A voir également:
- CSRSS,msmiode,cfdrive32,
- Csrss trojan - Forum Virus
- Csrss - Forum Virus
- Csrss.exe infecté ? : processus d'exécuTTion client-serveur ✓ - Forum Virus
- Csrss exe - Forum Virus
- APPEL AUX PRO : VIRUS !! - Forum Virus
28 réponses
Bon.....finalement, suite à la lecture de ton rapport,
j'ai changé d'avis :
==> OUVRE LA FENETRE EN GRAND !!!!!
==> Le Bronx c'est un jardin d'enfants à coté de ton pc !!!!
--> On va donc commencer tout petit sans aucune garantie vu ton Windows pas trop " Bill Gates"....
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
---> Installe la console de récupération si l'outil te le propose.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
j'ai changé d'avis :
==> OUVRE LA FENETRE EN GRAND !!!!!
==> Le Bronx c'est un jardin d'enfants à coté de ton pc !!!!
--> On va donc commencer tout petit sans aucune garantie vu ton Windows pas trop " Bill Gates"....
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
---> Installe la console de récupération si l'outil te le propose.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Salut,
Impératif avant de commencer:
==> FERME LA FENETRE stp...
Ensuite:
fais ceci pour un diagnostic complet du PC :
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Double clique sur le fichier d'installation, puis installe le avec les? paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe? en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint :? http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
Impératif avant de commencer:
==> FERME LA FENETRE stp...
Ensuite:
fais ceci pour un diagnostic complet du PC :
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Double clique sur le fichier d'installation, puis installe le avec les? paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe? en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint :? http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
http://www.cijoint.fr/cj201009/cijQCT61KQ.txt
Rapport de ZHPDiag v1.26.652 par Nicolas Coolman, Update du 19/09/2010
Run by Fazer at 19/09/2010 17:58:41
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.5.6)
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 2 Stepping 4, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1535 MB (72% free)
System drive C: has 7 GB (33%) free of 20 GB
---\\ Logged in mode
Computer Name: A6-EB2A2A32C321
User Name: Fazer
All Users Names: SUPPORT_388945a0, HelpAssistant, Fazer, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 20 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 41 Go of 279 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 101 Go of 170 Go)
G:\ CD-ROM drive (Free 0 Go of 4 Go)
H:\ CD-ROM drive (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]
[MD5.77AC10DB097DFD0CD3071465B644D0AB] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- F:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [154136]
[MD5.F32E7CD2339C66760AA5178924B21E6B] - (.TomTom - Windows Service for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]
[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [49152]
[MD5.2D0E5592AB5A46C27DAF7CCAFF4F5B59] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE [625664]
[MD5.3621F2F6A733BFABDC58C97613B0166D] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe [116280]
[MD5.3CED5346A0944AEBFA68C1DB4AE06D5F] - (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe [129720]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232]
[MD5.B6F1B7186CE9A4E20481D8DA8BD4F63F] - (.Nicolas Coolman - Diagnostic Tool.) -- F:\Program Files\ZHPDiag\ZHPDiag.exe [555520]
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\firefox@tvunetworks.com] [] TVU Web Player 2,5,3,1 (..)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\redbullsboom@redbull.newyork.mlsnet.com] [] New York Red Bulls Boom 2,5,3,1 (.Brand Thunder.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@canalplus.fr/Assistants VOD,version=1.0.0.0] - (.Canal+ Active - npCpVod.) -- F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pages.tvunetworks.com/WebPlayer] - (.TVU networks - 2,5,3,1.) -- C:\WINDOWS\system32\TVUAx\npTVUAx.dll
P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\VLCBroadcast\npvbp.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\Player\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.0.3] - (.the VideoLAN Team - Version 1.0.3, copyright 1996-2009 The VideoLAN Team<br><a href="http:.) -- F:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Fazer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livetv.sx/frx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16640 (vista_gdr.080213-1606)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSODESNV7] . (.RALR - Pas de description.) -- C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltodown.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kbrd.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab ZAO - Mozilla 3 Virtual Keyboard.) - F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD (CanalPlus.VOD) . (.Canal+ Active - CanalPlus.VOD.Service.) - F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player 11 - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys
O41 - Driver: Kl2 (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\WINDOWS\system32\drivers\kl2.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
O42 - Logiciel: 3Planesoft Screensaver Manager 1.4 - (.3Planesoft.) [HKLM] -- 3Planesoft Screensaver Manager_is1
O42 - Logiciel: ????? - (.??.) [HKLM] -- AddressBar
O42 - Logiciel: ABC (remove only) - (.Pas de propriétaire.) [HKLM] -- ABC
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop Elements - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop Elements 1.0
O42 - Logiciel: Adobe SVG Viewer - (.Adobe Systems, Inc..) [HKLM] -- Adobe SVG Viewer
O42 - Logiciel: Ancient Castle 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ancient Castle 3D Screensaver_is1
O42 - Logiciel: AnyDVD - (.SlySoft.) [HKLM] -- AnyDVD
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: CANAL+ CANALSAT A LA DEMANDE - (.CanalPlus.) [HKLM] -- {04DA096D-6236-4A5D-8FB6-3081E67009BA}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA}
O42 - Logiciel: Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas 3D Screensaver_is1
O42 - Logiciel: Christmas Bells 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas Bells 3D Screensaver_is1
O42 - Logiciel: Clock Tower 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Clock Tower 3D Screensaver_is1
O42 - Logiciel: CloneDVD2 - (.Elaborate Bytes.) [HKLM] -- CloneDVD2
O42 - Logiciel: Coffret de pilotes Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- lvdrivers_12.10
O42 - Logiciel: Cool Beans NFO Creator 2.0.1.3 - (.Cool Beans Software.) [HKLM] -- Cool Beans NFO Creator_is1
O42 - Logiciel: Coral Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Coral Clock 3D Screensaver_is1
O42 - Logiciel: Creative PCI Audio Drivers - (.Pas de propriétaire.) [HKLM] -- SBPCIUnInstall
O42 - Logiciel: Crystal Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Crystal Fireplace 3D Screensaver_is1
O42 - Logiciel: Cuckoo Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Cuckoo Clock 3D Screensaver_is1
O42 - Logiciel: DVD Decoder Pak for Windows XP - (.roddy2000@hotbox.ru.) [HKLM] -- {92C5DB3D-9D6F-4324-BB11-57825F4C2635}
O42 - Logiciel: Deep Space 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Deep Space 3D Screensaver_is1
O42 - Logiciel: Desktop Trains Screensaver - (.Pas de propriétaire.) [HKLM] -- Desktop Trains Screensaver
O42 - Logiciel: Discovery 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Discovery 3D Screensaver_is1
O42 - Logiciel: Dutch Windmills 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Dutch Windmills 3D Screensaver_is1
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: Earth 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Earth 3D Screensaver_is1
O42 - Logiciel: Fantasy Moon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Fantasy Moon 3D Screensaver_is1
O42 - Logiciel: Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireplace 3D Screensaver_is1
O42 - Logiciel: Fireside Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireside Christmas 3D Screensaver_is1
O42 - Logiciel: Flag 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Flag 3D Screensaver_is1
O42 - Logiciel: Galleon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Galleon 3D Screensaver_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {2012D762-5DCA-455A-B5FE-EDF79BC93E18}
O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects
O42 - Logiciel: HP Smart Web Printing 4.5 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4}
O42 - Logiciel: Halloween 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Halloween 3D Screensaver_is1
O42 - Logiciel: Haunted House 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Haunted House 3D Screensaver_is1
O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM] -- KB915865
O42 - Logiciel: I-Doser v4 - (.Pas de propriétaire.) [HKCU] -- I-Doser v4
O42 - Logiciel: Ice Clock 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ice Clock 3D Screensaver_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018FF}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- {66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: KeyHoleTV - (.Pas de propriétaire.) [HKLM] -- KeyHoleTV
O42 - Logiciel: Koi Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Koi Fish 3D Screensaver_is1
O42 - Logiciel: Lagoon 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lagoon 3D Screensaver_is1
O42 - Logiciel: Lantern 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lantern 3D Screensaver_is1
O42 - Logiciel: Les Sims(TM) 3 - (.Electronic Arts.) [HKLM] -- {C05D8CDB-417D-4335-A38C-A0659EDFD6B8}
O42 - Logiciel: Lighthouse Point 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Lighthouse Point 3D Screensaver_is1
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser - (.Microsoft Corporation.) [HKLM] -- {AEB9948B-4FF2-47C9-990E-47014492A0FE}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mayan Waterfall 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mayan Waterfall 3D Screensaver_is1
O42 - Logiciel: Mechanical Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mechanical Clock 3D Screensaver_is1
O42 - Logiciel: MediaInfo 0.7.26 - (.MediaArea.net.) [HKLM] -- MediaInfo
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {B508B3F1-A24A-32C0-B310-85786919EF28}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {3F7924B9-D148-3141-87B1-68F36043A940}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {2BA00471-0328-3743-93BD-FA813353A783}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {511DF669-2930-30C0-8EB6-552887E29EC8}
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- {2FC099BD-AC9B-33EB-809C-D332E1B27C40}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] -- {5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Access database engine 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {90120000-00D1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack - fra
O42 - Logiciel: Monopolysson 2.0.3 beta 10 - (.Pas de propriétaire.) [HKLM] -- Monopolysson
O42 - Logiciel: Mozilla Firefox (3.5.6) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.5.6)
O42 - Logiciel: Music NFO Builder v1.20 - (.Pawel Piecuch.) [HKLM] -- Music NFO Builder_is1
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: Nature 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Nature 3D Screensaver_is1
O42 - Logiciel: Nautilus 3D Screensaver 1.2 - (.3Planesoft.) [HKLM] -- Nautilus 3D Screensaver_is1
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {235BBFC6-D863-4066-A01A-3BD504C31036}
O42 - Logiciel: Nullsoft Install System - (.Pas de propriétaire.) [HKLM] -- NSIS
O42 - Logiciel: Online TV Player 4 - (.Online TV Player.com.) [HKLM] -- Online TV Player 3_is1
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Booster - (.Pas de propriétaire.) [HKLM] -- {BA0601E1-B65C-11D5-80A9-0000B494D9A6}
O42 - Logiciel: PPStream V2.6.86.9024 Final - (.PPStream, Inc..) [HKLM] -- PPStream
O42 - Logiciel: PPTV V2.4.3.0019 - (.PPLive Corporation.) [HKLM] -- PPLive
O42 - Logiciel: PSP Video 9 5.03 - (.Red Kawa.) [HKLM] -- PSP Video 9
O42 - Logiciel: Package de pilotes Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) - (.Advanced Micro Devices, Inc..) [HKLM] -- 9722CA1E8F72F362E93CBEC75A707FDABFC8D880
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) - (.eMPIA Technology Inc,.) [HKLM] -- 69083DC58646DE46A09847A522A1CC487F918039
O42 - Logiciel: Pochette Express 2 - (.Pas de propriétaire.) [HKLM] -- Pochette Express 2
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}
O42 - Logiciel: Railroad Scenery - (.Pas de propriétaire.) [HKLM] -- Railroad Scenery
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SecondLife (remove only) - (.Pas de propriétaire.) [HKLM] -- SecondLife
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SereneScreen Marine Aquarium 2.6 - (.Prolific Publishing, Inc..) [HKLM] -- SereneScreen Marine Aquarium 2.6_is1
O42 - Logiciel: Sexy City 1.2.1 - (.Sasori.) [HKLM] -- {94C2E416-D784-44D6-A3B3-3E593D13338D}_is1
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: SopCast 3.2.9 - (.www.sopcast.com.) [HKLM] -- SopCast
O42 - Logiciel: Sound Blaster PCI Compact Drivers Online Help - (.Pas de propriétaire.) [HKLM] -- Sound Blaster PCI Compact Drivers Online Help
O42 - Logiciel: Spirit of Fire 3D Screensaver 2.4 - (.3Planesoft.) [HKLM] -- Spirit of Fire 3D Screensaver_is1
O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.) [HKLM] -- StreamTorrent 1.0
O42 - Logiciel: Superleague (remove only) - (.Pas de propriétaire.) [HKLM] -- Superleague
O42 - Logiciel: Sweethearts 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Sweethearts 3D Screensaver_is1
O42 - Logiciel: TMNT - (.Ubisoft.) [HKLM] -- {B3583D27-C12A-483E-98B8-235506F71502}
O42 - Logiciel: TVAnts 1.0 - (.Pas de propriétaire.) [HKLM] -- TVAnts 1.0
O42 - Logiciel: The Lost Watch 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The Lost Watch 3D Screensaver_is1
O42 - Logiciel: The One Ring 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The One Ring 3D Screensaver_is1
O42 - Logiciel: TomTom HOME 2.7.5.2014 - (.TomTom.) [HKLM] -- TomTom HOME
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Tropical Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Tropical Fish 3D Screensaver_is1
O42 - Logiciel: USB Video Driver - (.EETI.) [HKLM] -- {2758691A-2CDE-4942-A4AC-0E8F61FE2067}
O42 - Logiciel: UUSee ²¥·Å²å¼þ»ù'¡°ü 6.1.122.1 - (.UUSee company, Inc..) [HKLM] -- UUSEE_base
O42 - Logiciel: UUSee ÍøÂçµçÊÓ [5.10.125.2] - (.UUSee company, Inc..) [HKLM] -- UUSEE
O42 - Logiciel: Ulead DVD MovieFactory 5 Plus - (.Ulead Systems, Inc..) [HKLM] -- {FF164702-AF8B-4F2F-8038-74A4C536866B}
O42 - Logiciel: VRally3 - (.Pas de propriétaire.) [HKLM] -- VRally3_is1
O42 - Logiciel: Valentine 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Valentine 3D Screensaver_is1
O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
O42 - Logiciel: VideoLAN VLC media player 0.8.6d - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Voyage of Columbus 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Voyage of Columbus 3D Screensaver_is1
O42 - Logiciel: Water Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Water Clock 3D Screensaver_is1
O42 - Logiciel: Watermill 3D Screensaver 2.0 - (.3Planesoft.) [HKLM] -- Watermill 3D Screensaver_is1
O42 - Logiciel: Western Railway 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Western Railway 3D Screensaver_is1
O42 - Logiciel: WinZip 14.0 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Pas de propriétaire.) [HKLM] -- Windows Media Encoder 9
O42 - Logiciel: Winter Train 1.2.0 - (.3DSignal.) [HKLM] -- Winter Train_is1
O42 - Logiciel: XBMC Media Center - (.Team XBMC.) [HKCU] -- XBMC
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XXXTYCOON - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1
O42 - Logiciel: Zodiac Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Zodiac Clock 3D Screensaver_is1
O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2K Sports]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASIO]
[HKCU\Software\ATI]
[HKCU\Software\AddressBar]
[HKCU\Software\Adobe]
[HKCU\Software\Anders und Seim Neue Medien AG]
[HKCU\Software\Big Fish Games]
[HKCU\Software\CDDB]
[HKCU\Software\Classes.crx]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\Desktop Trains Screensaver]
[HKCU\Software\Elaborate Bytes]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Fox Interactive]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JavaSoft]
[HKCU\Software\KC Softwares]
[HKCU\Software\KasperskyLab]
[HKCU\Software\KeyHoleTV]
[HKCU\Software\KillBox]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Mobileleader]
[HKCU\Software\Moonlight Cordless]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\NirSoft]
[HKCU\Software\OnlineTVPlayer]
[HKCU\Software\Outsim]
[HKCU\Software\PPLiveVA]
[HKCU\Software\PPLive]
[HKCU\Software\PPStream]
[HKCU\Software\Peer2Me]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\Screensaver Factory]
[HKCU\Software\SecuROM]
[HKCU\Software\SereneScreen]
[HKCU\Software\SlySoft]
[HKCU\Software\Superleague]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVANTS]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\Ulead]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veetle]
[HKCU\Software\WS4002]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Winamp]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ahead]
[HKCU\Software\fwc]
[HKCU\Software\sect memo proc]
[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\3Planesoft]
[HKLM\Software\3dsignal]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Act-3D]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Big Fish Games]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\Creative Tech]
[HKLM\Software\DT Soft]
[HKLM\Software\Debug]
[HKLM\Software\EA GAMES]
[HKLM\Software\EETI]
[HKLM\Software\Elaborate Bytes]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ILLUSION]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Lexmark]
[HKLM\Software\Licenses]
[HKLM\Software\Linden Research, Inc.]
[HKLM\Software\LogiShrd]
[HKLM\Software\Logitech]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\MediaArea.net]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OnlineTVPlayer]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Panda Software]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\QATestSystem]
[HKLM\Software\RedKawa]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\Schlumberger]
[HKLM\Software\ScreenSaver.com]
[HKLM\Software\Secure]
[HKLM\Software\SereneScreen]
[HKLM\Software\Sims]
[HKLM\Software\Skype]
[HKLM\Software\SlySoft]
[HKLM\Software\Soeperman Enterprises Ltd.]
[HKLM\Software\Swearware]
[HKLM\Software\Sys Modules]
[HKLM\Software\TENCENT]
[HKLM\Software\TomTom]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triodesign]
[HKLM\Software\Trymedia Systems]
[HKLM\Software\UUSeeUpdate]
[HKLM\Software\Ubisoft]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Veetle]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\ZSMC]
[HKLM\Software\fwc]
[HKLM\Software\inKline Global]
[HKLM\Software\mozilla.org]
[HKLM\Software\rising]
[HKLM\Software\uusee]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\3Planesoft Screensaver Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory RS--D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\CREATIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Enigma Software Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\MarkAny
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla ActiveX Control v1.7.12
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NSIS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Panda Security
O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD:Common File Directory ----D- C:\Program Files\Pochette Express 2
O43 - CFD:Common File Directory ----D- C:\Program Files\PPLive
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\USB TV
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:39:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32478]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 16:36:20 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\43.exe [163840]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 19/09/2010 - 16:35:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\omwjl.sys [54016]
O44 - LFC:[MD5.9FE95339855D053D5ADE66D21A022118] - 19/09/2010 - 16:31:26 ---A- . (.RALR - Pas de description.) -- C:\WINDOWS\System32\msvmiode.exe [192512]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/09/2010 - 16:31:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:31:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:31:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 19/09/2010 - 16:31:03 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.C5832A94B0CE9D811457319D144BEDA3] - 19/09/2010 - 16:30:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [4588]
O44 - LFC:[MD5.644957A9D838B21432B2A238A2E54B24] - 19/09/2010 - 16:24:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [341]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 16:03:00 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\03.exe [163840]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 15:35:49 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\58.exe [163840]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 15:29:45 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\56.exe [163840]
O44 - LFC:[MD5.B4FD5767AFBD47CEC757DAE8C7CC55E3] - 19/09/2010 - 14:55:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\VundoFix.txt [237]
O44 - LFC:[MD5.8E78BFD2B55A47388636424DD8EFA64B] - 19/09/2010 - 13:37:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ice Clock.log [6543]
O44 - LFC:[MD5.E4C0E8CE4D0524CB2371F84FDB2F818B] - 19/09/2010 - 13:09:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Valentine.log [6517]
O44 - LFC:[MD5.D2197177AD57FE1E8677B25AACD9541F] - 19/09/2010 - 13:06:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mayan Waterfall.log [7332]
O44 - LFC:[MD5.7C69F00CB5A4B623B29979F70E6C747C] - 19/09/2010 - 12:43:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Water Clock.log [11418]
O44 - LFC:[MD5.FE019DD130FDE95FCE3204D405B7B918] - 19/09/2010 - 12:20:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas Bells.log [7231]
O44 - LFC:[MD5.194F2AB7B11A6BE9F0EB6FB684993B46] - 19/09/2010 - 12:18:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Zodiac Clock.log [6219]
O44 - LFC:[MD5.4ABBBCD1E1161275E5EFDFE815D9D6C3] - 19/09/2010 - 12:16:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Haunted House.log [7813]
O44 - LFC:[MD5.A6612A04B3F3DD23AE2A769EB2256E23] - 19/09/2010 - 12:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lighthouse Point.log [8429]
O44 - LFC:[MD5.F291359BD3464F4A49D11954C9C53E61] - 19/09/2010 - 11:52:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Crystal Fireplace.log [7260]
O44 - LFC:[MD5.DD4B9C83F13317937D14CB2B1D1491D9] - 19/09/2010 - 11:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The Lost Watch.log [6283]
O44 - LFC:[MD5.D967022EE9D99C2646F2867DA221CAD1] - 19/09/2010 - 11:37:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Galleon.log [7876]
O44 - LFC:[MD5.D89F0CE29BE829DE812855C4F6370B20] - 19/09/2010 - 10:41:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [10701]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 10:00:14 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\35.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 09:28:04 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\26.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 09:26:53 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\12.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 07:21:31 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\34.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 02:05:28 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\75.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 18/09/2010 - 23:02:32 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\18.exe [163840]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 18/09/2010 - 20:02:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 19:35:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\dump_dvd.vob [0]
O44 - LFC:[MD5.0EF3DBDC3B97E0477FE8348E6C308EC3] - 18/09/2010 - 19:17:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [5749]
O44 - LFC:[MD5.E38D1476B1B12926AB7CE2390F8B4A42] - 18/09/2010 - 18:13:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Voyage of Columbus.log [6756]
O44 - LFC:[MD5.033B7D18406A73A3B36F522BEA73CF9C] - 18/09/2010 - 17:47:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireside Christmas.log [7167]
O44 - LFC:[MD5.2B9D1FB0699C474424B364230A0EDD8D] - 18/09/2010 - 17:44:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Halloween.log [7284]
O44 - LFC:[MD5.39AC36DE9555C8D53F0F8CFC1837F1DA] - 18/09/2010 - 17:38:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lantern.log [6505]
O44 - LFC:[MD5.2C40387CAF646E1D00EA3AC0E983AA3A] - 18/09/2010 - 17:26:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Koi Fish.log [8174]
O44 - LFC:[MD5.8C79F3F095D6BFC92205CD00657F17CA] - 18/09/2010 - 17:17:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mechanical Clock.log [6390]
O44 - LFC:[MD5.ADEB085383CA8C49CFFBAA4F3A90EDAA] - 18/09/2010 - 17:06:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Sweethearts.log [6432]
O44 - LFC:[MD5.234030FAF6BAE2FACDBA6B8B9A5D193F] - 18/09/2010 - 17:04:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nautilus.log [7786]
O44 - LFC:[MD5.77BE77E9A3CDEEB11BA80B79411490B1] - 18/09/2010 - 16:56:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Earth 3D Screensaver.log [5729]
O44 - LFC:[MD5.295E5BE32F16AE396F3B3C4AAD5928C4] - 18/09/2010 - 16:52:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Western Railway.log [8103]
O44 - LFC:[MD5.206148E66982AEB758826ADE9215CBDE] - 18/09/2010 - 16:50:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fantasy Moon.log [7130]
O44 - LFC:[MD5.91B949A0BEF5543376BAF3C13B411D43] - 18/09/2010 - 16:48:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Watermill.log [8963]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.0B7086B6121AC11C869E39B4CC858277] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [542]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 18/09/2010 - 08:57:15 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [212]
O44 - LFC:[MD5.6AB1F1F4DC1C8973123C74E71CFEFE54] - 18/09/2010 - 07:32:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.BD6618E227186EDEE49C96DB7E178229] - 17/09/2010 - 20:31:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireplace.log [8126]
O44 - LFC:[MD5.9764D427A82FA39D7D2D68F6592BBE79] - 17/09/2010 - 20:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lagoon.log [7527]
O44 - LFC:[MD5.322FDD742B3A532E6BCEFB6FA855D656] - 17/09/2010 - 19:11:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Deep Space.log [6678]
O44 - LFC:[MD5.622971A588B12438FF28378E6A3D1561] - 17/09/2010 - 19:04:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Dutch Windmills.log [56849]
O44 - LFC:[MD5.08770A6C1EAE36595B56EF49086AB0DE] - 17/09/2010 - 06:24:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The One Ring.log [6403]
O44 - LFC:[MD5.8F3441BB9DC57A51ABAE7779323BFE4F] - 16/09/2010 - 22:08:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas.log [6771]
O44 - LFC:[MD5.2BDD28CE36F7311991C68DFBF1C4D07D] - 16/09/2010 - 22:02:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Discovery.log [6754]
O44 - LFC:[MD5.174C55F021BFC3B98AF3FAEFACEDECA5] - 16/09/2010 - 21:45:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Spirit of Fire.log [7179]
O44 - LFC:[MD5.1691D0EC20BB8735B29F62DB31211DED] - 16/09/2010 - 21:35:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ancient Castle.log [7907]
O44 - LFC:[MD5.A35AB37E4CB1FD4112F94CC9FD0803A6] - 16/09/2010 - 19:17:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nature.log [8582]
O44 - LFC:[MD5.68A4556C1525497A7F70AB6E9C7A92FE] - 16/09/2010 - 19:03:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Flag.log [6175]
O44 - LFC:[MD5.82B0A7398F3CEBE98B14803456644BB2] - 16/09/2010 - 18:56:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Tropical Fish.log [6085]
O44 - LFC:[MD5.A2F56B60BFA98A91632B4B3DA86FC17B] - 16/09/2010 - 11:27:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Clock Tower.log [6941]
O44 - LFC:[MD5.B76472212307EC44CC502531437A25D5] - 16/09/2010 - 11:20:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Coral Clock.log [1312257]
O44 - LFC:[MD5.232E354E837E2E0FF133BACF5B8A4737] - 16/09/2010 - 11:06:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Cuckoo Clock.log [8012]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 15/09/2010 - 07:56:47 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 15/09/2010 - 07:56:46 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.E1E7BA29E54B2D4B19F35BE18C752D4D] - 12/09/2010 - 22:30:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [199344]
O44 - LFC:[MD5.1EA14FCAC0F02AD272F3ADE34AD8C502] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac Clock 3D Screensaver.exe [6501376]
O44 - LFC:[MD5.5A967B48092EBCF79D85311E8C96C7D3] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac_Clock_3D_Screensaver.scr [842240]
O44 - LFC:[MD5.040A62B1C916EF01A405F1560E533D04] - 12/09/2010 - 10:49:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Water Clock 3D Screensaver.html [7286]
O44 - LFC:[MD5.FA208A954126E046915032511016DD3A] - 12/09/2010 - 10:49:12 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water Clock 3D Screensaver.exe [8700416]
O44 - LFC:[MD5.E66028F536FAFB23FA153E8443DAF859] - 12/09/2010 - 10:49:11 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water_Clock_3D_Screensaver.scr [780288]
O44 - LFC:[MD5.41AC020A0DB376D586CCDC20C7C703AC] - 12/09/2010 - 10:48:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Valentine 3D Screensaver.html [7311]
O44 - LFC:[MD5.0A46AF61B9D73E6A1B090D72800E0307] - 12/09/2010 - 10:48:31 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine 3D Screensaver.exe [5868544]
O44 - LFC:[MD5.EC50672676F76048229F17DBE58A7A75] - 12/09/2010 - 10:48:30 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine_3D_Screensaver.scr [770048]
O44 - LFC:[MD5.6D6724F3325D32E1E904B93403C12716] - 12/09/2010 - 10:47:47 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts_3D_Screensaver.scr [1925632]
O44 - LFC:[MD5.F28B551ACF413FC07E565860B2F12C1D] - 12/09/2010 - 10:47:46 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts 3D Screensaver.exe [20005074]
O44 - LFC:[MD5.30401B6CFD5C6506C500C89BC23089E2] - 12/09/2010 - 10:46:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Mayan Waterfall 3D Screensaver.html [7085]
O44 - LFC:[MD5.D95137E236DFC37EAE7D9811779E4B3A] - 12/09/2010 - 10:46:32 ---A- . (.3Planesoft - Mayan Waterfall 3D Screensaver.) -- C:\WINDOWS\System32\Mayan Waterfall 3D Screensaver.exe [15301632]
O44 - LFC:[MD5.DCFE0C11208569F2162B835CFE5859AE] - 12/09/2010 - 10:46:32 ---A- . (.3Planesoft - Mayan Waterfall 3D Screensaver.) -- C:\WINDOWS\System32\Mayan_Waterfall_3D_Screensaver.scr [781824]
O44 - LFC:[MD5.3D2E065A50ED44C74ACB572DBDC802A0] - 12/09/2010 - 10:45:49 ---A- . (.3Planesoft - Lighthouse Point 3D Screensaver.) -- C:\WINDOWS\System32\Lighthouse Point 3D Screensaver.exe [19237888]
O44 - LFC:[MD5.6D2B8C48B8838EF07890D0FD940FF534] - 12/09/2010 - 10:45:48 ---A- . (.3Planesoft - Lighthouse Point 3D Screensaver.) -- C:\WINDOWS\System32\Lighthouse_Point_3D_Screensaver.scr [852480]
O44 - LFC:[MD5.D1A4AF9B1121D2B6F18954671D60DA0A] - 12/09/2010 - 10:45:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Lagoon 3D Screensaver.html [7070]
O44 - LFC:[MD5.D90FB2C3AE7EE486B3D53ED5B2512276] - 12/09/2010 - 10:45:06 ---A- . (.3Planesoft - Lagoon 3D Screensaver.) -- C:\WINDOWS\System32\Lagoon 3D Screensaver.exe [10638336]
O44 - LFC:[MD5.8459090F37629B2636F026956C2B41E9] - 12/09/2010 - 10:45:06 ---A- . (.3Planesoft - Lagoon 3D Screensaver.) -- C:\WINDOWS\System32\Lagoon_3D_Screensaver.scr [883200]
O44 - LFC:[MD5.C89B48A7F2CC51BFA3099AB429662B29] - 12/09/2010 - 10:44:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Koi Fish 3D Screen
Rapport de ZHPDiag v1.26.652 par Nicolas Coolman, Update du 19/09/2010
Run by Fazer at 19/09/2010 17:58:41
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.5.6)
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 2 Stepping 4, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1535 MB (72% free)
System drive C: has 7 GB (33%) free of 20 GB
---\\ Logged in mode
Computer Name: A6-EB2A2A32C321
User Name: Fazer
All Users Names: SUPPORT_388945a0, HelpAssistant, Fazer, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 20 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 41 Go of 279 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 101 Go of 170 Go)
G:\ CD-ROM drive (Free 0 Go of 4 Go)
H:\ CD-ROM drive (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]
[MD5.77AC10DB097DFD0CD3071465B644D0AB] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- F:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [154136]
[MD5.F32E7CD2339C66760AA5178924B21E6B] - (.TomTom - Windows Service for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]
[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [49152]
[MD5.2D0E5592AB5A46C27DAF7CCAFF4F5B59] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE [625664]
[MD5.3621F2F6A733BFABDC58C97613B0166D] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe [116280]
[MD5.3CED5346A0944AEBFA68C1DB4AE06D5F] - (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe [129720]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232]
[MD5.B6F1B7186CE9A4E20481D8DA8BD4F63F] - (.Nicolas Coolman - Diagnostic Tool.) -- F:\Program Files\ZHPDiag\ZHPDiag.exe [555520]
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\firefox@tvunetworks.com] [] TVU Web Player 2,5,3,1 (..)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\redbullsboom@redbull.newyork.mlsnet.com] [] New York Red Bulls Boom 2,5,3,1 (.Brand Thunder.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@canalplus.fr/Assistants VOD,version=1.0.0.0] - (.Canal+ Active - npCpVod.) -- F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pages.tvunetworks.com/WebPlayer] - (.TVU networks - 2,5,3,1.) -- C:\WINDOWS\system32\TVUAx\npTVUAx.dll
P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\VLCBroadcast\npvbp.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\Player\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.0.3] - (.the VideoLAN Team - Version 1.0.3, copyright 1996-2009 The VideoLAN Team<br><a href="http:.) -- F:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Fazer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livetv.sx/frx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16640 (vista_gdr.080213-1606)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSODESNV7] . (.RALR - Pas de description.) -- C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltodown.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kbrd.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab ZAO - Mozilla 3 Virtual Keyboard.) - F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD (CanalPlus.VOD) . (.Canal+ Active - CanalPlus.VOD.Service.) - F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player 11 - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys
O41 - Driver: Kl2 (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\WINDOWS\system32\drivers\kl2.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
O42 - Logiciel: 3Planesoft Screensaver Manager 1.4 - (.3Planesoft.) [HKLM] -- 3Planesoft Screensaver Manager_is1
O42 - Logiciel: ????? - (.??.) [HKLM] -- AddressBar
O42 - Logiciel: ABC (remove only) - (.Pas de propriétaire.) [HKLM] -- ABC
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop Elements - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop Elements 1.0
O42 - Logiciel: Adobe SVG Viewer - (.Adobe Systems, Inc..) [HKLM] -- Adobe SVG Viewer
O42 - Logiciel: Ancient Castle 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ancient Castle 3D Screensaver_is1
O42 - Logiciel: AnyDVD - (.SlySoft.) [HKLM] -- AnyDVD
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: CANAL+ CANALSAT A LA DEMANDE - (.CanalPlus.) [HKLM] -- {04DA096D-6236-4A5D-8FB6-3081E67009BA}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA}
O42 - Logiciel: Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas 3D Screensaver_is1
O42 - Logiciel: Christmas Bells 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas Bells 3D Screensaver_is1
O42 - Logiciel: Clock Tower 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Clock Tower 3D Screensaver_is1
O42 - Logiciel: CloneDVD2 - (.Elaborate Bytes.) [HKLM] -- CloneDVD2
O42 - Logiciel: Coffret de pilotes Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- lvdrivers_12.10
O42 - Logiciel: Cool Beans NFO Creator 2.0.1.3 - (.Cool Beans Software.) [HKLM] -- Cool Beans NFO Creator_is1
O42 - Logiciel: Coral Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Coral Clock 3D Screensaver_is1
O42 - Logiciel: Creative PCI Audio Drivers - (.Pas de propriétaire.) [HKLM] -- SBPCIUnInstall
O42 - Logiciel: Crystal Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Crystal Fireplace 3D Screensaver_is1
O42 - Logiciel: Cuckoo Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Cuckoo Clock 3D Screensaver_is1
O42 - Logiciel: DVD Decoder Pak for Windows XP - (.roddy2000@hotbox.ru.) [HKLM] -- {92C5DB3D-9D6F-4324-BB11-57825F4C2635}
O42 - Logiciel: Deep Space 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Deep Space 3D Screensaver_is1
O42 - Logiciel: Desktop Trains Screensaver - (.Pas de propriétaire.) [HKLM] -- Desktop Trains Screensaver
O42 - Logiciel: Discovery 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Discovery 3D Screensaver_is1
O42 - Logiciel: Dutch Windmills 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Dutch Windmills 3D Screensaver_is1
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: Earth 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Earth 3D Screensaver_is1
O42 - Logiciel: Fantasy Moon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Fantasy Moon 3D Screensaver_is1
O42 - Logiciel: Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireplace 3D Screensaver_is1
O42 - Logiciel: Fireside Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireside Christmas 3D Screensaver_is1
O42 - Logiciel: Flag 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Flag 3D Screensaver_is1
O42 - Logiciel: Galleon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Galleon 3D Screensaver_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {2012D762-5DCA-455A-B5FE-EDF79BC93E18}
O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects
O42 - Logiciel: HP Smart Web Printing 4.5 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4}
O42 - Logiciel: Halloween 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Halloween 3D Screensaver_is1
O42 - Logiciel: Haunted House 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Haunted House 3D Screensaver_is1
O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM] -- KB915865
O42 - Logiciel: I-Doser v4 - (.Pas de propriétaire.) [HKCU] -- I-Doser v4
O42 - Logiciel: Ice Clock 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ice Clock 3D Screensaver_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018FF}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- {66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: KeyHoleTV - (.Pas de propriétaire.) [HKLM] -- KeyHoleTV
O42 - Logiciel: Koi Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Koi Fish 3D Screensaver_is1
O42 - Logiciel: Lagoon 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lagoon 3D Screensaver_is1
O42 - Logiciel: Lantern 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lantern 3D Screensaver_is1
O42 - Logiciel: Les Sims(TM) 3 - (.Electronic Arts.) [HKLM] -- {C05D8CDB-417D-4335-A38C-A0659EDFD6B8}
O42 - Logiciel: Lighthouse Point 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Lighthouse Point 3D Screensaver_is1
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser - (.Microsoft Corporation.) [HKLM] -- {AEB9948B-4FF2-47C9-990E-47014492A0FE}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mayan Waterfall 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mayan Waterfall 3D Screensaver_is1
O42 - Logiciel: Mechanical Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mechanical Clock 3D Screensaver_is1
O42 - Logiciel: MediaInfo 0.7.26 - (.MediaArea.net.) [HKLM] -- MediaInfo
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {B508B3F1-A24A-32C0-B310-85786919EF28}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {3F7924B9-D148-3141-87B1-68F36043A940}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {2BA00471-0328-3743-93BD-FA813353A783}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {511DF669-2930-30C0-8EB6-552887E29EC8}
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- {2FC099BD-AC9B-33EB-809C-D332E1B27C40}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] -- {5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Access database engine 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {90120000-00D1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack - fra
O42 - Logiciel: Monopolysson 2.0.3 beta 10 - (.Pas de propriétaire.) [HKLM] -- Monopolysson
O42 - Logiciel: Mozilla Firefox (3.5.6) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.5.6)
O42 - Logiciel: Music NFO Builder v1.20 - (.Pawel Piecuch.) [HKLM] -- Music NFO Builder_is1
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: Nature 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Nature 3D Screensaver_is1
O42 - Logiciel: Nautilus 3D Screensaver 1.2 - (.3Planesoft.) [HKLM] -- Nautilus 3D Screensaver_is1
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {235BBFC6-D863-4066-A01A-3BD504C31036}
O42 - Logiciel: Nullsoft Install System - (.Pas de propriétaire.) [HKLM] -- NSIS
O42 - Logiciel: Online TV Player 4 - (.Online TV Player.com.) [HKLM] -- Online TV Player 3_is1
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Booster - (.Pas de propriétaire.) [HKLM] -- {BA0601E1-B65C-11D5-80A9-0000B494D9A6}
O42 - Logiciel: PPStream V2.6.86.9024 Final - (.PPStream, Inc..) [HKLM] -- PPStream
O42 - Logiciel: PPTV V2.4.3.0019 - (.PPLive Corporation.) [HKLM] -- PPLive
O42 - Logiciel: PSP Video 9 5.03 - (.Red Kawa.) [HKLM] -- PSP Video 9
O42 - Logiciel: Package de pilotes Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) - (.Advanced Micro Devices, Inc..) [HKLM] -- 9722CA1E8F72F362E93CBEC75A707FDABFC8D880
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) - (.eMPIA Technology Inc,.) [HKLM] -- 69083DC58646DE46A09847A522A1CC487F918039
O42 - Logiciel: Pochette Express 2 - (.Pas de propriétaire.) [HKLM] -- Pochette Express 2
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}
O42 - Logiciel: Railroad Scenery - (.Pas de propriétaire.) [HKLM] -- Railroad Scenery
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SecondLife (remove only) - (.Pas de propriétaire.) [HKLM] -- SecondLife
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SereneScreen Marine Aquarium 2.6 - (.Prolific Publishing, Inc..) [HKLM] -- SereneScreen Marine Aquarium 2.6_is1
O42 - Logiciel: Sexy City 1.2.1 - (.Sasori.) [HKLM] -- {94C2E416-D784-44D6-A3B3-3E593D13338D}_is1
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: SopCast 3.2.9 - (.www.sopcast.com.) [HKLM] -- SopCast
O42 - Logiciel: Sound Blaster PCI Compact Drivers Online Help - (.Pas de propriétaire.) [HKLM] -- Sound Blaster PCI Compact Drivers Online Help
O42 - Logiciel: Spirit of Fire 3D Screensaver 2.4 - (.3Planesoft.) [HKLM] -- Spirit of Fire 3D Screensaver_is1
O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.) [HKLM] -- StreamTorrent 1.0
O42 - Logiciel: Superleague (remove only) - (.Pas de propriétaire.) [HKLM] -- Superleague
O42 - Logiciel: Sweethearts 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Sweethearts 3D Screensaver_is1
O42 - Logiciel: TMNT - (.Ubisoft.) [HKLM] -- {B3583D27-C12A-483E-98B8-235506F71502}
O42 - Logiciel: TVAnts 1.0 - (.Pas de propriétaire.) [HKLM] -- TVAnts 1.0
O42 - Logiciel: The Lost Watch 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The Lost Watch 3D Screensaver_is1
O42 - Logiciel: The One Ring 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The One Ring 3D Screensaver_is1
O42 - Logiciel: TomTom HOME 2.7.5.2014 - (.TomTom.) [HKLM] -- TomTom HOME
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Tropical Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Tropical Fish 3D Screensaver_is1
O42 - Logiciel: USB Video Driver - (.EETI.) [HKLM] -- {2758691A-2CDE-4942-A4AC-0E8F61FE2067}
O42 - Logiciel: UUSee ²¥·Å²å¼þ»ù'¡°ü 6.1.122.1 - (.UUSee company, Inc..) [HKLM] -- UUSEE_base
O42 - Logiciel: UUSee ÍøÂçµçÊÓ [5.10.125.2] - (.UUSee company, Inc..) [HKLM] -- UUSEE
O42 - Logiciel: Ulead DVD MovieFactory 5 Plus - (.Ulead Systems, Inc..) [HKLM] -- {FF164702-AF8B-4F2F-8038-74A4C536866B}
O42 - Logiciel: VRally3 - (.Pas de propriétaire.) [HKLM] -- VRally3_is1
O42 - Logiciel: Valentine 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Valentine 3D Screensaver_is1
O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
O42 - Logiciel: VideoLAN VLC media player 0.8.6d - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Voyage of Columbus 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Voyage of Columbus 3D Screensaver_is1
O42 - Logiciel: Water Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Water Clock 3D Screensaver_is1
O42 - Logiciel: Watermill 3D Screensaver 2.0 - (.3Planesoft.) [HKLM] -- Watermill 3D Screensaver_is1
O42 - Logiciel: Western Railway 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Western Railway 3D Screensaver_is1
O42 - Logiciel: WinZip 14.0 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Pas de propriétaire.) [HKLM] -- Windows Media Encoder 9
O42 - Logiciel: Winter Train 1.2.0 - (.3DSignal.) [HKLM] -- Winter Train_is1
O42 - Logiciel: XBMC Media Center - (.Team XBMC.) [HKCU] -- XBMC
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XXXTYCOON - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1
O42 - Logiciel: Zodiac Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Zodiac Clock 3D Screensaver_is1
O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2K Sports]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASIO]
[HKCU\Software\ATI]
[HKCU\Software\AddressBar]
[HKCU\Software\Adobe]
[HKCU\Software\Anders und Seim Neue Medien AG]
[HKCU\Software\Big Fish Games]
[HKCU\Software\CDDB]
[HKCU\Software\Classes.crx]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\Desktop Trains Screensaver]
[HKCU\Software\Elaborate Bytes]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Fox Interactive]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JavaSoft]
[HKCU\Software\KC Softwares]
[HKCU\Software\KasperskyLab]
[HKCU\Software\KeyHoleTV]
[HKCU\Software\KillBox]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Mobileleader]
[HKCU\Software\Moonlight Cordless]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\NirSoft]
[HKCU\Software\OnlineTVPlayer]
[HKCU\Software\Outsim]
[HKCU\Software\PPLiveVA]
[HKCU\Software\PPLive]
[HKCU\Software\PPStream]
[HKCU\Software\Peer2Me]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\Screensaver Factory]
[HKCU\Software\SecuROM]
[HKCU\Software\SereneScreen]
[HKCU\Software\SlySoft]
[HKCU\Software\Superleague]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVANTS]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\Ulead]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veetle]
[HKCU\Software\WS4002]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Winamp]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ahead]
[HKCU\Software\fwc]
[HKCU\Software\sect memo proc]
[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\3Planesoft]
[HKLM\Software\3dsignal]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Act-3D]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Big Fish Games]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\Creative Tech]
[HKLM\Software\DT Soft]
[HKLM\Software\Debug]
[HKLM\Software\EA GAMES]
[HKLM\Software\EETI]
[HKLM\Software\Elaborate Bytes]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ILLUSION]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Lexmark]
[HKLM\Software\Licenses]
[HKLM\Software\Linden Research, Inc.]
[HKLM\Software\LogiShrd]
[HKLM\Software\Logitech]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\MediaArea.net]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OnlineTVPlayer]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Panda Software]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\QATestSystem]
[HKLM\Software\RedKawa]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\Schlumberger]
[HKLM\Software\ScreenSaver.com]
[HKLM\Software\Secure]
[HKLM\Software\SereneScreen]
[HKLM\Software\Sims]
[HKLM\Software\Skype]
[HKLM\Software\SlySoft]
[HKLM\Software\Soeperman Enterprises Ltd.]
[HKLM\Software\Swearware]
[HKLM\Software\Sys Modules]
[HKLM\Software\TENCENT]
[HKLM\Software\TomTom]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triodesign]
[HKLM\Software\Trymedia Systems]
[HKLM\Software\UUSeeUpdate]
[HKLM\Software\Ubisoft]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Veetle]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\ZSMC]
[HKLM\Software\fwc]
[HKLM\Software\inKline Global]
[HKLM\Software\mozilla.org]
[HKLM\Software\rising]
[HKLM\Software\uusee]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\3Planesoft Screensaver Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory RS--D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\CREATIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Enigma Software Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\MarkAny
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla ActiveX Control v1.7.12
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NSIS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Panda Security
O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD:Common File Directory ----D- C:\Program Files\Pochette Express 2
O43 - CFD:Common File Directory ----D- C:\Program Files\PPLive
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\USB TV
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:39:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32478]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 16:36:20 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\43.exe [163840]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 19/09/2010 - 16:35:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\omwjl.sys [54016]
O44 - LFC:[MD5.9FE95339855D053D5ADE66D21A022118] - 19/09/2010 - 16:31:26 ---A- . (.RALR - Pas de description.) -- C:\WINDOWS\System32\msvmiode.exe [192512]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/09/2010 - 16:31:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:31:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 16:31:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 19/09/2010 - 16:31:03 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.C5832A94B0CE9D811457319D144BEDA3] - 19/09/2010 - 16:30:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [4588]
O44 - LFC:[MD5.644957A9D838B21432B2A238A2E54B24] - 19/09/2010 - 16:24:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [341]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 16:03:00 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\03.exe [163840]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 15:35:49 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\58.exe [163840]
O44 - LFC:[MD5.F2210FA50D93BE3C981B20D41C7D48DD] - 19/09/2010 - 15:29:45 ---A- . (.ewWwHB - Pas de description.) -- C:\WINDOWS\System32\56.exe [163840]
O44 - LFC:[MD5.B4FD5767AFBD47CEC757DAE8C7CC55E3] - 19/09/2010 - 14:55:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\VundoFix.txt [237]
O44 - LFC:[MD5.8E78BFD2B55A47388636424DD8EFA64B] - 19/09/2010 - 13:37:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ice Clock.log [6543]
O44 - LFC:[MD5.E4C0E8CE4D0524CB2371F84FDB2F818B] - 19/09/2010 - 13:09:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Valentine.log [6517]
O44 - LFC:[MD5.D2197177AD57FE1E8677B25AACD9541F] - 19/09/2010 - 13:06:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mayan Waterfall.log [7332]
O44 - LFC:[MD5.7C69F00CB5A4B623B29979F70E6C747C] - 19/09/2010 - 12:43:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Water Clock.log [11418]
O44 - LFC:[MD5.FE019DD130FDE95FCE3204D405B7B918] - 19/09/2010 - 12:20:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas Bells.log [7231]
O44 - LFC:[MD5.194F2AB7B11A6BE9F0EB6FB684993B46] - 19/09/2010 - 12:18:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Zodiac Clock.log [6219]
O44 - LFC:[MD5.4ABBBCD1E1161275E5EFDFE815D9D6C3] - 19/09/2010 - 12:16:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Haunted House.log [7813]
O44 - LFC:[MD5.A6612A04B3F3DD23AE2A769EB2256E23] - 19/09/2010 - 12:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lighthouse Point.log [8429]
O44 - LFC:[MD5.F291359BD3464F4A49D11954C9C53E61] - 19/09/2010 - 11:52:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Crystal Fireplace.log [7260]
O44 - LFC:[MD5.DD4B9C83F13317937D14CB2B1D1491D9] - 19/09/2010 - 11:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The Lost Watch.log [6283]
O44 - LFC:[MD5.D967022EE9D99C2646F2867DA221CAD1] - 19/09/2010 - 11:37:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Galleon.log [7876]
O44 - LFC:[MD5.D89F0CE29BE829DE812855C4F6370B20] - 19/09/2010 - 10:41:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [10701]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 10:00:14 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\35.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 09:28:04 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\26.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 09:26:53 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\12.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 07:21:31 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\34.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 19/09/2010 - 02:05:28 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\75.exe [163840]
O44 - LFC:[MD5.68B1E2F9205803640BA1D6B1447C2E10] - 18/09/2010 - 23:02:32 ---A- . (.ISnB - Pas de description.) -- C:\WINDOWS\System32\18.exe [163840]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 18/09/2010 - 20:02:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 19:35:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\dump_dvd.vob [0]
O44 - LFC:[MD5.0EF3DBDC3B97E0477FE8348E6C308EC3] - 18/09/2010 - 19:17:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [5749]
O44 - LFC:[MD5.E38D1476B1B12926AB7CE2390F8B4A42] - 18/09/2010 - 18:13:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Voyage of Columbus.log [6756]
O44 - LFC:[MD5.033B7D18406A73A3B36F522BEA73CF9C] - 18/09/2010 - 17:47:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireside Christmas.log [7167]
O44 - LFC:[MD5.2B9D1FB0699C474424B364230A0EDD8D] - 18/09/2010 - 17:44:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Halloween.log [7284]
O44 - LFC:[MD5.39AC36DE9555C8D53F0F8CFC1837F1DA] - 18/09/2010 - 17:38:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lantern.log [6505]
O44 - LFC:[MD5.2C40387CAF646E1D00EA3AC0E983AA3A] - 18/09/2010 - 17:26:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Koi Fish.log [8174]
O44 - LFC:[MD5.8C79F3F095D6BFC92205CD00657F17CA] - 18/09/2010 - 17:17:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mechanical Clock.log [6390]
O44 - LFC:[MD5.ADEB085383CA8C49CFFBAA4F3A90EDAA] - 18/09/2010 - 17:06:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Sweethearts.log [6432]
O44 - LFC:[MD5.234030FAF6BAE2FACDBA6B8B9A5D193F] - 18/09/2010 - 17:04:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nautilus.log [7786]
O44 - LFC:[MD5.77BE77E9A3CDEEB11BA80B79411490B1] - 18/09/2010 - 16:56:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Earth 3D Screensaver.log [5729]
O44 - LFC:[MD5.295E5BE32F16AE396F3B3C4AAD5928C4] - 18/09/2010 - 16:52:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Western Railway.log [8103]
O44 - LFC:[MD5.206148E66982AEB758826ADE9215CBDE] - 18/09/2010 - 16:50:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fantasy Moon.log [7130]
O44 - LFC:[MD5.91B949A0BEF5543376BAF3C13B411D43] - 18/09/2010 - 16:48:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Watermill.log [8963]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.0B7086B6121AC11C869E39B4CC858277] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [542]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 18/09/2010 - 08:57:15 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [212]
O44 - LFC:[MD5.6AB1F1F4DC1C8973123C74E71CFEFE54] - 18/09/2010 - 07:32:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.BD6618E227186EDEE49C96DB7E178229] - 17/09/2010 - 20:31:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireplace.log [8126]
O44 - LFC:[MD5.9764D427A82FA39D7D2D68F6592BBE79] - 17/09/2010 - 20:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lagoon.log [7527]
O44 - LFC:[MD5.322FDD742B3A532E6BCEFB6FA855D656] - 17/09/2010 - 19:11:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Deep Space.log [6678]
O44 - LFC:[MD5.622971A588B12438FF28378E6A3D1561] - 17/09/2010 - 19:04:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Dutch Windmills.log [56849]
O44 - LFC:[MD5.08770A6C1EAE36595B56EF49086AB0DE] - 17/09/2010 - 06:24:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The One Ring.log [6403]
O44 - LFC:[MD5.8F3441BB9DC57A51ABAE7779323BFE4F] - 16/09/2010 - 22:08:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas.log [6771]
O44 - LFC:[MD5.2BDD28CE36F7311991C68DFBF1C4D07D] - 16/09/2010 - 22:02:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Discovery.log [6754]
O44 - LFC:[MD5.174C55F021BFC3B98AF3FAEFACEDECA5] - 16/09/2010 - 21:45:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Spirit of Fire.log [7179]
O44 - LFC:[MD5.1691D0EC20BB8735B29F62DB31211DED] - 16/09/2010 - 21:35:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ancient Castle.log [7907]
O44 - LFC:[MD5.A35AB37E4CB1FD4112F94CC9FD0803A6] - 16/09/2010 - 19:17:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nature.log [8582]
O44 - LFC:[MD5.68A4556C1525497A7F70AB6E9C7A92FE] - 16/09/2010 - 19:03:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Flag.log [6175]
O44 - LFC:[MD5.82B0A7398F3CEBE98B14803456644BB2] - 16/09/2010 - 18:56:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Tropical Fish.log [6085]
O44 - LFC:[MD5.A2F56B60BFA98A91632B4B3DA86FC17B] - 16/09/2010 - 11:27:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Clock Tower.log [6941]
O44 - LFC:[MD5.B76472212307EC44CC502531437A25D5] - 16/09/2010 - 11:20:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Coral Clock.log [1312257]
O44 - LFC:[MD5.232E354E837E2E0FF133BACF5B8A4737] - 16/09/2010 - 11:06:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Cuckoo Clock.log [8012]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 15/09/2010 - 07:56:47 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 15/09/2010 - 07:56:46 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.E1E7BA29E54B2D4B19F35BE18C752D4D] - 12/09/2010 - 22:30:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [199344]
O44 - LFC:[MD5.1EA14FCAC0F02AD272F3ADE34AD8C502] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac Clock 3D Screensaver.exe [6501376]
O44 - LFC:[MD5.5A967B48092EBCF79D85311E8C96C7D3] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac_Clock_3D_Screensaver.scr [842240]
O44 - LFC:[MD5.040A62B1C916EF01A405F1560E533D04] - 12/09/2010 - 10:49:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Water Clock 3D Screensaver.html [7286]
O44 - LFC:[MD5.FA208A954126E046915032511016DD3A] - 12/09/2010 - 10:49:12 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water Clock 3D Screensaver.exe [8700416]
O44 - LFC:[MD5.E66028F536FAFB23FA153E8443DAF859] - 12/09/2010 - 10:49:11 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water_Clock_3D_Screensaver.scr [780288]
O44 - LFC:[MD5.41AC020A0DB376D586CCDC20C7C703AC] - 12/09/2010 - 10:48:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Valentine 3D Screensaver.html [7311]
O44 - LFC:[MD5.0A46AF61B9D73E6A1B090D72800E0307] - 12/09/2010 - 10:48:31 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine 3D Screensaver.exe [5868544]
O44 - LFC:[MD5.EC50672676F76048229F17DBE58A7A75] - 12/09/2010 - 10:48:30 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine_3D_Screensaver.scr [770048]
O44 - LFC:[MD5.6D6724F3325D32E1E904B93403C12716] - 12/09/2010 - 10:47:47 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts_3D_Screensaver.scr [1925632]
O44 - LFC:[MD5.F28B551ACF413FC07E565860B2F12C1D] - 12/09/2010 - 10:47:46 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts 3D Screensaver.exe [20005074]
O44 - LFC:[MD5.30401B6CFD5C6506C500C89BC23089E2] - 12/09/2010 - 10:46:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Mayan Waterfall 3D Screensaver.html [7085]
O44 - LFC:[MD5.D95137E236DFC37EAE7D9811779E4B3A] - 12/09/2010 - 10:46:32 ---A- . (.3Planesoft - Mayan Waterfall 3D Screensaver.) -- C:\WINDOWS\System32\Mayan Waterfall 3D Screensaver.exe [15301632]
O44 - LFC:[MD5.DCFE0C11208569F2162B835CFE5859AE] - 12/09/2010 - 10:46:32 ---A- . (.3Planesoft - Mayan Waterfall 3D Screensaver.) -- C:\WINDOWS\System32\Mayan_Waterfall_3D_Screensaver.scr [781824]
O44 - LFC:[MD5.3D2E065A50ED44C74ACB572DBDC802A0] - 12/09/2010 - 10:45:49 ---A- . (.3Planesoft - Lighthouse Point 3D Screensaver.) -- C:\WINDOWS\System32\Lighthouse Point 3D Screensaver.exe [19237888]
O44 - LFC:[MD5.6D2B8C48B8838EF07890D0FD940FF534] - 12/09/2010 - 10:45:48 ---A- . (.3Planesoft - Lighthouse Point 3D Screensaver.) -- C:\WINDOWS\System32\Lighthouse_Point_3D_Screensaver.scr [852480]
O44 - LFC:[MD5.D1A4AF9B1121D2B6F18954671D60DA0A] - 12/09/2010 - 10:45:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Lagoon 3D Screensaver.html [7070]
O44 - LFC:[MD5.D90FB2C3AE7EE486B3D53ED5B2512276] - 12/09/2010 - 10:45:06 ---A- . (.3Planesoft - Lagoon 3D Screensaver.) -- C:\WINDOWS\System32\Lagoon 3D Screensaver.exe [10638336]
O44 - LFC:[MD5.8459090F37629B2636F026956C2B41E9] - 12/09/2010 - 10:45:06 ---A- . (.3Planesoft - Lagoon 3D Screensaver.) -- C:\WINDOWS\System32\Lagoon_3D_Screensaver.scr [883200]
O44 - LFC:[MD5.C89B48A7F2CC51BFA3099AB429662B29] - 12/09/2010 - 10:44:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Koi Fish 3D Screen
ComboFix 10-09-17.04 - Fazer 19/09/2010 18:58:23.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.1136 [GMT 2:00]
Lancé depuis: d:\zaza\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
[i] ADS - WINDOWS: deleted 72 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Fazer\Application Data\ltzqai.exe
c:\recycler\S-1-5-21-9880214972-3054612081-538450093-2644\syscr.exe
c:\windows\helper.exe
c:\windows\struct~.ini
c:\windows\system32\03.exe
c:\windows\system32\12.exe
c:\windows\system32\18.exe
c:\windows\system32\26.exe
c:\windows\system32\34.exe
c:\windows\system32\35.exe
c:\windows\system32\43.exe
c:\windows\system32\56.exe
c:\windows\system32\58.exe
c:\windows\system32\75.exe
c:\windows\system32\mingwm10.dll
c:\windows\system32\msvmiode.exe
c:\windows\system32\SDL_image.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-19 au 2010-09-19 ))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:48 . 2010-09-19 15:48 -------- d-----w- C:\!KillBox
2010-09-19 09:27 . 2010-09-19 09:41 -------- d-----w- C:\UsbFix
2010-09-19 07:19 . 2010-09-19 07:19 50160 ----a-w- c:\documents and settings\Fazer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 06:56 . 2010-09-15 06:56 -------- d-----w- c:\documents and settings\Fazer\Application Data\Malwarebytes
2010-09-15 06:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 06:56 . 2010-09-15 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 06:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 20:24 . 2010-09-14 20:24 -------- d-----w- C:\VundoFix Backups
2010-09-14 12:58 . 2010-09-14 12:58 973496 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-14 12:58 . 2010-09-14 12:58 88760 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-14 12:58 . 2010-09-14 12:58 973496 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-13 09:25 . 2010-09-13 07:48 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2010-09-13 09:25 . 2010-09-13 07:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2010-09-13 09:18 . 2010-09-13 07:48 -------- d-----w- C:\WINDOWS.0
2010-09-13 07:48 . 2010-09-13 07:48 -------- d-----w- c:\documents and settings\Fazer.A6-306E410417D7
2010-09-13 07:48 . 2010-09-13 07:32 -------- d--h--w- c:\documents and settings\Fazer.A6-306E410417D7\Modèles
2010-09-13 07:37 . 2010-09-13 07:38 -------- d-s---w- c:\documents and settings\Default User.WINDOWS.0\Local Settings\Application Data\Microsoft
2010-09-13 07:36 . 2010-09-13 07:36 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\DRM
2010-09-12 20:10 . 2010-08-08 08:40 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-09-12 20:10 . 2010-09-14 12:58 88760 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-12 20:10 . 2010-08-08 08:40 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-09-12 20:10 . 2010-08-08 08:40 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-09-12 20:10 . 2010-08-08 08:40 387768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\ksn_client.dll
2010-09-12 20:10 . 2010-08-08 08:40 191160 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtbbho.dll
2010-09-12 20:10 . 2010-08-08 08:40 264888 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\esmgr.dll
2010-09-12 20:10 . 2010-09-03 08:34 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-12 20:09 . 2010-08-22 14:33 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sco\i386\win\sys_critical_obj.dll
2010-09-12 20:09 . 2010-08-08 08:39 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-12 15:43 . 2010-09-12 20:50 -------- d-s---r- c:\program files\Common Files
2010-09-12 09:50 . 2008-03-20 11:19 842240 ----a-w- c:\windows\system32\Zodiac_Clock_3D_Screensaver.scr
2010-09-12 09:50 . 2008-03-20 11:19 6501376 ----a-w- c:\windows\system32\Zodiac Clock 3D Screensaver.exe
2010-09-12 09:49 . 2007-09-04 09:44 8700416 ----a-w- c:\windows\system32\Water Clock 3D Screensaver.exe
2010-09-12 09:49 . 2007-09-03 09:41 780288 ----a-w- c:\windows\system32\Water_Clock_3D_Screensaver.scr
2010-09-12 09:48 . 2007-02-07 14:53 5868544 ----a-w- c:\windows\system32\Valentine 3D Screensaver.exe
2010-09-12 09:48 . 2007-02-07 14:53 770048 ----a-w- c:\windows\system32\Valentine_3D_Screensaver.scr
2010-09-12 09:47 . 2008-07-30 15:56 1925632 ----a-w- c:\windows\system32\Sweethearts_3D_Screensaver.scr
2010-09-12 09:47 . 2008-07-30 15:56 20005074 ----a-w- c:\windows\system32\Sweethearts 3D Screensaver.exe
2010-09-12 09:46 . 2007-05-02 15:33 15301632 ----a-w- c:\windows\system32\Mayan Waterfall 3D Screensaver.exe
2010-09-12 09:46 . 2007-05-02 13:13 781824 ----a-w- c:\windows\system32\Mayan_Waterfall_3D_Screensaver.scr
2010-09-12 09:45 . 2008-06-10 10:04 19237888 ----a-w- c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2010-09-12 09:45 . 2008-06-09 15:26 852480 ----a-w- c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2010-09-12 09:45 . 2006-10-06 13:51 883200 ----a-w- c:\windows\system32\Lagoon_3D_Screensaver.scr
2010-09-12 09:45 . 2006-10-06 13:51 10638336 ----a-w- c:\windows\system32\Lagoon 3D Screensaver.exe
2010-09-12 09:44 . 2007-03-02 18:55 771072 ----a-w- c:\windows\system32\Koi_Fish_3D_Screensaver.scr
2010-09-12 09:44 . 2007-03-02 18:55 9893888 ----a-w- c:\windows\system32\Koi Fish 3D Screensaver.exe
2010-09-12 09:43 . 2006-11-08 09:15 745472 ----a-w- c:\windows\system32\Ice_Clock_3D_Screensaver.scr
2010-09-12 09:43 . 2006-11-08 09:15 8308224 ----a-w- c:\windows\system32\Ice Clock 3D Screensaver.exe
2010-09-12 09:42 . 2010-09-12 09:42 29454336 ----a-w- c:\windows\system32\Haunted House 3D Screensaver.exe
2010-09-12 09:42 . 2010-09-12 09:42 837632 ----a-w- c:\windows\system32\Haunted_House_3D_Screensaver.scr
2010-09-12 09:41 . 2006-11-30 22:09 8326144 ----a-w- c:\windows\system32\Fireside Christmas 3D Screensaver.exe
2010-09-12 09:41 . 2006-11-30 21:41 733184 ----a-w- c:\windows\system32\Fireside_Christmas_3D_Screensaver.scr
2010-09-12 09:40 . 2008-08-20 00:32 32721920 ----a-w- c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2010-09-12 09:40 . 2008-08-19 20:52 842240 ----a-w- c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2010-09-12 09:39 . 2007-06-22 09:28 12360192 ----a-w- c:\windows\system32\Deep Space 3D Screensaver.exe
2010-09-12 09:39 . 2007-06-22 09:28 774144 ----a-w- c:\windows\system32\Deep_Space_3D_Screensaver.scr
2010-09-12 09:38 . 2010-09-12 09:38 850432 ----a-w- c:\windows\system32\Crystal_Fireplace_3D_Screensaver.scr
2010-09-12 09:38 . 2010-09-12 09:38 17114624 ----a-w- c:\windows\system32\Crystal Fireplace 3D Screensaver.exe
2010-09-12 09:36 . 2007-12-20 16:18 15798272 ----a-w- c:\windows\system32\Christmas Bells 3D Screensaver.exe
2010-09-12 09:36 . 2007-12-20 15:30 822272 ----a-w- c:\windows\system32\Christmas_Bells_3D_Screensaver.scr
2010-09-12 08:01 . 2008-09-23 15:54 8998400 ----a-w- c:\windows\system32\Watermill 3D Screensaver.exe
2010-09-12 08:01 . 2008-09-23 11:17 858112 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2010-09-12 08:01 . 2008-09-23 16:10 17019392 ----a-w- c:\windows\system32\Voyage of Columbus 3D Screensaver.exe
2010-09-12 08:01 . 2008-09-23 11:37 840192 ----a-w- c:\windows\system32\Voyage_of_Columbus_3D_Screensaver.scr
2010-09-12 08:00 . 2008-09-23 15:56 2781184 ----a-w- c:\windows\system32\The One Ring 3D Screensaver.exe
2010-09-12 08:00 . 2008-09-23 11:20 270336 ----a-w- c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2010-09-12 07:59 . 2008-09-23 15:52 4992000 ----a-w- c:\windows\system32\Spirit of Fire 3D Screensaver.exe
2010-09-12 07:59 . 2008-09-23 11:14 839680 ----a-w- c:\windows\system32\Spirit_of_Fire_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 15:56 7648768 ----a-w- c:\windows\system32\Nautilus 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:19 829440 ----a-w- c:\windows\system32\Nautilus_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 16:01 10682368 ----a-w- c:\windows\system32\Nature 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:27 835072 ----a-w- c:\windows\system32\Nature_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 16:01 2519552 ----a-w- c:\windows\system32\Mechanical Clock 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:28 850944 ----a-w- c:\windows\system32\Mechanical_Clock_3D_Screensaver.scr
2010-09-12 07:12 . 2007-11-20 20:46 31323136 ----a-w- c:\windows\system32\Western Railway 3D Screensaver.exe
2010-09-12 07:10 . 2008-09-23 15:55 2895872 ----a-w- c:\windows\system32\Lantern 3D Screensaver.exe
2010-09-12 07:10 . 2008-09-23 11:17 262144 ----a-w- c:\windows\system32\Lantern_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 15:59 7310336 ----a-w- c:\windows\system32\Halloween 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:24 851968 ----a-w- c:\windows\system32\Halloween_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 15:54 5481984 ----a-w- c:\windows\system32\Galleon 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:15 863232 ----a-w- c:\windows\system32\Galleon_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 16:02 6782464 ----a-w- c:\windows\system32\Flag 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:29 864768 ----a-w- c:\windows\system32\Flag_3D_Screensaver.scr
2010-09-12 07:08 . 2008-09-23 15:53 3886080 ----a-w- c:\windows\system32\Fantasy Moon 3D Screensaver.exe
2010-09-12 07:08 . 2008-09-23 11:15 839168 ----a-w- c:\windows\system32\Fantasy_Moon_3D_Screensaver.scr
2010-09-12 07:08 . 2008-09-23 15:57 5057024 ----a-w- c:\windows\system32\Discovery 3D Screensaver.exe
2010-09-12 07:08 . 2008-09-23 11:21 845824 ----a-w- c:\windows\system32\Discovery_3D_Screensaver.scr
2010-09-12 07:07 . 2008-09-23 16:00 6298112 ----a-w- c:\windows\system32\Christmas 3D Screensaver.exe
2010-09-12 07:07 . 2008-09-23 11:25 849920 ----a-w- c:\windows\system32\Christmas_3D_Screensaver.scr
2010-09-12 07:05 . 2008-09-23 15:58 12899840 ----a-w- c:\windows\system32\Ancient Castle 3D Screensaver.exe
2010-09-12 07:05 . 2008-09-23 11:22 855552 ----a-w- c:\windows\system32\Ancient_Castle_3D_Screensaver.scr
2010-09-12 07:03 . 2006-08-04 14:38 19458048 ----a-w- c:\windows\system32\Cuckoo Clock 3D Screensaver.exe
2010-09-12 07:03 . 2006-08-03 15:29 1012224 ----a-w- c:\windows\system32\Cuckoo_Clock_3D_Screensaver.scr
2010-09-11 15:05 . 2007-11-20 19:58 782336 ----a-w- c:\windows\system32\Western_Railway_3D_Screensaver.scr
2010-09-11 14:17 . 2010-09-11 14:17 -------- d-----w- c:\windows\system32\3Planesoft
2010-09-11 11:18 . 2010-09-11 11:18 2764189 ----a-w- c:\windows\Desktop Trains Screensaver.scr
2010-09-09 19:27 . 2010-09-11 15:05 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2010-09-09 19:27 . 2010-09-11 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\3Planesoft
2010-09-09 19:27 . 2010-06-02 11:22 688640 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2010-09-09 19:11 . 2009-11-16 22:47 262186 ----a-w- c:\windows\system32\libgcc_s_sjlj-1.dll
2010-09-09 19:11 . 2009-11-16 22:47 6257838 ----a-w- c:\windows\system32\wxmsw28_core_gcc_custom.dll
2010-09-09 19:11 . 2009-11-16 22:47 2545307 ----a-w- c:\windows\system32\wxbase28_gcc_custom.dll
2010-09-09 19:11 . 2009-11-16 22:47 404550 ----a-w- c:\windows\system32\libpng12-0.dll
2010-09-09 19:11 . 2009-11-16 22:47 321536 ----a-w- c:\windows\system32\SDL.dll
2010-09-09 19:11 . 2009-11-28 07:28 877568 ----a-w- c:\windows\system32\Winter Train.scr
2010-09-09 19:02 . 2010-09-09 19:04 357404 ----a-w- c:\windows\uninstall Railroad.exe
2010-09-09 19:02 . 2010-09-09 19:04 1176265 ----a-w- c:\windows\Railroad.scr
2010-09-09 18:56 . 2010-09-09 18:56 3584000 ----a-w- c:\windows\Virtuelle Bahnfahrt.scr
2010-09-04 20:02 . 2010-09-15 18:46 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-02 17:40 . 2008-04-13 09:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-09-02 17:40 . 2008-04-13 09:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2010-09-02 17:34 . 2002-07-17 14:22 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2010-09-02 17:34 . 2002-07-17 14:22 5600 ----a-w- c:\windows\system\WINASPI.DLL
2010-09-02 17:34 . 2002-07-17 07:20 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-09-02 17:34 . 2002-07-17 06:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-09-02 17:22 . 2008-04-13 09:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-09-02 17:22 . 2008-04-13 09:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2010-09-02 17:22 . 2008-04-13 09:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-09-02 17:22 . 2008-04-13 09:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2010-09-02 17:06 . 2010-09-02 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-09-02 17:06 . 2010-09-02 17:06 -------- d-----w- c:\documents and settings\Fazer\Application Data\No Company Name
2010-09-02 16:52 . 2010-09-02 16:52 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2010-08-22 15:07 . 2010-08-22 15:07 -------- d-----w- c:\documents and settings\Fazer\Application Data\Oberonv1001
2010-08-22 15:05 . 2010-08-22 15:05 -------- d-----w- c:\program files\orange
2010-08-22 15:05 . 2010-08-22 15:05 -------- d-----w- c:\program files\Oberon Media
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:36 . 2009-12-25 08:03 -------- d-----w- c:\documents and settings\Fazer\Application Data\HPAppData
2010-09-19 15:15 . 2010-08-08 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-18 10:18 . 2010-08-08 06:53 -------- d-----w- c:\documents and settings\Fazer\Application Data\TMNT
2010-09-17 08:07 . 2009-12-07 14:22 -------- d-----w- c:\documents and settings\Fazer\Application Data\vlc
2010-09-16 20:14 . 2010-05-24 15:32 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-14 08:35 . 2010-05-15 18:23 -------- d-----w- c:\documents and settings\Fazer\Application Data\AddressBar
2010-09-14 08:09 . 2009-11-26 10:29 -------- d-----w- c:\documents and settings\Fazer\Application Data\FileZilla
2010-09-13 07:39 . 2009-11-24 19:45 -------- d-----w- c:\program files\Java
2010-09-13 07:33 . 2009-11-24 19:39 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-10 07:35 . 2009-12-07 14:22 -------- d-----w- c:\documents and settings\Fazer\Application Data\dvdcss
2010-09-04 19:59 . 2009-12-02 16:40 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-09-03 08:38 . 2010-05-06 13:00 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-02 16:54 . 2009-12-04 14:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 10:00 . 2009-12-24 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-22 15:33 . 2009-11-25 22:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-22 14:34 . 2010-05-07 15:35 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-21 18:06 . 2009-12-06 15:04 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-08-21 18:06 . 2010-05-08 17:38 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-08 08:41 . 2010-05-07 10:34 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-08-08 08:40 . 2010-08-08 08:24 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-08 08:40 . 2010-08-08 08:24 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-08 08:21 . 2010-08-08 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-08 06:48 . 2010-08-08 06:48 -------- d-----w- c:\program files\Ubisoft
2010-07-11 13:55 . 2010-07-11 13:58 53632 ----a-w- c:\documents and settings\Fazer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
------- Sigcheck -------
[-] 2008-04-29 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-07 . 50C27DB0AC142028795C5565D96F4FED . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BDARemote.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^PPS.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^widget_programmes.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk
backup=c:\windows\pss\widget_programmes.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\patches]
1 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANAL+ CANALSAT A LA DEMANDE]
2010-07-07 06:45 163992 ----a-w- f:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-23 09:57 135664 ----atw- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2010-02-21 01:29 2795352 ----a-w- f:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- f:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-04-26 09:09 185800 ----a-w- c:\program files\Fichiers communs\PPLiveNetwork\PPAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-12-16 13:13 155648 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- f:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
2006-07-20 00:04 118784 ----a-w- f:\program files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSeeMediaCenter]
2010-04-30 14:36 931120 ----a-w- c:\progra~1\FICHIE~1\uusee\UUSeeMediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"DisablePagingExecutive"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\eMule\\eMule.exe"=
"f:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"f:\\Program Files\\uusee\\UUSeePlayer.exe"=
"f:\\Program Files\\PPStream\\PPStream.exe"=
"f:\\Program Files\\PPStream\\PPSAP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
R2 CanalPlus.VOD;CanalPlus.VOD;f:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16:41 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [07/05/2010 00:19 132184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24/05/2010 17:33 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24/05/2010 17:35 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24/05/2010 17:35 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24/05/2010 17:35 121856]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24/05/2010 17:33 233472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2009 23:34 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-23 09:57]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-23 09:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://livetv.ru/fr/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: ʹÓÃUUSee¼ÓËÙ²¥·Å - f:\program files\uusee\geturltoplay.htm
IE: ʹÓÃUUSeeÏÂÔØ - f:\program files\uusee\geturltodown.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath -
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-gfyrkrk - c:\documents and settings\fazer\local settings\application data\gfyrkrk.exe
MSConfigStartUp-imPlayok - c:\windows\system32\imPlayok.exe
MSConfigStartUp-Logitech Vid - f:\program files\Logitech\Logitech Vid\vid.exe
MSConfigStartUp-Microsoft Driver Setup - c:\windows\cfdrive32.exe
MSConfigStartUp-MSODESNV7 - c:\windows\system32\msvmiode.exe
MSConfigStartUp-Peer2Me - c:\program files\Peer2Me\Peer2Me.exe
MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
MSConfigStartUp-Universal Bus device - usbdrv.exe
MSConfigStartUp-Universal Serial Bus device - usbmagr.exe
MSConfigStartUp-WinampAgent - f:\program files\Winamp\winampa.exe
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 19:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5740)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
f:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-09-19 19:09:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-19 17:09
Avant-CF: 7 036 641 280 octets libres
Après-CF: 7 063 711 744 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8B3CB9A476EC50B5DF97F103C413C86A
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.1136 [GMT 2:00]
Lancé depuis: d:\zaza\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
[i] ADS - WINDOWS: deleted 72 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Fazer\Application Data\ltzqai.exe
c:\recycler\S-1-5-21-9880214972-3054612081-538450093-2644\syscr.exe
c:\windows\helper.exe
c:\windows\struct~.ini
c:\windows\system32\03.exe
c:\windows\system32\12.exe
c:\windows\system32\18.exe
c:\windows\system32\26.exe
c:\windows\system32\34.exe
c:\windows\system32\35.exe
c:\windows\system32\43.exe
c:\windows\system32\56.exe
c:\windows\system32\58.exe
c:\windows\system32\75.exe
c:\windows\system32\mingwm10.dll
c:\windows\system32\msvmiode.exe
c:\windows\system32\SDL_image.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-19 au 2010-09-19 ))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:48 . 2010-09-19 15:48 -------- d-----w- C:\!KillBox
2010-09-19 09:27 . 2010-09-19 09:41 -------- d-----w- C:\UsbFix
2010-09-19 07:19 . 2010-09-19 07:19 50160 ----a-w- c:\documents and settings\Fazer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 06:56 . 2010-09-15 06:56 -------- d-----w- c:\documents and settings\Fazer\Application Data\Malwarebytes
2010-09-15 06:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 06:56 . 2010-09-15 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 06:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 20:24 . 2010-09-14 20:24 -------- d-----w- C:\VundoFix Backups
2010-09-14 12:58 . 2010-09-14 12:58 973496 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-14 12:58 . 2010-09-14 12:58 88760 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-14 12:58 . 2010-09-14 12:58 973496 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-13 09:25 . 2010-09-13 07:48 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2010-09-13 09:25 . 2010-09-13 07:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2010-09-13 09:18 . 2010-09-13 07:48 -------- d-----w- C:\WINDOWS.0
2010-09-13 07:48 . 2010-09-13 07:48 -------- d-----w- c:\documents and settings\Fazer.A6-306E410417D7
2010-09-13 07:48 . 2010-09-13 07:32 -------- d--h--w- c:\documents and settings\Fazer.A6-306E410417D7\Modèles
2010-09-13 07:37 . 2010-09-13 07:38 -------- d-s---w- c:\documents and settings\Default User.WINDOWS.0\Local Settings\Application Data\Microsoft
2010-09-13 07:36 . 2010-09-13 07:36 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\DRM
2010-09-12 20:10 . 2010-08-08 08:40 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-09-12 20:10 . 2010-09-14 12:58 88760 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-12 20:10 . 2010-08-08 08:40 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-09-12 20:10 . 2010-08-08 08:40 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-09-12 20:10 . 2010-08-08 08:40 387768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\ksn_client.dll
2010-09-12 20:10 . 2010-08-08 08:40 191160 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtbbho.dll
2010-09-12 20:10 . 2010-08-08 08:40 264888 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\esmgr.dll
2010-09-12 20:10 . 2010-09-03 08:34 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-12 20:09 . 2010-08-22 14:33 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sco\i386\win\sys_critical_obj.dll
2010-09-12 20:09 . 2010-08-08 08:39 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-12 15:43 . 2010-09-12 20:50 -------- d-s---r- c:\program files\Common Files
2010-09-12 09:50 . 2008-03-20 11:19 842240 ----a-w- c:\windows\system32\Zodiac_Clock_3D_Screensaver.scr
2010-09-12 09:50 . 2008-03-20 11:19 6501376 ----a-w- c:\windows\system32\Zodiac Clock 3D Screensaver.exe
2010-09-12 09:49 . 2007-09-04 09:44 8700416 ----a-w- c:\windows\system32\Water Clock 3D Screensaver.exe
2010-09-12 09:49 . 2007-09-03 09:41 780288 ----a-w- c:\windows\system32\Water_Clock_3D_Screensaver.scr
2010-09-12 09:48 . 2007-02-07 14:53 5868544 ----a-w- c:\windows\system32\Valentine 3D Screensaver.exe
2010-09-12 09:48 . 2007-02-07 14:53 770048 ----a-w- c:\windows\system32\Valentine_3D_Screensaver.scr
2010-09-12 09:47 . 2008-07-30 15:56 1925632 ----a-w- c:\windows\system32\Sweethearts_3D_Screensaver.scr
2010-09-12 09:47 . 2008-07-30 15:56 20005074 ----a-w- c:\windows\system32\Sweethearts 3D Screensaver.exe
2010-09-12 09:46 . 2007-05-02 15:33 15301632 ----a-w- c:\windows\system32\Mayan Waterfall 3D Screensaver.exe
2010-09-12 09:46 . 2007-05-02 13:13 781824 ----a-w- c:\windows\system32\Mayan_Waterfall_3D_Screensaver.scr
2010-09-12 09:45 . 2008-06-10 10:04 19237888 ----a-w- c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2010-09-12 09:45 . 2008-06-09 15:26 852480 ----a-w- c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2010-09-12 09:45 . 2006-10-06 13:51 883200 ----a-w- c:\windows\system32\Lagoon_3D_Screensaver.scr
2010-09-12 09:45 . 2006-10-06 13:51 10638336 ----a-w- c:\windows\system32\Lagoon 3D Screensaver.exe
2010-09-12 09:44 . 2007-03-02 18:55 771072 ----a-w- c:\windows\system32\Koi_Fish_3D_Screensaver.scr
2010-09-12 09:44 . 2007-03-02 18:55 9893888 ----a-w- c:\windows\system32\Koi Fish 3D Screensaver.exe
2010-09-12 09:43 . 2006-11-08 09:15 745472 ----a-w- c:\windows\system32\Ice_Clock_3D_Screensaver.scr
2010-09-12 09:43 . 2006-11-08 09:15 8308224 ----a-w- c:\windows\system32\Ice Clock 3D Screensaver.exe
2010-09-12 09:42 . 2010-09-12 09:42 29454336 ----a-w- c:\windows\system32\Haunted House 3D Screensaver.exe
2010-09-12 09:42 . 2010-09-12 09:42 837632 ----a-w- c:\windows\system32\Haunted_House_3D_Screensaver.scr
2010-09-12 09:41 . 2006-11-30 22:09 8326144 ----a-w- c:\windows\system32\Fireside Christmas 3D Screensaver.exe
2010-09-12 09:41 . 2006-11-30 21:41 733184 ----a-w- c:\windows\system32\Fireside_Christmas_3D_Screensaver.scr
2010-09-12 09:40 . 2008-08-20 00:32 32721920 ----a-w- c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2010-09-12 09:40 . 2008-08-19 20:52 842240 ----a-w- c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2010-09-12 09:39 . 2007-06-22 09:28 12360192 ----a-w- c:\windows\system32\Deep Space 3D Screensaver.exe
2010-09-12 09:39 . 2007-06-22 09:28 774144 ----a-w- c:\windows\system32\Deep_Space_3D_Screensaver.scr
2010-09-12 09:38 . 2010-09-12 09:38 850432 ----a-w- c:\windows\system32\Crystal_Fireplace_3D_Screensaver.scr
2010-09-12 09:38 . 2010-09-12 09:38 17114624 ----a-w- c:\windows\system32\Crystal Fireplace 3D Screensaver.exe
2010-09-12 09:36 . 2007-12-20 16:18 15798272 ----a-w- c:\windows\system32\Christmas Bells 3D Screensaver.exe
2010-09-12 09:36 . 2007-12-20 15:30 822272 ----a-w- c:\windows\system32\Christmas_Bells_3D_Screensaver.scr
2010-09-12 08:01 . 2008-09-23 15:54 8998400 ----a-w- c:\windows\system32\Watermill 3D Screensaver.exe
2010-09-12 08:01 . 2008-09-23 11:17 858112 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2010-09-12 08:01 . 2008-09-23 16:10 17019392 ----a-w- c:\windows\system32\Voyage of Columbus 3D Screensaver.exe
2010-09-12 08:01 . 2008-09-23 11:37 840192 ----a-w- c:\windows\system32\Voyage_of_Columbus_3D_Screensaver.scr
2010-09-12 08:00 . 2008-09-23 15:56 2781184 ----a-w- c:\windows\system32\The One Ring 3D Screensaver.exe
2010-09-12 08:00 . 2008-09-23 11:20 270336 ----a-w- c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2010-09-12 07:59 . 2008-09-23 15:52 4992000 ----a-w- c:\windows\system32\Spirit of Fire 3D Screensaver.exe
2010-09-12 07:59 . 2008-09-23 11:14 839680 ----a-w- c:\windows\system32\Spirit_of_Fire_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 15:56 7648768 ----a-w- c:\windows\system32\Nautilus 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:19 829440 ----a-w- c:\windows\system32\Nautilus_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 16:01 10682368 ----a-w- c:\windows\system32\Nature 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:27 835072 ----a-w- c:\windows\system32\Nature_3D_Screensaver.scr
2010-09-12 07:58 . 2008-09-23 16:01 2519552 ----a-w- c:\windows\system32\Mechanical Clock 3D Screensaver.exe
2010-09-12 07:58 . 2008-09-23 11:28 850944 ----a-w- c:\windows\system32\Mechanical_Clock_3D_Screensaver.scr
2010-09-12 07:12 . 2007-11-20 20:46 31323136 ----a-w- c:\windows\system32\Western Railway 3D Screensaver.exe
2010-09-12 07:10 . 2008-09-23 15:55 2895872 ----a-w- c:\windows\system32\Lantern 3D Screensaver.exe
2010-09-12 07:10 . 2008-09-23 11:17 262144 ----a-w- c:\windows\system32\Lantern_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 15:59 7310336 ----a-w- c:\windows\system32\Halloween 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:24 851968 ----a-w- c:\windows\system32\Halloween_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 15:54 5481984 ----a-w- c:\windows\system32\Galleon 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:15 863232 ----a-w- c:\windows\system32\Galleon_3D_Screensaver.scr
2010-09-12 07:09 . 2008-09-23 16:02 6782464 ----a-w- c:\windows\system32\Flag 3D Screensaver.exe
2010-09-12 07:09 . 2008-09-23 11:29 864768 ----a-w- c:\windows\system32\Flag_3D_Screensaver.scr
2010-09-12 07:08 . 2008-09-23 15:53 3886080 ----a-w- c:\windows\system32\Fantasy Moon 3D Screensaver.exe
2010-09-12 07:08 . 2008-09-23 11:15 839168 ----a-w- c:\windows\system32\Fantasy_Moon_3D_Screensaver.scr
2010-09-12 07:08 . 2008-09-23 15:57 5057024 ----a-w- c:\windows\system32\Discovery 3D Screensaver.exe
2010-09-12 07:08 . 2008-09-23 11:21 845824 ----a-w- c:\windows\system32\Discovery_3D_Screensaver.scr
2010-09-12 07:07 . 2008-09-23 16:00 6298112 ----a-w- c:\windows\system32\Christmas 3D Screensaver.exe
2010-09-12 07:07 . 2008-09-23 11:25 849920 ----a-w- c:\windows\system32\Christmas_3D_Screensaver.scr
2010-09-12 07:05 . 2008-09-23 15:58 12899840 ----a-w- c:\windows\system32\Ancient Castle 3D Screensaver.exe
2010-09-12 07:05 . 2008-09-23 11:22 855552 ----a-w- c:\windows\system32\Ancient_Castle_3D_Screensaver.scr
2010-09-12 07:03 . 2006-08-04 14:38 19458048 ----a-w- c:\windows\system32\Cuckoo Clock 3D Screensaver.exe
2010-09-12 07:03 . 2006-08-03 15:29 1012224 ----a-w- c:\windows\system32\Cuckoo_Clock_3D_Screensaver.scr
2010-09-11 15:05 . 2007-11-20 19:58 782336 ----a-w- c:\windows\system32\Western_Railway_3D_Screensaver.scr
2010-09-11 14:17 . 2010-09-11 14:17 -------- d-----w- c:\windows\system32\3Planesoft
2010-09-11 11:18 . 2010-09-11 11:18 2764189 ----a-w- c:\windows\Desktop Trains Screensaver.scr
2010-09-09 19:27 . 2010-09-11 15:05 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2010-09-09 19:27 . 2010-09-11 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\3Planesoft
2010-09-09 19:27 . 2010-06-02 11:22 688640 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2010-09-09 19:11 . 2009-11-16 22:47 262186 ----a-w- c:\windows\system32\libgcc_s_sjlj-1.dll
2010-09-09 19:11 . 2009-11-16 22:47 6257838 ----a-w- c:\windows\system32\wxmsw28_core_gcc_custom.dll
2010-09-09 19:11 . 2009-11-16 22:47 2545307 ----a-w- c:\windows\system32\wxbase28_gcc_custom.dll
2010-09-09 19:11 . 2009-11-16 22:47 404550 ----a-w- c:\windows\system32\libpng12-0.dll
2010-09-09 19:11 . 2009-11-16 22:47 321536 ----a-w- c:\windows\system32\SDL.dll
2010-09-09 19:11 . 2009-11-28 07:28 877568 ----a-w- c:\windows\system32\Winter Train.scr
2010-09-09 19:02 . 2010-09-09 19:04 357404 ----a-w- c:\windows\uninstall Railroad.exe
2010-09-09 19:02 . 2010-09-09 19:04 1176265 ----a-w- c:\windows\Railroad.scr
2010-09-09 18:56 . 2010-09-09 18:56 3584000 ----a-w- c:\windows\Virtuelle Bahnfahrt.scr
2010-09-04 20:02 . 2010-09-15 18:46 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-02 17:40 . 2008-04-13 09:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-09-02 17:40 . 2008-04-13 09:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2010-09-02 17:34 . 2002-07-17 14:22 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2010-09-02 17:34 . 2002-07-17 14:22 5600 ----a-w- c:\windows\system\WINASPI.DLL
2010-09-02 17:34 . 2002-07-17 07:20 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-09-02 17:34 . 2002-07-17 06:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-09-02 17:22 . 2008-04-13 09:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-09-02 17:22 . 2008-04-13 09:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2010-09-02 17:22 . 2008-04-13 09:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-09-02 17:22 . 2008-04-13 09:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2010-09-02 17:06 . 2010-09-02 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-09-02 17:06 . 2010-09-02 17:06 -------- d-----w- c:\documents and settings\Fazer\Application Data\No Company Name
2010-09-02 16:52 . 2010-09-02 16:52 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2010-08-22 15:07 . 2010-08-22 15:07 -------- d-----w- c:\documents and settings\Fazer\Application Data\Oberonv1001
2010-08-22 15:05 . 2010-08-22 15:05 -------- d-----w- c:\program files\orange
2010-08-22 15:05 . 2010-08-22 15:05 -------- d-----w- c:\program files\Oberon Media
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:36 . 2009-12-25 08:03 -------- d-----w- c:\documents and settings\Fazer\Application Data\HPAppData
2010-09-19 15:15 . 2010-08-08 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-18 10:18 . 2010-08-08 06:53 -------- d-----w- c:\documents and settings\Fazer\Application Data\TMNT
2010-09-17 08:07 . 2009-12-07 14:22 -------- d-----w- c:\documents and settings\Fazer\Application Data\vlc
2010-09-16 20:14 . 2010-05-24 15:32 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-14 08:35 . 2010-05-15 18:23 -------- d-----w- c:\documents and settings\Fazer\Application Data\AddressBar
2010-09-14 08:09 . 2009-11-26 10:29 -------- d-----w- c:\documents and settings\Fazer\Application Data\FileZilla
2010-09-13 07:39 . 2009-11-24 19:45 -------- d-----w- c:\program files\Java
2010-09-13 07:33 . 2009-11-24 19:39 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-10 07:35 . 2009-12-07 14:22 -------- d-----w- c:\documents and settings\Fazer\Application Data\dvdcss
2010-09-04 19:59 . 2009-12-02 16:40 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-09-03 08:38 . 2010-05-06 13:00 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-02 16:54 . 2009-12-04 14:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 10:00 . 2009-12-24 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-22 15:33 . 2009-11-25 22:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-22 14:34 . 2010-05-07 15:35 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-21 18:06 . 2009-12-06 15:04 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-08-21 18:06 . 2010-05-08 17:38 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-08 08:41 . 2010-05-07 10:34 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-08-08 08:40 . 2010-08-08 08:24 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-08 08:40 . 2010-08-08 08:24 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-08 08:21 . 2010-08-08 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-08 06:48 . 2010-08-08 06:48 -------- d-----w- c:\program files\Ubisoft
2010-07-11 13:55 . 2010-07-11 13:58 53632 ----a-w- c:\documents and settings\Fazer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
------- Sigcheck -------
[-] 2008-04-29 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-07 . 50C27DB0AC142028795C5565D96F4FED . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BDARemote.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^PPS.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Fazer^Menu Démarrer^Programmes^Démarrage^widget_programmes.lnk]
path=c:\documents and settings\Fazer\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk
backup=c:\windows\pss\widget_programmes.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\patches]
1 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANAL+ CANALSAT A LA DEMANDE]
2010-07-07 06:45 163992 ----a-w- f:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-23 09:57 135664 ----atw- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2010-02-21 01:29 2795352 ----a-w- f:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- f:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-04-26 09:09 185800 ----a-w- c:\program files\Fichiers communs\PPLiveNetwork\PPAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-12-16 13:13 155648 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- f:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
2006-07-20 00:04 118784 ----a-w- f:\program files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSeeMediaCenter]
2010-04-30 14:36 931120 ----a-w- c:\progra~1\FICHIE~1\uusee\UUSeeMediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"DisablePagingExecutive"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\eMule\\eMule.exe"=
"f:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"f:\\Program Files\\uusee\\UUSeePlayer.exe"=
"f:\\Program Files\\PPStream\\PPStream.exe"=
"f:\\Program Files\\PPStream\\PPSAP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
R2 CanalPlus.VOD;CanalPlus.VOD;f:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16:41 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [07/05/2010 00:19 132184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24/05/2010 17:33 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24/05/2010 17:35 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24/05/2010 17:35 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24/05/2010 17:35 121856]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24/05/2010 17:33 233472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2009 23:34 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-23 09:57]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
- c:\documents and settings\Fazer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-23 09:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://livetv.ru/fr/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: ʹÓÃUUSee¼ÓËÙ²¥·Å - f:\program files\uusee\geturltoplay.htm
IE: ʹÓÃUUSeeÏÂÔØ - f:\program files\uusee\geturltodown.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath -
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-gfyrkrk - c:\documents and settings\fazer\local settings\application data\gfyrkrk.exe
MSConfigStartUp-imPlayok - c:\windows\system32\imPlayok.exe
MSConfigStartUp-Logitech Vid - f:\program files\Logitech\Logitech Vid\vid.exe
MSConfigStartUp-Microsoft Driver Setup - c:\windows\cfdrive32.exe
MSConfigStartUp-MSODESNV7 - c:\windows\system32\msvmiode.exe
MSConfigStartUp-Peer2Me - c:\program files\Peer2Me\Peer2Me.exe
MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
MSConfigStartUp-Universal Bus device - usbdrv.exe
MSConfigStartUp-Universal Serial Bus device - usbmagr.exe
MSConfigStartUp-WinampAgent - f:\program files\Winamp\winampa.exe
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 19:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5740)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
f:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-09-19 19:09:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-19 17:09
Avant-CF: 7 036 641 280 octets libres
Après-CF: 7 063 711 744 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8B3CB9A476EC50B5DF97F103C413C86A
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à rappeler le programme si besoin.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à rappeler le programme si besoin.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Voila j'ai galéré pour avoir rapport mais enfin le voila :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Fazer ()
Update on 18/09/2010 by g3n-h@ckm@n ::::: 15.20
Start at: 20:09:48 | 20/09/2010
Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 11.0.0.232 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]11.0.0.232
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,53 Go (6,6 Go free) [Nouveau nom] | NTFS
D:\ -> Disque fixe local | 279,47 Go (44,8 Go free) | NTFS
F:\ -> Disque fixe local | 170,38 Go (101,05 Go free) | NTFS
G:\ -> Disque CD-ROM | 4,36 Go (0 Mo free) [BUGSLIFE_DISK2_PROJECT_FILE] | UDF
H:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 376 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 1660 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2772 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3580 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 6180 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\Ati2evxx.exe ---- 3380 Ko ---- Normal ---- C:\WINDOWS\system32\Ati2evxx.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4868 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4264 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\system32\Ati2evxx.exe ---- 3896 Ko ---- Normal ---- Ati2evxx.exe -Client ----
C:\WINDOWS\system32\svchost.exe ---- 5360 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\spoolsv.exe ---- 5512 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\Explorer.EXE ---- 32144 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\Messenger\msmsgs.exe ---- 1772 Ko ---- Normal ---- "C:\Program Files\Messenger\msmsgs.exe" /background ----
C:\WINDOWS\system32\ctfmon.exe ---- 3740 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 3680 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k eapsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 5916 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k hpdevmgmt ----
C:\WINDOWS\system32\svchost.exe ---- 6752 Ko ---- Below Normal ---- C:\WINDOWS\system32\svchost.exe -k HPService ----
F:\Program Files\Java\jre6\bin\jqs.exe ---- 1412 Ko ---- Idle ---- "F:\Program Files\Java\jre6\bin\jqs.exe" -service -config "F:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe ---- 2464 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" ---- Logitech Inc
C:\WINDOWS\System32\svchost.exe ---- 2944 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HPZ12 ----
C:\WINDOWS\System32\svchost.exe ---- 2912 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HPZ12 ----
C:\WINDOWS\system32\svchost.exe ---- 4516 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 1388 Ko ---- Normal ---- "F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" ---- TomTom International BV
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe ---- 872 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ----
C:\WINDOWS\system32\wuauclt.exe ---- 6996 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[550]SUSDS5746d5248210a34f9e0fa100c2671db2 ---- Microsoft Windows Component Publisher
C:\WINDOWS\System32\svchost.exe ---- 3404 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\WINDOWS\System32\alg.exe ---- 3540 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\system32\wscntfy.exe ---- 2464 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\System32\svchost.exe ---- 13880 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7284 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 4856 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2832 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\Program Files\List_Kill'em\pv.exe ---- 2816 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoStartBanner = 01000000
MemCheckBoxInRunDlg = 1 (0x1)
NoSMBalloonTip = 1 (0x1)
NoDesktopCleanupWizard = 1 (0x1)
NoWelcomeScreen = 1 (0x1)
NoStrCmpLogical = 0 (0x0)
NoInstrumentation = 0 (0x0)
NoDriveAutoRun = 67108863 (0x3ffffff)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoDriveAutoRun = 67108863 (0x3ffffff)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS = F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
F:\Program Files\eMule\eMule.exe = F:\Program Files\eMule\eMule.exe:*:Enabled:eMule
F:\Program Files\XBMC\XBMC.exe = F:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
F:\Program Files\uusee\UUSeePlayer.exe = F:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
F:\Program Files\PPStream\PPStream.exe = F:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
F:\Program Files\PPStream\PPSAP.exe = F:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{49C91706-80DA-AA48-5E47-30DE05EFD258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8848142D-1388-E9EE-4B26-F2EE162B1676}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\dllcache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS.0\system32\drivers\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\system32\dllcache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS.0\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS.0\system32\dllcache\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\dllcache\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS.0\system32\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS.0\system32\dllcache\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
19,53 Go total, 6,60 Go libre (33%), 14% fragment' (fragmentation du fichier 29%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 20:49:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
DisablePagingExecutive = 1 (0x1)
LargeSystemCache = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:50:29,89
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Fazer ()
Update on 18/09/2010 by g3n-h@ckm@n ::::: 15.20
Start at: 20:09:48 | 20/09/2010
Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 11.0.0.232 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]11.0.0.232
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,53 Go (6,6 Go free) [Nouveau nom] | NTFS
D:\ -> Disque fixe local | 279,47 Go (44,8 Go free) | NTFS
F:\ -> Disque fixe local | 170,38 Go (101,05 Go free) | NTFS
G:\ -> Disque CD-ROM | 4,36 Go (0 Mo free) [BUGSLIFE_DISK2_PROJECT_FILE] | UDF
H:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 376 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 1660 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2772 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3580 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 6180 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\Ati2evxx.exe ---- 3380 Ko ---- Normal ---- C:\WINDOWS\system32\Ati2evxx.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4868 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4264 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\system32\Ati2evxx.exe ---- 3896 Ko ---- Normal ---- Ati2evxx.exe -Client ----
C:\WINDOWS\system32\svchost.exe ---- 5360 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\spoolsv.exe ---- 5512 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\Explorer.EXE ---- 32144 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\Messenger\msmsgs.exe ---- 1772 Ko ---- Normal ---- "C:\Program Files\Messenger\msmsgs.exe" /background ----
C:\WINDOWS\system32\ctfmon.exe ---- 3740 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 3680 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k eapsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 5916 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k hpdevmgmt ----
C:\WINDOWS\system32\svchost.exe ---- 6752 Ko ---- Below Normal ---- C:\WINDOWS\system32\svchost.exe -k HPService ----
F:\Program Files\Java\jre6\bin\jqs.exe ---- 1412 Ko ---- Idle ---- "F:\Program Files\Java\jre6\bin\jqs.exe" -service -config "F:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe ---- 2464 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" ---- Logitech Inc
C:\WINDOWS\System32\svchost.exe ---- 2944 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HPZ12 ----
C:\WINDOWS\System32\svchost.exe ---- 2912 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HPZ12 ----
C:\WINDOWS\system32\svchost.exe ---- 4516 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 1388 Ko ---- Normal ---- "F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" ---- TomTom International BV
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe ---- 872 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ----
C:\WINDOWS\system32\wuauclt.exe ---- 6996 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[550]SUSDS5746d5248210a34f9e0fa100c2671db2 ---- Microsoft Windows Component Publisher
C:\WINDOWS\System32\svchost.exe ---- 3404 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\WINDOWS\System32\alg.exe ---- 3540 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\system32\wscntfy.exe ---- 2464 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\System32\svchost.exe ---- 13880 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7284 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 4856 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2832 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\Program Files\List_Kill'em\pv.exe ---- 2816 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoStartBanner = 01000000
MemCheckBoxInRunDlg = 1 (0x1)
NoSMBalloonTip = 1 (0x1)
NoDesktopCleanupWizard = 1 (0x1)
NoWelcomeScreen = 1 (0x1)
NoStrCmpLogical = 0 (0x0)
NoInstrumentation = 0 (0x0)
NoDriveAutoRun = 67108863 (0x3ffffff)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoDriveAutoRun = 67108863 (0x3ffffff)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS = F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
F:\Program Files\eMule\eMule.exe = F:\Program Files\eMule\eMule.exe:*:Enabled:eMule
F:\Program Files\XBMC\XBMC.exe = F:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
F:\Program Files\uusee\UUSeePlayer.exe = F:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
F:\Program Files\PPStream\PPStream.exe = F:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
F:\Program Files\PPStream\PPSAP.exe = F:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{49C91706-80DA-AA48-5E47-30DE05EFD258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8848142D-1388-E9EE-4B26-F2EE162B1676}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\dllcache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS.0\system32\drivers\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\system32\dllcache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS.0\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS.0\system32\dllcache\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\dllcache\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS.0\system32\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS.0\system32\dllcache\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
19,53 Go total, 6,60 Go libre (33%), 14% fragment' (fragmentation du fichier 29%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 20:49:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
DisablePagingExecutive = 1 (0x1)
LargeSystemCache = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:50:29,89
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.6 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\sysdrv32.sys
Quarantined & Deleted !! : C:\WINDOWS\system32\msvmiode.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\Local Settings\Temp\149.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\Local Settings\Temp\517.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\1733420.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\37178.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\899356.exe
Deleted !! : C:\RECYCLER\S-1-5-21-1214440339-362288127-1177238915-1003\Dc1.txt
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : lsass
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Driver Setup
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Microsoft Driver Setup
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_sysdrv32
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sysdrv32
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_sysdrv32
Deleted : HKLM\SYSTEM\ControlSet004\Services\sysdrv32
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 ()
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
DisablePagingExecutive = 1 ()
LargeSystemCache = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\sysdrv32.sys
Quarantined & Deleted !! : C:\WINDOWS\system32\msvmiode.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\Local Settings\Temp\149.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\Local Settings\Temp\517.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\1733420.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\37178.exe
Quarantined & Deleted !! : C:\Documents and Settings\Fazer\LOCAL Settings\Temp\899356.exe
Deleted !! : C:\RECYCLER\S-1-5-21-1214440339-362288127-1177238915-1003\Dc1.txt
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : lsass
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Driver Setup
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Microsoft Driver Setup
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_sysdrv32
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sysdrv32
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_sysdrv32
Deleted : HKLM\SYSTEM\ControlSet004\Services\sysdrv32
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 ()
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
DisablePagingExecutive = 1 ()
LargeSystemCache = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4650
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
22/09/2010 20:24:37
mbam-log-2010-09-22 (20-24-37).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 187308
Temps écoulé: 13 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nrconnmags (Trojan.Swisyn) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysjo3 (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-1692988006-5093642393-196814364-3764\syscr.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,explorer.exe,C:\Documents and Settings\Fazer\Application Data\ltzqai.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1692988006-5093642393-196814364-3764\syscr.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\gff6.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\WINDOWS\system\csrss.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fazer\Application Data\ltzqai.exe (Worm.Palevo) -> Delete on reboot.
C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 4650
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
22/09/2010 20:24:37
mbam-log-2010-09-22 (20-24-37).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 187308
Temps écoulé: 13 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nrconnmags (Trojan.Swisyn) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysjo3 (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-1692988006-5093642393-196814364-3764\syscr.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,explorer.exe,C:\Documents and Settings\Fazer\Application Data\ltzqai.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1692988006-5093642393-196814364-3764\syscr.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\gff6.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\WINDOWS\system\csrss.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fazer\Application Data\ltzqai.exe (Worm.Palevo) -> Delete on reboot.
C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Apres un scan c'est toujours un peu mieux ,mais ca fini toujours par revenir surtout ce 2eme CSRSS qui prend toute la puissance du CPU !!
les autres, a la limite on peut faire avec,
mais celui la il me rend fou !!
les autres, a la limite on peut faire avec,
mais celui la il me rend fou !!
Rapport de ZHPDiag v1.26.652 par Nicolas Coolman, Update du 19/09/2010
Run by Fazer at 23/09/2010 20:27:17
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.5.6)
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 2 Stepping 4, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1535 MB (75% free)
System drive C: has 6 GB (31%) free of 20 GB
---\\ Logged in mode
Computer Name: A6-EB2A2A32C321
User Name: Fazer
All Users Names: SUPPORT_388945a0, HelpAssistant, Fazer, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 20 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 45 Go of 279 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 101 Go of 170 Go)
G:\ CD-ROM drive (Free 0 Go of 4 Go)
H:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232]
[MD5.FBAA7A56D573BE55A65AD5B8C17ECA03] - (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144]
[MD5.77AC10DB097DFD0CD3071465B644D0AB] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- F:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [154136]
[MD5.C0AEFA4A63CBCB1D3B2383760D1FFFB9] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system\csrss.exe [53760]
[MD5.747E60B773E95F6C93D5621B550D6865] - (.TomTom - Windows Service for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]
[MD5.B299B3A58FAAE7261A64718648E28050] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [57344]
[MD5.90EA8ED3922D9348649BB3B562AC49AC] - (.Nicolas Coolman - Diagnostic Tool.) -- F:\Program Files\ZHPDiag\ZHPDiag.exe [566784]
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\firefox@tvunetworks.com] [] TVU Web Player 2,5,3,1 (..)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\redbullsboom@redbull.newyork.mlsnet.com] [] New York Red Bulls Boom 2,5,3,1 (.Brand Thunder.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@canalplus.fr/Assistants VOD,version=1.0.0.0] - (.Canal+ Active - npCpVod.) -- F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pages.tvunetworks.com/WebPlayer] - (.TVU networks - 2,5,3,1.) -- C:\WINDOWS\system32\TVUAx\npTVUAx.dll
P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\VLCBroadcast\npvbp.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\Player\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.0.3] - (.the VideoLAN Team - Version 1.0.3, copyright 1996-2009 The VideoLAN Team<br><a href="http:.) -- F:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Fazer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16640 (vista_gdr.080213-1606)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [netmon] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system\services.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter à l'Anti-bannière . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltodown.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kbrd.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Network Connections to Manage (NrConnmags) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system\csrss.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player 11 - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys
O41 - Driver: Kl2 (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\WINDOWS\system32\drivers\kl2.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
O42 - Logiciel: 3Planesoft Screensaver Manager 1.4 - (.3Planesoft.) [HKLM] -- 3Planesoft Screensaver Manager_is1
O42 - Logiciel: ABC (remove only) - (.Pas de propriétaire.) [HKLM] -- ABC
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop Elements - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop Elements 1.0
O42 - Logiciel: Adobe SVG Viewer - (.Adobe Systems, Inc..) [HKLM] -- Adobe SVG Viewer
O42 - Logiciel: Ancient Castle 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ancient Castle 3D Screensaver_is1
O42 - Logiciel: AnyDVD - (.SlySoft.) [HKLM] -- AnyDVD
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: CANAL+ CANALSAT A LA DEMANDE - (.CanalPlus.) [HKLM] -- {04DA096D-6236-4A5D-8FB6-3081E67009BA}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA}
O42 - Logiciel: Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas 3D Screensaver_is1
O42 - Logiciel: Christmas Bells 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas Bells 3D Screensaver_is1
O42 - Logiciel: Clock Tower 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Clock Tower 3D Screensaver_is1
O42 - Logiciel: CloneDVD2 - (.Elaborate Bytes.) [HKLM] -- CloneDVD2
O42 - Logiciel: Coffret de pilotes Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- lvdrivers_12.10
O42 - Logiciel: Cool Beans NFO Creator 2.0.1.3 - (.Cool Beans Software.) [HKLM] -- Cool Beans NFO Creator_is1
O42 - Logiciel: Coral Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Coral Clock 3D Screensaver_is1
O42 - Logiciel: Creative PCI Audio Drivers - (.Pas de propriétaire.) [HKLM] -- SBPCIUnInstall
O42 - Logiciel: Crystal Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Crystal Fireplace 3D Screensaver_is1
O42 - Logiciel: Cuckoo Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Cuckoo Clock 3D Screensaver_is1
O42 - Logiciel: DVD Decoder Pak for Windows XP - (.roddy2000@hotbox.ru.) [HKLM] -- {92C5DB3D-9D6F-4324-BB11-57825F4C2635}
O42 - Logiciel: Deep Space 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Deep Space 3D Screensaver_is1
O42 - Logiciel: Desktop Trains Screensaver - (.Pas de propriétaire.) [HKLM] -- Desktop Trains Screensaver
O42 - Logiciel: Discovery 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Discovery 3D Screensaver_is1
O42 - Logiciel: Dutch Windmills 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Dutch Windmills 3D Screensaver_is1
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: Earth 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Earth 3D Screensaver_is1
O42 - Logiciel: Fantasy Moon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Fantasy Moon 3D Screensaver_is1
O42 - Logiciel: Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireplace 3D Screensaver_is1
O42 - Logiciel: Fireside Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireside Christmas 3D Screensaver_is1
O42 - Logiciel: Flag 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Flag 3D Screensaver_is1
O42 - Logiciel: Galleon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Galleon 3D Screensaver_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {2012D762-5DCA-455A-B5FE-EDF79BC93E18}
O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects
O42 - Logiciel: HP Smart Web Printing 4.5 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4}
O42 - Logiciel: Halloween 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Halloween 3D Screensaver_is1
O42 - Logiciel: Haunted House 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Haunted House 3D Screensaver_is1
O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM] -- KB915865
O42 - Logiciel: I-Doser v4 - (.Pas de propriétaire.) [HKCU] -- I-Doser v4
O42 - Logiciel: Ice Clock 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ice Clock 3D Screensaver_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018FF}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- {66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: KeyHoleTV - (.Pas de propriétaire.) [HKLM] -- KeyHoleTV
O42 - Logiciel: Koi Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Koi Fish 3D Screensaver_is1
O42 - Logiciel: Lagoon 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lagoon 3D Screensaver_is1
O42 - Logiciel: Lantern 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lantern 3D Screensaver_is1
O42 - Logiciel: Les Sims(TM) 3 - (.Electronic Arts.) [HKLM] -- {C05D8CDB-417D-4335-A38C-A0659EDFD6B8}
O42 - Logiciel: Lighthouse Point 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Lighthouse Point 3D Screensaver_is1
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser - (.Microsoft Corporation.) [HKLM] -- {AEB9948B-4FF2-47C9-990E-47014492A0FE}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mayan Waterfall 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mayan Waterfall 3D Screensaver_is1
O42 - Logiciel: Mechanical Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mechanical Clock 3D Screensaver_is1
O42 - Logiciel: MediaInfo 0.7.26 - (.MediaArea.net.) [HKLM] -- MediaInfo
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {B508B3F1-A24A-32C0-B310-85786919EF28}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {3F7924B9-D148-3141-87B1-68F36043A940}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {2BA00471-0328-3743-93BD-FA813353A783}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {511DF669-2930-30C0-8EB6-552887E29EC8}
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- {2FC099BD-AC9B-33EB-809C-D332E1B27C40}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] -- {5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Access database engine 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {90120000-00D1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack - fra
O42 - Logiciel: Monopolysson 2.0.3 beta 10 - (.Pas de propriétaire.) [HKLM] -- Monopolysson
O42 - Logiciel: Mozilla Firefox (3.5.6) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.5.6)
O42 - Logiciel: Music NFO Builder v1.20 - (.Pawel Piecuch.) [HKLM] -- Music NFO Builder_is1
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: Nature 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Nature 3D Screensaver_is1
O42 - Logiciel: Nautilus 3D Screensaver 1.2 - (.3Planesoft.) [HKLM] -- Nautilus 3D Screensaver_is1
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {235BBFC6-D863-4066-A01A-3BD504C31036}
O42 - Logiciel: Nullsoft Install System - (.Pas de propriétaire.) [HKLM] -- NSIS
O42 - Logiciel: Online TV Player 4 - (.Online TV Player.com.) [HKLM] -- Online TV Player 3_is1
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Booster - (.Pas de propriétaire.) [HKLM] -- {BA0601E1-B65C-11D5-80A9-0000B494D9A6}
O42 - Logiciel: PPStream V2.6.86.9024 Final - (.PPStream, Inc..) [HKLM] -- PPStream
O42 - Logiciel: PPTV V2.4.3.0019 - (.PPLive Corporation.) [HKLM] -- PPLive
O42 - Logiciel: PSP Video 9 5.03 - (.Red Kawa.) [HKLM] -- PSP Video 9
O42 - Logiciel: Package de pilotes Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) - (.Advanced Micro Devices, Inc..) [HKLM] -- 9722CA1E8F72F362E93CBEC75A707FDABFC8D880
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) - (.eMPIA Technology Inc,.) [HKLM] -- 69083DC58646DE46A09847A522A1CC487F918039
O42 - Logiciel: Pochette Express 2 - (.Pas de propriétaire.) [HKLM] -- Pochette Express 2
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}
O42 - Logiciel: Railroad Scenery - (.Pas de propriétaire.) [HKLM] -- Railroad Scenery
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SecondLife (remove only) - (.Pas de propriétaire.) [HKLM] -- SecondLife
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SereneScreen Marine Aquarium 2.6 - (.Prolific Publishing, Inc..) [HKLM] -- SereneScreen Marine Aquarium 2.6_is1
O42 - Logiciel: Sexy City 1.2.1 - (.Sasori.) [HKLM] -- {94C2E416-D784-44D6-A3B3-3E593D13338D}_is1
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: SopCast 3.2.9 - (.www.sopcast.com.) [HKLM] -- SopCast
O42 - Logiciel: Sound Blaster PCI Compact Drivers Online Help - (.Pas de propriétaire.) [HKLM] -- Sound Blaster PCI Compact Drivers Online Help
O42 - Logiciel: Spirit of Fire 3D Screensaver 2.4 - (.3Planesoft.) [HKLM] -- Spirit of Fire 3D Screensaver_is1
O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.) [HKLM] -- StreamTorrent 1.0
O42 - Logiciel: Superleague (remove only) - (.Pas de propriétaire.) [HKLM] -- Superleague
O42 - Logiciel: Sweethearts 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Sweethearts 3D Screensaver_is1
O42 - Logiciel: TMNT - (.Ubisoft.) [HKLM] -- {B3583D27-C12A-483E-98B8-235506F71502}
O42 - Logiciel: TVAnts 1.0 - (.Pas de propriétaire.) [HKLM] -- TVAnts 1.0
O42 - Logiciel: The Lost Watch 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The Lost Watch 3D Screensaver_is1
O42 - Logiciel: The One Ring 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The One Ring 3D Screensaver_is1
O42 - Logiciel: TomTom HOME 2.7.6.2056 - (.TomTom.) [HKLM] -- TomTom HOME
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Tropical Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Tropical Fish 3D Screensaver_is1
O42 - Logiciel: USB Video Driver - (.EETI.) [HKLM] -- {2758691A-2CDE-4942-A4AC-0E8F61FE2067}
O42 - Logiciel: UUSee ²¥·Å²å¼þ»ù'¡°ü 6.1.122.1 - (.UUSee company, Inc..) [HKLM] -- UUSEE_base
O42 - Logiciel: UUSee ÍøÂçµçÊÓ [5.10.125.2] - (.UUSee company, Inc..) [HKLM] -- UUSEE
O42 - Logiciel: Ulead DVD MovieFactory 5 Plus - (.Ulead Systems, Inc..) [HKLM] -- {FF164702-AF8B-4F2F-8038-74A4C536866B}
O42 - Logiciel: VRally3 - (.Pas de propriétaire.) [HKLM] -- VRally3_is1
O42 - Logiciel: Valentine 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Valentine 3D Screensaver_is1
O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
O42 - Logiciel: VideoLAN VLC media player 0.8.6d - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Voyage of Columbus 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Voyage of Columbus 3D Screensaver_is1
O42 - Logiciel: Water Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Water Clock 3D Screensaver_is1
O42 - Logiciel: Watermill 3D Screensaver 2.0 - (.3Planesoft.) [HKLM] -- Watermill 3D Screensaver_is1
O42 - Logiciel: Western Railway 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Western Railway 3D Screensaver_is1
O42 - Logiciel: WinZip 14.0 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Pas de propriétaire.) [HKLM] -- Windows Media Encoder 9
O42 - Logiciel: Winter Train 1.2.0 - (.3DSignal.) [HKLM] -- Winter Train_is1
O42 - Logiciel: XBMC Media Center - (.Team XBMC.) [HKCU] -- XBMC
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XXXTYCOON - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1
O42 - Logiciel: Zodiac Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Zodiac Clock 3D Screensaver_is1
O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2K Sports]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASIO]
[HKCU\Software\ATI]
[HKCU\Software\AddressBar]
[HKCU\Software\Adobe]
[HKCU\Software\Anders und Seim Neue Medien AG]
[HKCU\Software\Big Fish Games]
[HKCU\Software\CDDB]
[HKCU\Software\Classes.crx]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\Desktop Trains Screensaver]
[HKCU\Software\Elaborate Bytes]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Fox Interactive]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JavaSoft]
[HKCU\Software\KC Softwares]
[HKCU\Software\KasperskyLab]
[HKCU\Software\KeyHoleTV]
[HKCU\Software\KillBox]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mobileleader]
[HKCU\Software\Moonlight Cordless]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\NirSoft]
[HKCU\Software\OnlineTVPlayer]
[HKCU\Software\Outsim]
[HKCU\Software\PPLiveVA]
[HKCU\Software\PPLive]
[HKCU\Software\PPStream]
[HKCU\Software\Peer2Me]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\Screensaver Factory]
[HKCU\Software\SecuROM]
[HKCU\Software\SereneScreen]
[HKCU\Software\SlySoft]
[HKCU\Software\Superleague]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVANTS]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\Ulead]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veetle]
[HKCU\Software\WS4002]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Winamp]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ahead]
[HKCU\Software\fwc]
[HKCU\Software\sect memo proc]
[HKLM\Software\3Planesoft]
[HKLM\Software\3dsignal]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Act-3D]
[HKLM\Software\AddressBar]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Big Fish Games]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\Creative Tech]
[HKLM\Software\DT Soft]
[HKLM\Software\Debug]
[HKLM\Software\EA GAMES]
[HKLM\Software\EETI]
[HKLM\Software\Elaborate Bytes]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ILLUSION]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Lexmark]
[HKLM\Software\Licenses]
[HKLM\Software\Linden Research, Inc.]
[HKLM\Software\LogiShrd]
[HKLM\Software\Logitech]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\MediaArea.net]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OnlineTVPlayer]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Panda Software]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\QATestSystem]
[HKLM\Software\RedKawa]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\Schlumberger]
[HKLM\Software\ScreenSaver.com]
[HKLM\Software\Secure]
[HKLM\Software\SereneScreen]
[HKLM\Software\Sims]
[HKLM\Software\Skype]
[HKLM\Software\SlySoft]
[HKLM\Software\Soeperman Enterprises Ltd.]
[HKLM\Software\Swearware]
[HKLM\Software\Sys Modules]
[HKLM\Software\TENCENT]
[HKLM\Software\TomTom]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triodesign]
[HKLM\Software\UUSeeUpdate]
[HKLM\Software\Ubisoft]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Veetle]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\ZSMC]
[HKLM\Software\fwc]
[HKLM\Software\inKline Global]
[HKLM\Software\mozilla.org]
[HKLM\Software\rising]
[HKLM\Software\uusee]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\3Planesoft Screensaver Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory RS--D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\CREATIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Enigma Software Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\List_Kill'em
O43 - CFD:Common File Directory ----D- C:\Program Files\MarkAny
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla ActiveX Control v1.7.12
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NSIS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Panda Security
O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD:Common File Directory ----D- C:\Program Files\Pochette Express 2
O43 - CFD:Common File Directory ----D- C:\Program Files\PPLive
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\USB TV
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2010 - 19:25:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:25:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:25:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 23/09/2010 - 19:25:40 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:24:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32588]
O44 - LFC:[MD5.0F15E486F3E41378C7CA90C2C317AF06] - 23/09/2010 - 19:24:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [17326]
O44 - LFC:[MD5.0E219B74E2C68A34CA09D8FE114F6D11] - 23/09/2010 - 19:21:09 -SH-- . (.deepxw - Windows Tcpip.sys Patcher.) -- C:\WINDOWS\System32\drivers\sysdrv32.sys [11656]
O44 - LFC:[MD5.499DB2D9BFFB951857A39B3B66DD0E47] - 22/09/2010 - 20:54:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ntbtlog.txt [544490]
O44 - LFC:[MD5.94D19F5B3CFA8BEEB416456CCFB09BBD] - 22/09/2010 - 19:46:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\AUTOEXEC.BAT [4]
O44 - LFC:[MD5.6A99E383EA7AE9DE712F7C516A0FE6D7] - 22/09/2010 - 19:43:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupact.log [360]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/09/2010 - 10:08:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setuperr.log [0]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 22/09/2010 - 07:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.0B7086B6121AC11C869E39B4CC858277] - 22/09/2010 - 07:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [542]
O44 - LFC:[MD5.45768F4FA15040EE1A08919E0FA049CE] - 22/09/2010 - 07:22:07 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [328]
O44 - LFC:[MD5.0C979BFA7640041E15A10825CCCBA3E1] - 20/09/2010 - 19:50:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\List'em.txt [32610]
O44 - LFC:[MD5.1A8957AEE542572447C3D24682BC43FD] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1096090]
O44 - LFC:[MD5.7682945A15FF6B204F9B4A063C6EFE34] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [67560]
O44 - LFC:[MD5.C1CD1E504BF8AD35626A3F53DCFE37D5] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [80800]
O44 - LFC:[MD5.522EF3DCB3500960A7260ED9C3C6B524] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [432856]
O44 - LFC:[MD5.551031578346984BADF97AF71BF9DEC1] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [500894]
O44 - LFC:[MD5.4E333AE05076A93A57E034B857C6915B] - 19/09/2010 - 18:42:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\drwtsn32.log [32062]
O44 - LFC:[MD5.0CC3DD467901DE5420361734D655607A] - 19/09/2010 - 18:09:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [33166]
O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 19/09/2010 - 17:56:49 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488]
O44 - LFC:[MD5.E52D0F3B96C88B3E1C213E6C2BF755F8] - 19/09/2010 - 17:53:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.C1B66093F808AFFDAF70FACA8DBBE6C3] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312]
O44 - LFC:[MD5.8063A266628063BC54B4F76EFE5A9F01] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.23DE4D7733024A636F94D126DC5AC5ED] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.1C9136B863B855A25F05392230DD4838] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.601F068D38E3A2BFA9A3AF5808AE84C1] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.1A89A3752E366D49D1222291923F7413] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.BFEF28EA9B5D1A479FAA9EFE0445DA43] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.BE22ACE8E527D766701E01AE2BF5227B] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.644957A9D838B21432B2A238A2E54B24] - 19/09/2010 - 16:24:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [341]
O44 - LFC:[MD5.B4FD5767AFBD47CEC757DAE8C7CC55E3] - 19/09/2010 - 14:55:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\VundoFix.txt [237]
O44 - LFC:[MD5.8E78BFD2B55A47388636424DD8EFA64B] - 19/09/2010 - 13:37:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ice Clock.log [6543]
O44 - LFC:[MD5.E4C0E8CE4D0524CB2371F84FDB2F818B] - 19/09/2010 - 13:09:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Valentine.log [6517]
O44 - LFC:[MD5.D2197177AD57FE1E8677B25AACD9541F] - 19/09/2010 - 13:06:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mayan Waterfall.log [7332]
O44 - LFC:[MD5.7C69F00CB5A4B623B29979F70E6C747C] - 19/09/2010 - 12:43:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Water Clock.log [11418]
O44 - LFC:[MD5.FE019DD130FDE95FCE3204D405B7B918] - 19/09/2010 - 12:20:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas Bells.log [7231]
O44 - LFC:[MD5.194F2AB7B11A6BE9F0EB6FB684993B46] - 19/09/2010 - 12:18:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Zodiac Clock.log [6219]
O44 - LFC:[MD5.4ABBBCD1E1161275E5EFDFE815D9D6C3] - 19/09/2010 - 12:16:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Haunted House.log [7813]
O44 - LFC:[MD5.A6612A04B3F3DD23AE2A769EB2256E23] - 19/09/2010 - 12:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lighthouse Point.log [8429]
O44 - LFC:[MD5.F291359BD3464F4A49D11954C9C53E61] - 19/09/2010 - 11:52:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Crystal Fireplace.log [7260]
O44 - LFC:[MD5.DD4B9C83F13317937D14CB2B1D1491D9] - 19/09/2010 - 11:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The Lost Watch.log [6283]
O44 - LFC:[MD5.D967022EE9D99C2646F2867DA221CAD1] - 19/09/2010 - 11:37:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Galleon.log [7876]
O44 - LFC:[MD5.D89F0CE29BE829DE812855C4F6370B20] - 19/09/2010 - 10:41:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [10701]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 18/09/2010 - 20:02:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 19:35:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\dump_dvd.vob [0]
O44 - LFC:[MD5.E38D1476B1B12926AB7CE2390F8B4A42] - 18/09/2010 - 18:13:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Voyage of Columbus.log [6756]
O44 - LFC:[MD5.033B7D18406A73A3B36F522BEA73CF9C] - 18/09/2010 - 17:47:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireside Christmas.log [7167]
O44 - LFC:[MD5.2B9D1FB0699C474424B364230A0EDD8D] - 18/09/2010 - 17:44:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Halloween.log [7284]
O44 - LFC:[MD5.39AC36DE9555C8D53F0F8CFC1837F1DA] - 18/09/2010 - 17:38:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lantern.log [6505]
O44 - LFC:[MD5.2C40387CAF646E1D00EA3AC0E983AA3A] - 18/09/2010 - 17:26:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Koi Fish.log [8174]
O44 - LFC:[MD5.8C79F3F095D6BFC92205CD00657F17CA] - 18/09/2010 - 17:17:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mechanical Clock.log [6390]
O44 - LFC:[MD5.ADEB085383CA8C49CFFBAA4F3A90EDAA] - 18/09/2010 - 17:06:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Sweethearts.log [6432]
O44 - LFC:[MD5.234030FAF6BAE2FACDBA6B8B9A5D193F] - 18/09/2010 - 17:04:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nautilus.log [7786]
O44 - LFC:[MD5.77BE77E9A3CDEEB11BA80B79411490B1] - 18/09/2010 - 16:56:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Earth 3D Screensaver.log [5729]
O44 - LFC:[MD5.295E5BE32F16AE396F3B3C4AAD5928C4] - 18/09/2010 - 16:52:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Western Railway.log [8103]
O44 - LFC:[MD5.206148E66982AEB758826ADE9215CBDE] - 18/09/2010 - 16:50:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fantasy Moon.log [7130]
O44 - LFC:[MD5.91B949A0BEF5543376BAF3C13B411D43] - 18/09/2010 - 16:48:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Watermill.log [8963]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212]
O44 - LFC:[MD5.6AB1F1F4DC1C8973123C74E71CFEFE54] - 18/09/2010 - 07:32:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.BD6618E227186EDEE49C96DB7E178229] - 17/09/2010 - 20:31:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireplace.log [8126]
O44 - LFC:[MD5.9764D427A82FA39D7D2D68F6592BBE79] - 17/09/2010 - 20:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lagoon.log [7527]
O44 - LFC:[MD5.322FDD742B3A532E6BCEFB6FA855D656] - 17/09/2010 - 19:11:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Deep Space.log [6678]
O44 - LFC:[MD5.622971A588B12438FF28378E6A3D1561] - 17/09/2010 - 19:04:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Dutch Windmills.log [56849]
O44 - LFC:[MD5.08770A6C1EAE36595B56EF49086AB0DE] - 17/09/2010 - 06:24:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The One Ring.log [6403]
O44 - LFC:[MD5.8F3441BB9DC57A51ABAE7779323BFE4F] - 16/09/2010 - 22:08:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas.log [6771]
O44 - LFC:[MD5.2BDD28CE36F7311991C68DFBF1C4D07D] - 16/09/2010 - 22:02:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Discovery.log [6754]
O44 - LFC:[MD5.174C55F021BFC3B98AF3FAEFACEDECA5] - 16/09/2010 - 21:45:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Spirit of Fire.log [7179]
O44 - LFC:[MD5.1691D0EC20BB8735B29F62DB31211DED] - 16/09/2010 - 21:35:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ancient Castle.log [7907]
O44 - LFC:[MD5.A35AB37E4CB1FD4112F94CC9FD0803A6] - 16/09/2010 - 19:17:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nature.log [8582]
O44 - LFC:[MD5.68A4556C1525497A7F70AB6E9C7A92FE] - 16/09/2010 - 19:03:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Flag.log [6175]
O44 - LFC:[MD5.82B0A7398F3CEBE98B14803456644BB2] - 16/09/2010 - 18:56:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Tropical Fish.log [6085]
O44 - LFC:[MD5.A2F56B60BFA98A91632B4B3DA86FC17B] - 16/09/2010 - 11:27:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Clock Tower.log [6941]
O44 - LFC:[MD5.B76472212307EC44CC502531437A25D5] - 16/09/2010 - 11:20:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Coral Clock.log [1312257]
O44 - LFC:[MD5.232E354E837E2E0FF133BACF5B8A4737] - 16/09/2010 - 11:06:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Cuckoo Clock.log [8012]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 15/09/2010 - 07:56:47 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 15/09/2010 - 07:56:46 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.E1E7BA29E54B2D4B19F35BE18C752D4D] - 12/09/2010 - 22:30:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [199344]
O44 - LFC:[MD5.AAF3FE95D6415DBF781F663520AD3ED2] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac Clock 3D Screensaver.exe [6501376]
O44 - LFC:[MD5.D97F1A4CE67850F85FE5FB05E2BD9BA7] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac_Clock_3D_Screensaver.scr [842240]
O44 - LFC:[MD5.040A62B1C916EF01A405F1560E533D04] - 12/09/2010 - 10:49:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Water Clock 3D Screensaver.html [7286]
O44 - LFC:[MD5.6887317AF9DC7443381E5717CB407938] - 12/09/2010 - 10:49:12 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water Clock 3D Screensaver.exe [8700416]
O44 - LFC:[MD5.9787EF94E763F29116032FBEE403C972] - 12/09/2010 - 10:49:11 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water_Clock_3D_Screensaver.scr [780288]
O44 - LFC:[MD5.41AC020A0DB376D586CCDC20C7C703AC] - 12/09/2010 - 10:48:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Valentine 3D Screensaver.html [7311]
O44 - LFC:[MD5.88CE65AF30308CFD56AD0D2E0A7FED12] - 12/09/2010 - 10:48:31 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine 3D Screensaver.exe [5868544]
O44 - LFC:[MD5.47E990C48D7A5A794234B6EE9E4ED2AE] - 12/09/2010 - 10:48:30 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine_3D_Screensaver.scr [770048]
O44 - LFC:[MD5.BECC479A5D11EDFF0F895FFAEA752E84] - 12/09/2010 - 10:47:47 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts_3D_Screensaver.scr [1925632]
O44 - LFC:[MD5.665E3A401BF9720A678CA73CA20F06E8] - 12/09/2010 - 10:47:46 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\S
Run by Fazer at 23/09/2010 20:27:17
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.5.6)
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 2 Stepping 4, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1535 MB (75% free)
System drive C: has 6 GB (31%) free of 20 GB
---\\ Logged in mode
Computer Name: A6-EB2A2A32C321
User Name: Fazer
All Users Names: SUPPORT_388945a0, HelpAssistant, Fazer, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 20 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 45 Go of 279 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 101 Go of 170 Go)
G:\ CD-ROM drive (Free 0 Go of 4 Go)
H:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232]
[MD5.FBAA7A56D573BE55A65AD5B8C17ECA03] - (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144]
[MD5.77AC10DB097DFD0CD3071465B644D0AB] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- F:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [154136]
[MD5.C0AEFA4A63CBCB1D3B2383760D1FFFB9] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system\csrss.exe [53760]
[MD5.747E60B773E95F6C93D5621B550D6865] - (.TomTom - Windows Service for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]
[MD5.B299B3A58FAAE7261A64718648E28050] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [57344]
[MD5.90EA8ED3922D9348649BB3B562AC49AC] - (.Nicolas Coolman - Diagnostic Tool.) -- F:\Program Files\ZHPDiag\ZHPDiag.exe [566784]
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\firefox@tvunetworks.com] [] TVU Web Player 2,5,3,1 (..)
M2 - MFEP: prefs.js [Fazer - yimmbuko.default\redbullsboom@redbull.newyork.mlsnet.com] [] New York Red Bulls Boom 2,5,3,1 (.Brand Thunder.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@canalplus.fr/Assistants VOD,version=1.0.0.0] - (.Canal+ Active - npCpVod.) -- F:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pages.tvunetworks.com/WebPlayer] - (.TVU networks - 2,5,3,1.) -- C:\WINDOWS\system32\TVUAx\npTVUAx.dll
P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\VLCBroadcast\npvbp.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- F:\Program Files\Veetle\Player\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.0.3] - (.the VideoLAN Team - Version 1.0.3, copyright 1996-2009 The VideoLAN Team<br><a href="http:.) -- F:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Fazer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16640 (vista_gdr.080213-1606)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [netmon] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system\services.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-362288127-1177238915-1003\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter à l'Anti-bannière . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\uusee\geturltodown.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kbrd.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (.Pas de propriétaire - Pas de description.) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{01521EF9-04F1-456E-908E-7D382D1C6C4B}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Network Connections to Manage (NrConnmags) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system\csrss.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-362288127-1177238915-1003UA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- F:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player 11 - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys
O41 - Driver: Kl2 (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\WINDOWS\system32\drivers\kl2.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
O42 - Logiciel: 3Planesoft Screensaver Manager 1.4 - (.3Planesoft.) [HKLM] -- 3Planesoft Screensaver Manager_is1
O42 - Logiciel: ABC (remove only) - (.Pas de propriétaire.) [HKLM] -- ABC
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop Elements - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop Elements 1.0
O42 - Logiciel: Adobe SVG Viewer - (.Adobe Systems, Inc..) [HKLM] -- Adobe SVG Viewer
O42 - Logiciel: Ancient Castle 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ancient Castle 3D Screensaver_is1
O42 - Logiciel: AnyDVD - (.SlySoft.) [HKLM] -- AnyDVD
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: CANAL+ CANALSAT A LA DEMANDE - (.CanalPlus.) [HKLM] -- {04DA096D-6236-4A5D-8FB6-3081E67009BA}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA}
O42 - Logiciel: Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas 3D Screensaver_is1
O42 - Logiciel: Christmas Bells 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Christmas Bells 3D Screensaver_is1
O42 - Logiciel: Clock Tower 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Clock Tower 3D Screensaver_is1
O42 - Logiciel: CloneDVD2 - (.Elaborate Bytes.) [HKLM] -- CloneDVD2
O42 - Logiciel: Coffret de pilotes Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- lvdrivers_12.10
O42 - Logiciel: Cool Beans NFO Creator 2.0.1.3 - (.Cool Beans Software.) [HKLM] -- Cool Beans NFO Creator_is1
O42 - Logiciel: Coral Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Coral Clock 3D Screensaver_is1
O42 - Logiciel: Creative PCI Audio Drivers - (.Pas de propriétaire.) [HKLM] -- SBPCIUnInstall
O42 - Logiciel: Crystal Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Crystal Fireplace 3D Screensaver_is1
O42 - Logiciel: Cuckoo Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Cuckoo Clock 3D Screensaver_is1
O42 - Logiciel: DVD Decoder Pak for Windows XP - (.roddy2000@hotbox.ru.) [HKLM] -- {92C5DB3D-9D6F-4324-BB11-57825F4C2635}
O42 - Logiciel: Deep Space 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Deep Space 3D Screensaver_is1
O42 - Logiciel: Desktop Trains Screensaver - (.Pas de propriétaire.) [HKLM] -- Desktop Trains Screensaver
O42 - Logiciel: Discovery 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Discovery 3D Screensaver_is1
O42 - Logiciel: Dutch Windmills 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Dutch Windmills 3D Screensaver_is1
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: Earth 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Earth 3D Screensaver_is1
O42 - Logiciel: Fantasy Moon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Fantasy Moon 3D Screensaver_is1
O42 - Logiciel: Fireplace 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireplace 3D Screensaver_is1
O42 - Logiciel: Fireside Christmas 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Fireside Christmas 3D Screensaver_is1
O42 - Logiciel: Flag 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Flag 3D Screensaver_is1
O42 - Logiciel: Galleon 3D Screensaver 1.3 - (.3Planesoft.) [HKLM] -- Galleon 3D Screensaver_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {2012D762-5DCA-455A-B5FE-EDF79BC93E18}
O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects
O42 - Logiciel: HP Smart Web Printing 4.5 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4}
O42 - Logiciel: Halloween 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Halloween 3D Screensaver_is1
O42 - Logiciel: Haunted House 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Haunted House 3D Screensaver_is1
O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM] -- KB915865
O42 - Logiciel: I-Doser v4 - (.Pas de propriétaire.) [HKCU] -- I-Doser v4
O42 - Logiciel: Ice Clock 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Ice Clock 3D Screensaver_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018FF}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: Kaspersky Internet Security 2011 - (.Kaspersky Lab.) [HKLM] -- {66F1F013-008F-4875-B283-5A814B820347}
O42 - Logiciel: KeyHoleTV - (.Pas de propriétaire.) [HKLM] -- KeyHoleTV
O42 - Logiciel: Koi Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Koi Fish 3D Screensaver_is1
O42 - Logiciel: Lagoon 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lagoon 3D Screensaver_is1
O42 - Logiciel: Lantern 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Lantern 3D Screensaver_is1
O42 - Logiciel: Les Sims(TM) 3 - (.Electronic Arts.) [HKLM] -- {C05D8CDB-417D-4335-A38C-A0659EDFD6B8}
O42 - Logiciel: Lighthouse Point 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Lighthouse Point 3D Screensaver_is1
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser - (.Microsoft Corporation.) [HKLM] -- {AEB9948B-4FF2-47C9-990E-47014492A0FE}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mayan Waterfall 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mayan Waterfall 3D Screensaver_is1
O42 - Logiciel: Mechanical Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Mechanical Clock 3D Screensaver_is1
O42 - Logiciel: MediaInfo 0.7.26 - (.MediaArea.net.) [HKLM] -- MediaInfo
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {B508B3F1-A24A-32C0-B310-85786919EF28}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {3F7924B9-D148-3141-87B1-68F36043A940}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 - (.Microsoft Corporation.) [HKLM] -- {2BA00471-0328-3743-93BD-FA813353A783}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {511DF669-2930-30C0-8EB6-552887E29EC8}
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5
O42 - Logiciel: Microsoft .NET Framework 3.5 - (.Microsoft Corporation.) [HKLM] -- {2FC099BD-AC9B-33EB-809C-D332E1B27C40}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] -- {5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Access database engine 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {90120000-00D1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack - fra
O42 - Logiciel: Monopolysson 2.0.3 beta 10 - (.Pas de propriétaire.) [HKLM] -- Monopolysson
O42 - Logiciel: Mozilla Firefox (3.5.6) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.5.6)
O42 - Logiciel: Music NFO Builder v1.20 - (.Pawel Piecuch.) [HKLM] -- Music NFO Builder_is1
O42 - Logiciel: My 3D Christmas Tree Full Screen Saver - (.Freeze.com, LLC.) [HKLM] -- My 3D Christmas Tree Full Screen Saver
O42 - Logiciel: Nature 3D Screensaver 1.1 - (.3Planesoft.) [HKLM] -- Nature 3D Screensaver_is1
O42 - Logiciel: Nautilus 3D Screensaver 1.2 - (.3Planesoft.) [HKLM] -- Nautilus 3D Screensaver_is1
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {235BBFC6-D863-4066-A01A-3BD504C31036}
O42 - Logiciel: Nullsoft Install System - (.Pas de propriétaire.) [HKLM] -- NSIS
O42 - Logiciel: Online TV Player 4 - (.Online TV Player.com.) [HKLM] -- Online TV Player 3_is1
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Booster - (.Pas de propriétaire.) [HKLM] -- {BA0601E1-B65C-11D5-80A9-0000B494D9A6}
O42 - Logiciel: PPStream V2.6.86.9024 Final - (.PPStream, Inc..) [HKLM] -- PPStream
O42 - Logiciel: PPTV V2.4.3.0019 - (.PPLive Corporation.) [HKLM] -- PPLive
O42 - Logiciel: PSP Video 9 5.03 - (.Red Kawa.) [HKLM] -- PSP Video 9
O42 - Logiciel: Package de pilotes Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) - (.Advanced Micro Devices, Inc..) [HKLM] -- 9722CA1E8F72F362E93CBEC75A707FDABFC8D880
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) - (.eMPIA Technology Inc,.) [HKLM] -- 69083DC58646DE46A09847A522A1CC487F918039
O42 - Logiciel: Pochette Express 2 - (.Pas de propriétaire.) [HKLM] -- Pochette Express 2
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}
O42 - Logiciel: Railroad Scenery - (.Pas de propriétaire.) [HKLM] -- Railroad Scenery
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SecondLife (remove only) - (.Pas de propriétaire.) [HKLM] -- SecondLife
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SereneScreen Marine Aquarium 2.6 - (.Prolific Publishing, Inc..) [HKLM] -- SereneScreen Marine Aquarium 2.6_is1
O42 - Logiciel: Sexy City 1.2.1 - (.Sasori.) [HKLM] -- {94C2E416-D784-44D6-A3B3-3E593D13338D}_is1
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: SopCast 3.2.9 - (.www.sopcast.com.) [HKLM] -- SopCast
O42 - Logiciel: Sound Blaster PCI Compact Drivers Online Help - (.Pas de propriétaire.) [HKLM] -- Sound Blaster PCI Compact Drivers Online Help
O42 - Logiciel: Spirit of Fire 3D Screensaver 2.4 - (.3Planesoft.) [HKLM] -- Spirit of Fire 3D Screensaver_is1
O42 - Logiciel: StreamTorrent 1.0 - (.Pas de propriétaire.) [HKLM] -- StreamTorrent 1.0
O42 - Logiciel: Superleague (remove only) - (.Pas de propriétaire.) [HKLM] -- Superleague
O42 - Logiciel: Sweethearts 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Sweethearts 3D Screensaver_is1
O42 - Logiciel: TMNT - (.Ubisoft.) [HKLM] -- {B3583D27-C12A-483E-98B8-235506F71502}
O42 - Logiciel: TVAnts 1.0 - (.Pas de propriétaire.) [HKLM] -- TVAnts 1.0
O42 - Logiciel: The Lost Watch 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The Lost Watch 3D Screensaver_is1
O42 - Logiciel: The One Ring 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- The One Ring 3D Screensaver_is1
O42 - Logiciel: TomTom HOME 2.7.6.2056 - (.TomTom.) [HKLM] -- TomTom HOME
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Tropical Fish 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Tropical Fish 3D Screensaver_is1
O42 - Logiciel: USB Video Driver - (.EETI.) [HKLM] -- {2758691A-2CDE-4942-A4AC-0E8F61FE2067}
O42 - Logiciel: UUSee ²¥·Å²å¼þ»ù'¡°ü 6.1.122.1 - (.UUSee company, Inc..) [HKLM] -- UUSEE_base
O42 - Logiciel: UUSee ÍøÂçµçÊÓ [5.10.125.2] - (.UUSee company, Inc..) [HKLM] -- UUSEE
O42 - Logiciel: Ulead DVD MovieFactory 5 Plus - (.Ulead Systems, Inc..) [HKLM] -- {FF164702-AF8B-4F2F-8038-74A4C536866B}
O42 - Logiciel: VRally3 - (.Pas de propriétaire.) [HKLM] -- VRally3_is1
O42 - Logiciel: Valentine 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Valentine 3D Screensaver_is1
O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
O42 - Logiciel: VideoLAN VLC media player 0.8.6d - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Voyage of Columbus 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Voyage of Columbus 3D Screensaver_is1
O42 - Logiciel: Water Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Water Clock 3D Screensaver_is1
O42 - Logiciel: Watermill 3D Screensaver 2.0 - (.3Planesoft.) [HKLM] -- Watermill 3D Screensaver_is1
O42 - Logiciel: Western Railway 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Western Railway 3D Screensaver_is1
O42 - Logiciel: WinZip 14.0 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Windows Media Encoder 9 Series - (.Pas de propriétaire.) [HKLM] -- Windows Media Encoder 9
O42 - Logiciel: Winter Train 1.2.0 - (.3DSignal.) [HKLM] -- Winter Train_is1
O42 - Logiciel: XBMC Media Center - (.Team XBMC.) [HKCU] -- XBMC
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: XXXTYCOON - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1
O42 - Logiciel: Zodiac Clock 3D Screensaver 1.0 - (.3Planesoft.) [HKLM] -- Zodiac Clock 3D Screensaver_is1
O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2K Sports]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASIO]
[HKCU\Software\ATI]
[HKCU\Software\AddressBar]
[HKCU\Software\Adobe]
[HKCU\Software\Anders und Seim Neue Medien AG]
[HKCU\Software\Big Fish Games]
[HKCU\Software\CDDB]
[HKCU\Software\Classes.crx]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\Desktop Trains Screensaver]
[HKCU\Software\Elaborate Bytes]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Fox Interactive]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JavaSoft]
[HKCU\Software\KC Softwares]
[HKCU\Software\KasperskyLab]
[HKCU\Software\KeyHoleTV]
[HKCU\Software\KillBox]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mobileleader]
[HKCU\Software\Moonlight Cordless]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\NirSoft]
[HKCU\Software\OnlineTVPlayer]
[HKCU\Software\Outsim]
[HKCU\Software\PPLiveVA]
[HKCU\Software\PPLive]
[HKCU\Software\PPStream]
[HKCU\Software\Peer2Me]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\Screensaver Factory]
[HKCU\Software\SecuROM]
[HKCU\Software\SereneScreen]
[HKCU\Software\SlySoft]
[HKCU\Software\Superleague]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVANTS]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\Ulead]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veetle]
[HKCU\Software\WS4002]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Winamp]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ahead]
[HKCU\Software\fwc]
[HKCU\Software\sect memo proc]
[HKLM\Software\3Planesoft]
[HKLM\Software\3dsignal]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Act-3D]
[HKLM\Software\AddressBar]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Big Fish Games]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\Creative Tech]
[HKLM\Software\DT Soft]
[HKLM\Software\Debug]
[HKLM\Software\EA GAMES]
[HKLM\Software\EETI]
[HKLM\Software\Elaborate Bytes]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ILLUSION]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Lexmark]
[HKLM\Software\Licenses]
[HKLM\Software\Linden Research, Inc.]
[HKLM\Software\LogiShrd]
[HKLM\Software\Logitech]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\MediaArea.net]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OnlineTVPlayer]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Panda Software]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\QATestSystem]
[HKLM\Software\RedKawa]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Samsung]
[HKLM\Software\Schlumberger]
[HKLM\Software\ScreenSaver.com]
[HKLM\Software\Secure]
[HKLM\Software\SereneScreen]
[HKLM\Software\Sims]
[HKLM\Software\Skype]
[HKLM\Software\SlySoft]
[HKLM\Software\Soeperman Enterprises Ltd.]
[HKLM\Software\Swearware]
[HKLM\Software\Sys Modules]
[HKLM\Software\TENCENT]
[HKLM\Software\TomTom]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triodesign]
[HKLM\Software\UUSeeUpdate]
[HKLM\Software\Ubisoft]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Veetle]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\ZSMC]
[HKLM\Software\fwc]
[HKLM\Software\inKline Global]
[HKLM\Software\mozilla.org]
[HKLM\Software\rising]
[HKLM\Software\uusee]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\3Planesoft Screensaver Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory RS--D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\CREATIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Enigma Software Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\List_Kill'em
O43 - CFD:Common File Directory ----D- C:\Program Files\MarkAny
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla ActiveX Control v1.7.12
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NSIS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Panda Security
O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD:Common File Directory ----D- C:\Program Files\Pochette Express 2
O43 - CFD:Common File Directory ----D- C:\Program Files\PPLive
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\USB TV
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/09/2010 - 19:25:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:25:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:25:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 23/09/2010 - 19:25:40 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 23/09/2010 - 19:24:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32588]
O44 - LFC:[MD5.0F15E486F3E41378C7CA90C2C317AF06] - 23/09/2010 - 19:24:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [17326]
O44 - LFC:[MD5.0E219B74E2C68A34CA09D8FE114F6D11] - 23/09/2010 - 19:21:09 -SH-- . (.deepxw - Windows Tcpip.sys Patcher.) -- C:\WINDOWS\System32\drivers\sysdrv32.sys [11656]
O44 - LFC:[MD5.499DB2D9BFFB951857A39B3B66DD0E47] - 22/09/2010 - 20:54:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ntbtlog.txt [544490]
O44 - LFC:[MD5.94D19F5B3CFA8BEEB416456CCFB09BBD] - 22/09/2010 - 19:46:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\AUTOEXEC.BAT [4]
O44 - LFC:[MD5.6A99E383EA7AE9DE712F7C516A0FE6D7] - 22/09/2010 - 19:43:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupact.log [360]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/09/2010 - 10:08:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setuperr.log [0]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 22/09/2010 - 07:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.0B7086B6121AC11C869E39B4CC858277] - 22/09/2010 - 07:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [542]
O44 - LFC:[MD5.45768F4FA15040EE1A08919E0FA049CE] - 22/09/2010 - 07:22:07 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [328]
O44 - LFC:[MD5.0C979BFA7640041E15A10825CCCBA3E1] - 20/09/2010 - 19:50:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\List'em.txt [32610]
O44 - LFC:[MD5.1A8957AEE542572447C3D24682BC43FD] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1096090]
O44 - LFC:[MD5.7682945A15FF6B204F9B4A063C6EFE34] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [67560]
O44 - LFC:[MD5.C1CD1E504BF8AD35626A3F53DCFE37D5] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [80800]
O44 - LFC:[MD5.522EF3DCB3500960A7260ED9C3C6B524] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [432856]
O44 - LFC:[MD5.551031578346984BADF97AF71BF9DEC1] - 20/09/2010 - 06:53:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [500894]
O44 - LFC:[MD5.4E333AE05076A93A57E034B857C6915B] - 19/09/2010 - 18:42:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\drwtsn32.log [32062]
O44 - LFC:[MD5.0CC3DD467901DE5420361734D655607A] - 19/09/2010 - 18:09:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [33166]
O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 19/09/2010 - 17:56:49 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488]
O44 - LFC:[MD5.E52D0F3B96C88B3E1C213E6C2BF755F8] - 19/09/2010 - 17:53:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.C1B66093F808AFFDAF70FACA8DBBE6C3] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312]
O44 - LFC:[MD5.8063A266628063BC54B4F76EFE5A9F01] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.23DE4D7733024A636F94D126DC5AC5ED] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.1C9136B863B855A25F05392230DD4838] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.601F068D38E3A2BFA9A3AF5808AE84C1] - 19/09/2010 - 17:53:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.1A89A3752E366D49D1222291923F7413] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.BFEF28EA9B5D1A479FAA9EFE0445DA43] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.BE22ACE8E527D766701E01AE2BF5227B] - 19/09/2010 - 17:53:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.644957A9D838B21432B2A238A2E54B24] - 19/09/2010 - 16:24:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log [341]
O44 - LFC:[MD5.B4FD5767AFBD47CEC757DAE8C7CC55E3] - 19/09/2010 - 14:55:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\VundoFix.txt [237]
O44 - LFC:[MD5.8E78BFD2B55A47388636424DD8EFA64B] - 19/09/2010 - 13:37:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ice Clock.log [6543]
O44 - LFC:[MD5.E4C0E8CE4D0524CB2371F84FDB2F818B] - 19/09/2010 - 13:09:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Valentine.log [6517]
O44 - LFC:[MD5.D2197177AD57FE1E8677B25AACD9541F] - 19/09/2010 - 13:06:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mayan Waterfall.log [7332]
O44 - LFC:[MD5.7C69F00CB5A4B623B29979F70E6C747C] - 19/09/2010 - 12:43:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Water Clock.log [11418]
O44 - LFC:[MD5.FE019DD130FDE95FCE3204D405B7B918] - 19/09/2010 - 12:20:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas Bells.log [7231]
O44 - LFC:[MD5.194F2AB7B11A6BE9F0EB6FB684993B46] - 19/09/2010 - 12:18:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Zodiac Clock.log [6219]
O44 - LFC:[MD5.4ABBBCD1E1161275E5EFDFE815D9D6C3] - 19/09/2010 - 12:16:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Haunted House.log [7813]
O44 - LFC:[MD5.A6612A04B3F3DD23AE2A769EB2256E23] - 19/09/2010 - 12:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lighthouse Point.log [8429]
O44 - LFC:[MD5.F291359BD3464F4A49D11954C9C53E61] - 19/09/2010 - 11:52:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Crystal Fireplace.log [7260]
O44 - LFC:[MD5.DD4B9C83F13317937D14CB2B1D1491D9] - 19/09/2010 - 11:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The Lost Watch.log [6283]
O44 - LFC:[MD5.D967022EE9D99C2646F2867DA221CAD1] - 19/09/2010 - 11:37:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Galleon.log [7876]
O44 - LFC:[MD5.D89F0CE29BE829DE812855C4F6370B20] - 19/09/2010 - 10:41:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [10701]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 18/09/2010 - 20:02:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2010 - 19:35:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\dump_dvd.vob [0]
O44 - LFC:[MD5.E38D1476B1B12926AB7CE2390F8B4A42] - 18/09/2010 - 18:13:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Voyage of Columbus.log [6756]
O44 - LFC:[MD5.033B7D18406A73A3B36F522BEA73CF9C] - 18/09/2010 - 17:47:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireside Christmas.log [7167]
O44 - LFC:[MD5.2B9D1FB0699C474424B364230A0EDD8D] - 18/09/2010 - 17:44:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Halloween.log [7284]
O44 - LFC:[MD5.39AC36DE9555C8D53F0F8CFC1837F1DA] - 18/09/2010 - 17:38:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lantern.log [6505]
O44 - LFC:[MD5.2C40387CAF646E1D00EA3AC0E983AA3A] - 18/09/2010 - 17:26:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Koi Fish.log [8174]
O44 - LFC:[MD5.8C79F3F095D6BFC92205CD00657F17CA] - 18/09/2010 - 17:17:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Mechanical Clock.log [6390]
O44 - LFC:[MD5.ADEB085383CA8C49CFFBAA4F3A90EDAA] - 18/09/2010 - 17:06:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Sweethearts.log [6432]
O44 - LFC:[MD5.234030FAF6BAE2FACDBA6B8B9A5D193F] - 18/09/2010 - 17:04:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nautilus.log [7786]
O44 - LFC:[MD5.77BE77E9A3CDEEB11BA80B79411490B1] - 18/09/2010 - 16:56:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Earth 3D Screensaver.log [5729]
O44 - LFC:[MD5.295E5BE32F16AE396F3B3C4AAD5928C4] - 18/09/2010 - 16:52:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Western Railway.log [8103]
O44 - LFC:[MD5.206148E66982AEB758826ADE9215CBDE] - 18/09/2010 - 16:50:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fantasy Moon.log [7130]
O44 - LFC:[MD5.91B949A0BEF5543376BAF3C13B411D43] - 18/09/2010 - 16:48:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Watermill.log [8963]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 18/09/2010 - 08:57:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212]
O44 - LFC:[MD5.6AB1F1F4DC1C8973123C74E71CFEFE54] - 18/09/2010 - 07:32:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.BD6618E227186EDEE49C96DB7E178229] - 17/09/2010 - 20:31:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Fireplace.log [8126]
O44 - LFC:[MD5.9764D427A82FA39D7D2D68F6592BBE79] - 17/09/2010 - 20:15:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Lagoon.log [7527]
O44 - LFC:[MD5.322FDD742B3A532E6BCEFB6FA855D656] - 17/09/2010 - 19:11:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Deep Space.log [6678]
O44 - LFC:[MD5.622971A588B12438FF28378E6A3D1561] - 17/09/2010 - 19:04:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Dutch Windmills.log [56849]
O44 - LFC:[MD5.08770A6C1EAE36595B56EF49086AB0DE] - 17/09/2010 - 06:24:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\The One Ring.log [6403]
O44 - LFC:[MD5.8F3441BB9DC57A51ABAE7779323BFE4F] - 16/09/2010 - 22:08:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Christmas.log [6771]
O44 - LFC:[MD5.2BDD28CE36F7311991C68DFBF1C4D07D] - 16/09/2010 - 22:02:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Discovery.log [6754]
O44 - LFC:[MD5.174C55F021BFC3B98AF3FAEFACEDECA5] - 16/09/2010 - 21:45:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Spirit of Fire.log [7179]
O44 - LFC:[MD5.1691D0EC20BB8735B29F62DB31211DED] - 16/09/2010 - 21:35:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ancient Castle.log [7907]
O44 - LFC:[MD5.A35AB37E4CB1FD4112F94CC9FD0803A6] - 16/09/2010 - 19:17:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Nature.log [8582]
O44 - LFC:[MD5.68A4556C1525497A7F70AB6E9C7A92FE] - 16/09/2010 - 19:03:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Flag.log [6175]
O44 - LFC:[MD5.82B0A7398F3CEBE98B14803456644BB2] - 16/09/2010 - 18:56:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Tropical Fish.log [6085]
O44 - LFC:[MD5.A2F56B60BFA98A91632B4B3DA86FC17B] - 16/09/2010 - 11:27:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Clock Tower.log [6941]
O44 - LFC:[MD5.B76472212307EC44CC502531437A25D5] - 16/09/2010 - 11:20:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Coral Clock.log [1312257]
O44 - LFC:[MD5.232E354E837E2E0FF133BACF5B8A4737] - 16/09/2010 - 11:06:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Cuckoo Clock.log [8012]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 15/09/2010 - 07:56:47 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 15/09/2010 - 07:56:46 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.E1E7BA29E54B2D4B19F35BE18C752D4D] - 12/09/2010 - 22:30:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [199344]
O44 - LFC:[MD5.AAF3FE95D6415DBF781F663520AD3ED2] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac Clock 3D Screensaver.exe [6501376]
O44 - LFC:[MD5.D97F1A4CE67850F85FE5FB05E2BD9BA7] - 12/09/2010 - 10:50:11 ---A- . (.3Planesoft - Zodiac Clock 3D Screensaver.) -- C:\WINDOWS\System32\Zodiac_Clock_3D_Screensaver.scr [842240]
O44 - LFC:[MD5.040A62B1C916EF01A405F1560E533D04] - 12/09/2010 - 10:49:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Water Clock 3D Screensaver.html [7286]
O44 - LFC:[MD5.6887317AF9DC7443381E5717CB407938] - 12/09/2010 - 10:49:12 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water Clock 3D Screensaver.exe [8700416]
O44 - LFC:[MD5.9787EF94E763F29116032FBEE403C972] - 12/09/2010 - 10:49:11 ---A- . (.3Planesoft - Water Clock 3D Screensaver.) -- C:\WINDOWS\System32\Water_Clock_3D_Screensaver.scr [780288]
O44 - LFC:[MD5.41AC020A0DB376D586CCDC20C7C703AC] - 12/09/2010 - 10:48:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Valentine 3D Screensaver.html [7311]
O44 - LFC:[MD5.88CE65AF30308CFD56AD0D2E0A7FED12] - 12/09/2010 - 10:48:31 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine 3D Screensaver.exe [5868544]
O44 - LFC:[MD5.47E990C48D7A5A794234B6EE9E4ED2AE] - 12/09/2010 - 10:48:30 ---A- . (.3Planesoft - Valentine 3D Screensaver.) -- C:\WINDOWS\System32\Valentine_3D_Screensaver.scr [770048]
O44 - LFC:[MD5.BECC479A5D11EDFF0F895FFAEA752E84] - 12/09/2010 - 10:47:47 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\System32\Sweethearts_3D_Screensaver.scr [1925632]
O44 - LFC:[MD5.665E3A401BF9720A678CA73CA20F06E8] - 12/09/2010 - 10:47:46 ---A- . (.3Planesoft - Sweethearts 3D Screensaver.) -- C:\WINDOWS\S
Ton rapport est incomplet car trop long pour passer sur le forum....
Colle le sur http://www.cijoint.fr/
Colle le sur http://www.cijoint.fr/
