[2011/01/27 23:50:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000UA.job
[2011/01/27 23:28:13 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/01/27 23:19:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002UA.job
[2011/01/27 23:16:16 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/27 23:16:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001UA.job
[2011/01/27 20:36:23 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/27 20:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/27 19:11:51 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/27 19:11:51 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/27 19:09:11 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/27 19:09:11 | 000,704,242 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/01/27 19:09:11 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/27 19:09:11 | 000,130,548 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/01/27 19:09:11 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/27 19:04:36 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/27 12:19:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1002Core.job
[2011/01/27 12:16:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1001Core.job
[2011/01/26 23:46:50 | 000,002,260 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\anniversaire_090.png
[2011/01/26 22:42:52 | 000,087,303 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\ZHPDiaggg
[2011/01/26 14:43:15 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2011/01/26 14:43:15 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2011/01/26 14:43:15 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2011/01/26 14:42:45 | 002,296,565 | ---- | M] (Nicolas Coolman ) -- C:\Users\CHRISTINE\Desktop\ZHPDiag2.exe
[2011/01/26 11:03:41 | 002,672,312 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\esetsmartinstaller_enu.exe
[2011/01/26 10:15:14 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238013777-99600414-2200620389-1000Core.job
[2011/01/25 21:36:33 | 001,237,433 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\tdsskiller.zip
[2011/01/25 19:54:48 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\CHRISTINE\Desktop\OTL.exe
[2011/01/25 19:48:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/25 19:47:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\CHRISTINE\Desktop\mbam-setup.exe
[2011/01/24 15:13:11 | 025,024,537 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\Fatal_Bazooka_-_Ce_matin_va_être_une_Pure_Soirée_[CLIP_HD_QUALITY].mp4
[2011/01/18 23:23:24 | 000,026,861 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\questions aide freebox.PNG
[2011/01/17 09:55:01 | 000,008,268 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c084.gif
[2011/01/17 09:53:04 | 000,008,572 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c055.gif
[2011/01/17 09:51:05 | 000,012,073 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c047.gif
[2011/01/17 09:46:42 | 000,001,219 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c018 (1).gif
[2011/01/17 09:46:20 | 000,000,871 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c005.gif
[2011/01/17 09:46:11 | 000,000,867 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c001.gif
[2011/01/17 09:46:04 | 000,001,219 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c018.gif
[2011/01/17 08:57:41 | 000,001,172 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c012 (1).gif
[2011/01/17 08:56:48 | 000,001,067 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c012.gif
[2011/01/17 08:56:37 | 000,000,751 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\c003.gif
[2011/01/16 03:21:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/01/13 12:40:38 | 000,005,693 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\adresse de bouygues.PNG
[2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/10 18:28:09 | 000,002,525 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2011/01/09 16:58:14 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Evernote.lnk
[2011/01/02 15:12:13 | 000,019,252 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\Capture.PNG
[2010/12/31 15:19:55 | 000,001,264 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\Revo Uninstaller.lnk

========== Files Created - No Company Name ==========

[2011/01/26 23:46:53 | 000,002,260 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\anniversaire_090.png
[2011/01/26 22:42:52 | 000,087,303 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\ZHPDiaggg
[2011/01/26 14:43:15 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2011/01/26 14:43:15 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2011/01/26 14:43:15 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2011/01/26 11:03:43 | 002,672,312 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\esetsmartinstaller_enu.exe
[2011/01/25 21:36:12 | 001,237,433 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\tdsskiller.zip
[2011/01/25 19:48:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/24 15:12:06 | 025,024,537 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\Fatal_Bazooka_-_Ce_matin_va_être_une_Pure_Soirée_[CLIP_HD_QUALITY].mp4
[2011/01/18 23:23:24 | 000,026,861 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\questions aide freebox.PNG
[2011/01/17 09:55:04 | 000,008,268 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c084.gif
[2011/01/17 09:53:07 | 000,008,572 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c055.gif
[2011/01/17 09:51:08 | 000,012,073 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c047.gif
[2011/01/17 09:46:45 | 000,001,219 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c018 (1).gif
[2011/01/17 09:46:23 | 000,000,871 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c005.gif
[2011/01/17 09:46:14 | 000,000,867 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c001.gif
[2011/01/17 09:46:07 | 000,001,219 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c018.gif
[2011/01/17 08:57:44 | 000,001,172 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c012 (1).gif
[2011/01/17 08:56:51 | 000,001,067 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c012.gif
[2011/01/17 08:56:40 | 000,000,751 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\c003.gif
[2011/01/13 12:40:38 | 000,005,693 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\adresse de bouygues.PNG
[2011/01/09 16:58:14 | 000,002,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2011/01/09 16:58:14 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Evernote.lnk
[2011/01/01 16:01:00 | 000,019,252 | ---- | C] () -- C:\Users\CHRISTINE\Desktop\Capture.PNG
[2010/12/24 12:21:57 | 000,000,766 | ---- | C] () -- C:\Program Files (x86)\Uninst.ico
[2010/12/24 12:21:57 | 000,000,059 | ---- | C] () -- C:\Program Files (x86)\Installer_Flash8.cmd
[2010/10/24 12:26:27 | 000,000,434 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/24 12:26:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/10/16 16:19:54 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/10/16 16:19:54 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/10/16 16:19:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/16 16:19:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/16 16:14:24 | 000,043,253 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/10/16 16:13:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/16 16:13:17 | 000,029,333 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/12/23 05:12:18 | 000,000,840 | ---- | C] () -- C:\Windows\SysWow64\SPC220NC.INI
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2011/01/17 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\Brice\AppData\Roaming\OpenOffice.org
[2010/10/24 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Brice\AppData\Roaming\PCToolsFirewallPlus
[2010/12/20 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\Brice\AppData\Roaming\Windows Live Writer
[2010/10/21 22:11:32 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\AlauxSoft
[2011/01/11 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\Emjysoft
[2010/10/23 11:41:58 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\OpenOffice.org
[2010/10/24 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\PCToolsFirewallPlus
[2010/10/21 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\Raccourcis applicatifs
[2010/10/26 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\CHRISTINE\AppData\Roaming\Windows Live Writer
[2010/10/24 19:26:37 | 000,000,000 | ---D | M] -- C:\Users\Corentin\AppData\Roaming\PCToolsFirewallPlus
[2010/12/12 08:54:09 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/06 09:01:37 | 000,000,406 | ---- | M] () -- C:\debugInstaller.txt
[2011/01/27 23:28:13 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/27 19:04:36 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/01/27 19:04:38 | 4292,927,488 | -HS- | M] () -- C:\pagefile.sys
[2010/10/16 16:21:37 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2011/01/26 01:14:01 | 000,060,978 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_25.01.2011_21.37.46_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2009/10/05 12:21:04 | 000,009,472 | -H-- | M] () -- C:\version

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.dll /lockedfiles >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2010/09/08 05:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2010/09/08 06:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 06:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/09/08 05:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2010/08/31 23:55:48 | 000,869,688 | ---- | M] (Microsoft Corporation) MD5=B661327C64FACCF3EB14DE1D1D2190CC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/08/31 23:55:48 | 000,869,688 | ---- | M] (Microsoft Corporation) MD5=B661327C64FACCF3EB14DE1D1D2190CC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.7930.16406_none_f35392bbc898a05c\iexplore.exe
[2010/08/31 23:54:40 | 000,757,560 | ---- | M] (Microsoft Corporation) MD5=E5375DE7F4E451A9176524CEF733CB5D -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/08/31 23:54:40 | 000,757,560 | ---- | M] (Microsoft Corporation) MD5=E5375DE7F4E451A9176524CEF733CB5D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.7930.16406_none_e8fee8699437de61\iexplore.exe
[2009/07/14 02:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

[alissia75]

Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
ESET Online Scanner v3
PC Tools Firewall Plus 6.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 - Français
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
PC Tools Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

[alissia75]

En tout cas je suis ravie car en cas d'infection j'ai toujours peur que mes frappes soient enregistrés ou que quelqu'un puisse controler mon pc et acceder à mes données. Je dois être parano mais je lis tellement de mises en garde...

Si je peux me permettre il y a encore 2 choses que j'aimerai savoir :
_ est-il possible que je supprime mon volume I qui fait 0 octets ?
_ mon pare feu me demande régulièrement si j'autorise ou non la connexion de : "notification de cadeaux msn" et en cherchant sur le net pour savoir ce que c'est il est décrit comme un virus (sur des forums datant de 2009, rien de plus récent). Penses tu que ce soit vraiment le cas ?

[MoJac]

Bonjour alissia75,

Reprenons un peu tout ça:

J'ai relancé un scan minutieux avec avast et bizarrement il ne detecte plus rien. Peut-être comme tu disais le malware a bien été éradiqué malgré les messages d'erreurs de mise en quarantaine.

Rappel: ESET on line et Kaspersky n'ont rien trouvé non plus ... donc je pense que c'est bon.

Je dois être parano mais je lis tellement de mises en garde...

Il faut être attentive, avoir une machine à jour et un comportement sur le net "responsable" ... et normalement ça se passe bien. Je te donnerai quelques éléments à ce sujet en toute fin de désinfection.

_ est-il possible que je supprime mon volume I qui fait 0 octets ?

Je ne sais pas ce que c'est ! En tout cas ce n'est pas en relation avec la remise ne état usine de la machine. Dans la mesure où il est vide, je pense que tu dois pouvoir l'enlever.

_ mon pare feu me demande régulièrement si j'autorise ou non la connexion de : "notification de cadeaux msn" ...

J'avais vu ce truc, mais il n'y avait pas d'urgence à le traiter tant qu'on n'avait pas trouvé ce qui se passait sur ta machine, d'autant que la chose est signée Microsoft, donc pas virale à priori. On va s'en occuper avec un script OTL un peu plus loin.

Mises à jour de sécurité:

- Tu utilises Adobe Reader version 9.4.1. Il existe une version plus récente Adobe reader X qui met en oeuvre des technologies un peu plus avancées en terme de sécurité.
- http://get.adobe.com/fr/reader/
- Si tu choisis cette version il faut désinstaller la version 9 actuelle.
- Lors du téléchargement décoche "Inclure McAfee Security Scan Plus" parfaitement inutile dans ton cas.


Nouvelle utilisation de OTL (de OldTimer), mais en nettoyage cette fois ci:

- Avant d'utilser OTL en mode script il est impératif de désactiver temporairement ton Pare-Feu PCTools.

- Clic droit sur l'icone du FW et "désactiver le pare feu"



- Maintenir cette désactivation (décocher les 2 options) lors du redémarrage tant que le log du résultat de l'opération n'apparait pas à l'écran.



- Bien évidément réactiver ensuite le pare feu via clic droit dans l'icone de la barre de tache.

• Fais un double clic sur OTL.exe pour lancer l'outil.
  
  Ou clic droit et Exécuter en tant qu'Administrateur sous Vista/Sept
  
• Sélectionne très précisément tout ce qui est en gras avec la souris et copie le contenu dans la zone "Personnalisation" de la fenêtre OTL
  
  
  :OTL
  DRV:64bit: - [2010/10/08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O4 - HKU\S-1-5-21-4238013777-99600414-2200620389-1000..\Run: [RESTART_STICKY_NOTES] File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
  O4 - Startup: C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
  O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
  [2011/01/26 11:03:41 | 002,672,312 | ---- | M] () -- C:\Users\CHRISTINE\Desktop\esetsmartinstaller_enu.exe
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  
  
• Ferme toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...).
  
  Clique sur le bouton Correction:
  
  Note: Si le redémarrage est demandé, clique sur Oui/Yes (attention à laisser le fire-wall désactié temporairement)
  
• Lors du redémarrage le bloc-note sera ouvert avec le contenu du fichier OTL.txt
  
• Poste son contenu

A plus

[alissia75]

Voilà le fichier OTL


All processes killed
========== OTL ==========
Service VBoxNetAdp stopped successfully!
Service VBoxNetAdp deleted successfully!
C:\Windows\SysNative\drivers\VBoxNetAdp.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-4238013777-99600414-2200620389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk moved successfully.
C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
C:\Users\CHRISTINE\Desktop\esetsmartinstaller_enu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brice
->Temp folder emptied: 5776113 bytes
->Temporary Internet Files folder emptied: 39697333 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 402570006 bytes
->Flash cache emptied: 215713 bytes

User: CHRISTINE
->Temp folder emptied: 242341074 bytes
->Temporary Internet Files folder emptied: 528020575 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 368309435 bytes
->Flash cache emptied: 57208 bytes

User: Corentin
->Temp folder emptied: 13103574 bytes
->Temporary Internet Files folder emptied: 28680797 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 375909170 bytes
->Flash cache emptied: 36232 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19436183 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50674 bytes
RecycleBin emptied: 2133453673 bytes

Total Files Cleaned = 3 965,00 mb


[EMPTYFLASH]

User: All Users

User: Brice
->Flash cache emptied: 0 bytes

User: CHRISTINE
->Flash cache emptied: 0 bytes

User: Corentin
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.5 log created on 01282011_120641

Files\Folders moved on Reboot...
C:\Users\CHRISTINE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[MoJac]

Re:

Parfait ! Tu as bien travaillé

On continue:

1) - Désinstallation des outils utilisés:

• Via le panneau de configuration, désinstalle ESET Scanner si présent, puis au besoin supprime les dossiers suivants:
  
  C:\Program Files (x86)\ESET
  
• Supprime TDSSKiller.exe et .zip de sur ton bureau.
  
• Conserve Malwarebyte's Antimalware, passe le régulièrement après mise à jour.
  
• Clic droit sur l'icône ZHPFix présente sur ton bureau:
  
• Sélectionne 'Exécuter en tant qu'administrateur'
  
• Clic sur le A rouge
• Clic sur Nettoyer.
• Redémarre l'ordi pour terminer le nettoyage.

2) - Conseils relatifs à la sécurité:

• Les logiciels de sécurité (antivirus, anti-troyens ...), même les meilleurs, ne sont pas efficaces à 100% contre les menaces actuelles. Pour protéger efficacement ton PC il faut que tu connaisses les pièges tendus sur le net et que tu apprennes à les éviter. Pour cela, je t'invite à lire ce document de la Lutte Antimalwares. (Au format PDF)
  Il est très complet alors prends ton temps pour le lire et fais le circuler autour de toi.
  
• Les risques liés au P2P:Idées reçues

Voilà, si tu n'as plus de pb je te propose d'en rester là. Toute l'équipe de Micro-Astuce te souhaite bon surf en toute sécurité .

[alissia75]

Parfait ! Tu as bien travaillé : non non c'est toi qui a bossé et je te remercie infiniment pour toute l'aide que tu m'a porté !
Grâce à toi j'ai un ordi tout propre
Merci encore