Est-ce un virus bagle?

chocoreve -  
 Utilisateur anonyme -
Bonjour, je viens d'avoir un ipod, donc je télécharge itunes et comme beaucoup de posts sur internet, quand je télécharge le pc me dit " .....n'est pas une application win32 valide" et c'est pour tout ce que j'essaye de télécharger (quicktime)
j'ai lu certains sujets j'ai commencer à nettoyer, spybot, multivirus cleaner, CCleaner, findykill.
ca ne fonctionne pas le virus est toujours dans le pc, je ne sais pas quoi ,est ce que quelqu'un pourrait me guider, s'il vous plait?
merci d'avance



A voir également:

18 réponses

Réponse 1 / 18
Utilisateur anonyme
 
Bonjour
Il y a une infection USB et Ask
Désinstalle Spybot, car il ne sert absolument à rien du tout, il gêne
plus qu'il est utile


Télécharge USBFix (de El Desaparecido, C_XX) sur ton bureau
http://www.teamxscript.org/usbfixTelechargement.html
ou
http://teamxscript.changelog.fr/UsbFix.html (miroir)

# Double clic sur UsbFix présent sur ton bureau, et clique sur
exécuter pour lancer l'installation qui se fera automatiquement

# Clique sur Suppression

# Branche toutes tes sources et données externes (clé USB, disque dur
externe...) sans les ouvrir sur ton PC, et clique sur OK

# La suppression est lancée. Le bureau va disparaitre, c'est normal

# Une fois le nettoyage terminé, le bureau va réapparaitre, et il se
pourrai que ton navigateur s'ouvre à la page d'upload de l'outil te
demandant d'envoyer le fichier UsbFix_Upload_Me

# Clique sur Parcourir pour aller chercher le fichier
compressé qui se trouve à la racine du disque

# Dans le menu déroulant, sélectionne UsbFix, et clique sur Envoyer
le fichier

# Ensuite poste le rapport UsbFix.txt qui est apparu avec le bureau .

# Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

0
Réponse 2 / 18
chocoreve
 
ok j'ai réussi, voilà ce que ca donne

############################## | UsbFix 7.035 | [Suppression]

Utilisateur: élo (Administrateur) # LOÉ [Hewlett-Packard Compaq Presario CQ60 Notebook PC]
Mis à jour le 05/12/10 par El Desaparecido / C_XX
Lancé à 15:01:36 | 12/12/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18975

Pare-feu Windows: Activé
RAM -> 3002 Mo
C:\ (%systemdrive%) -> Disque fixe # 140 Go (32 Go libre(s) - 23%) [] # NTFS
D:\ -> Disque fixe # 9 Go (2 Go libre(s) - 19%) [PRESARIO_RP] # NTFS
E:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\$RECYCLE.BIN\S-1-5-20
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1276604291-2610430254-1979128324-1000
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1276604291-2610430254-1979128324-500
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1651725961-147956144-3064254344-500
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1276604291-2610430254-1979128324-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1276604291-2610430254-1979128324-500

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\F
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{00d83847-b711-11dd-9292-001d727f2bf8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{2606a5cb-71d5-11de-93a6-001d727f2bf8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{425103cc-dba0-11df-b116-001d727f2bf8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{59819b92-2117-11de-a3ab-001d727f2bf8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{7dc707d0-d8a2-11dd-b948-001d727f2bf8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{cd7b0665-c289-11df-b42d-001d727f2bf8}

################## | Listing |

[12/12/2010 - 15:04:40 | SHD ] C:\$RECYCLE.BIN
[01/08/2008 - 02:24:38 | N | 74] C:\autoexec.bat
[26/05/2010 - 21:36:54 | D ] C:\boot
[11/04/2009 - 07:36:36 | RASH | 333257] C:\bootmgr
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 13:59:44 | SHD ] C:\Documents and Settings
[08/12/2010 - 20:51:41 | N | 805] C:\FindyKill_Upload_Me_loé.zip
[12/12/2010 - 12:27:37 | D ] C:\FyK
[12/12/2010 - 14:52:14 | ASH | 3149078528] C:\hiberfil.sys
[19/11/2008 - 19:18:49 | D ] C:\HP
[27/09/2008 - 12:18:24 | D ] C:\Intel
[19/11/2008 - 19:18:49 | N | 375] C:\IPH.PH
[12/12/2010 - 14:52:13 | ASH | 3462864896] C:\pagefile.sys
[21/01/2008 - 03:43:50 | D ] C:\PerfLogs
[12/12/2010 - 14:39:31 | D ] C:\Program Files
[17/09/2010 - 19:39:26 | HD ] C:\ProgramData
[19/11/2008 - 19:17:19 | D ] C:\SWSetup
[12/12/2010 - 14:29:58 | SHD ] C:\System Volume Information
[19/11/2008 - 19:17:19 | D ] C:\System.sav
[12/12/2010 - 15:04:40 | D ] C:\UsbFix
[12/12/2010 - 15:01:36 | A | 2857] C:\UsbFix.txt
[19/11/2008 - 19:15:33 | D ] C:\Users
[12/12/2010 - 14:52:13 | D ] C:\Windows
[12/12/2010 - 15:04:40 | SHD ] D:\$RECYCLE.BIN
[19/11/2008 - 19:16:01 | N | 13] D:\BLOCK.RIN
[27/09/2008 - 12:43:24 | D ] D:\boot
[04/10/2006 - 00:02:44 | SH | 438328] D:\bootmgr
[26/03/2008 - 17:08:32 | SH | 1089] D:\Desktop.ini
[10/09/2002 - 17:14:28 | N | 8134] D:\Folder.htt
[27/09/2008 - 12:43:58 | D ] D:\HP
[12/12/2010 - 14:52:32 | N | 163] D:\MASTER.LOG
[27/09/2008 - 12:43:33 | D ] D:\PRELOAD
[29/01/2007 - 18:59:36 | N | 109342] D:\protect.chinese hong kong
[29/01/2007 - 18:59:24 | N | 109360] D:\protect.chinese simplified
[29/01/2007 - 18:59:36 | N | 109342] D:\protect.chinese traditional
[14/02/2007 - 19:30:34 | N | 111653] D:\protect.czech
[29/01/2007 - 18:55:24 | N | 109124] D:\protect.danish
[29/01/2007 - 18:57:48 | N | 109049] D:\protect.dutch
[29/01/2007 - 18:55:48 | N | 109092] D:\protect.ed
[29/01/2007 - 18:55:48 | N | 109092] D:\protect.english
[29/01/2007 - 18:56:08 | N | 109092] D:\protect.finnish
[29/01/2007 - 18:56:20 | N | 109060] D:\protect.french
[29/01/2007 - 18:55:34 | N | 109094] D:\protect.german
[14/02/2007 - 19:38:50 | N | 112541] D:\protect.greek
[14/02/2007 - 19:40:00 | N | 112375] D:\protect.hebrew
[28/08/2007 - 15:57:46 | N | 111475] D:\protect.hungarian
[29/01/2007 - 18:56:46 | N | 108979] D:\protect.italian
[29/01/2007 - 18:57:30 | N | 109795] D:\protect.japanese
[29/01/2007 - 18:57:36 | N | 109487] D:\protect.korean
[14/02/2007 - 19:44:28 | N | 111402] D:\protect.norwegian
[14/02/2007 - 19:45:16 | N | 111585] D:\protect.polish
[14/02/2007 - 19:46:04 | N | 111448] D:\protect.portuguese
[14/02/2007 - 19:46:40 | N | 111697] D:\protect.portuguese brazilian
[29/01/2007 - 18:58:20 | N | 163804] D:\protect.russian
[29/01/2007 - 18:55:54 | N | 109016] D:\protect.spanish
[14/02/2007 - 19:48:56 | N | 111445] D:\protect.swedish
[14/02/2007 - 19:49:30 | N | 111598] D:\protect.turkish
[27/09/2008 - 12:43:23 | RD ] D:\RECOVERY
[27/09/2008 - 12:43:27 | D ] D:\SOURCES
[27/09/2008 - 12:45:45 | SHD ] D:\System Volume Information
[27/09/2008 - 12:43:51 | D ] D:\Tools
[27/09/2008 - 12:43:29 | D ] D:\WINDOWS

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_LOÉ.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
0
Réponse 3 / 18
Utilisateur anonyme
 
On va traiter Ask maintenant
Télécharge Ad-Remover (de C_XX) sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
https://www.androidworld.fr/ ( Miroir )

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur [b]Nettoyer[/b].
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
Il est sauvegardé dans [b]C:\Ad-Remover-CLEAN[1].txt[/b]

0
Réponse 4 / 18
chocoreve
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/12/10 à 10:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 15:16:45 le 12/12/2010, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Basique Service Pack 2 (X86)
élo@LOÉ (Hewlett-Packard Compaq Presario CQ60 Notebook PC)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\élo\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\élo\AppData\LocalLow\PriceGong
Dossier supprimé: C:\ProgramData\Viewpoint
Dossier supprimé: C:\Program Files\Viewpoint

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2719315
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\MetaStream
Clé supprimée: HKLM\Software\Viewpoint
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B4B042D3-092F-4A1F-87E5-A1C5D647C7CC}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B4B042D3-092F-4A1F-87E5-A1C5D647C7CC}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [Impossible d'obtenir la version] **

-- C:\Users\élo\AppData\Roaming\Mozilla\FireFox\Profiles\ejb19o2q.default\Prefs.js --
browser.download.lastDir, C:\\Users\\élo\\Desktop
browser.startup.homepage_override.mstone, rv:1.8.1.18

========================================

** Internet Explorer Version [8.0.6001.18975] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 64 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 12/12/2010 (4163 Octet(s))

Fin à: 15:18:36, 12/12/2010

============== E.O.F ==============
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Utilisateur anonyme
 
On va faire un scan généraliste
Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
0
chocoreve
 
d'après le lien quand je télécharge malwarbyte, il ne s'ouvre pas et me dit d'obtenir une nouvelle copy?
0
chocoreve
 
Le téléchargement de malwarbyte est impossible, l'application ne veut pas s'ouvrir
ya t-il un autre moment de faire un scan généraliste?
0
Réponse 6 / 18
Utilisateur anonyme
 
laisse tomber
refait moi ZHPDiag, et héberge le rapport
0
Réponse 7 / 18
chocoreve
 
Rapport de ZHPDiag v1.27.1420 par Nicolas Coolman, Update du 11/12/2010
Run by élo at 12/12/2010 16:25:25
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18975 (Defaut)

---\\ System Information
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (54% free)
System drive C: has 32 GB (23%) free of 140 GB

---\\ Logged in mode
Computer Name: LOÉ
User Name: élo
All Users Names: élo, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 140 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK


---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 07:32:26.) -- C:\Windows\System32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 07:32:49.) -- C:\Windows\System32\drivers\ntfs.sys [1083880]


---\\ Processus lancés
[MD5.7F297042DC60B6BB1A5B13261EE5F0F1] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [170520]
[MD5.4F694D7518AA5353C382959AD7D7A233] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [145944]
[MD5.4551FB332E320838724C38925BF46DC0] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files\HP\QuickPlay\QPService.exe [468264]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.DCB36D4ED2950F3F675D27D422A6B365] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840]
[MD5.E7BAA318D3F1287C828F323B3BA9A96E] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536]
[MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752]
[MD5.6AB4C021FBD36DC6764924C312428D97] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784]
[MD5.5D24868CAC87DCD70C5B71101D39B0DE] - (.Google Inc. - Google Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912]
[MD5.A7FDF3A085B9C4D5E875FEB76500393A] - (.Bouygues - Internet Mobile 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe [323584]
[MD5.6CF023F0A798C56599B8EA9FF9F083A0] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]
[MD5.EDBC8611E999C96F881B8AA10AE7FD75] - (.Skype Technologies S.A. - Skype. Take a deep breath.) -- C:\Program Files\Skype\Phone\Skype.exe [21898024]
[MD5.C12EF776375161398861D819139D84C5] - (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232]
[MD5.CC859C4B76C7126E3AD1C2051235D50E] - (.Ralink Technology, Corp. - Ralink Wireless Utility.) -- C:\Program Files\RALINK\Common\RaUI.exe [593920]
[MD5.BA57E582D0550A26A213E1899CEEB113] - (.ShalSoft - Pas de description.) -- C:\Program Files\GigaTribe\gigatribe.exe [1071616]
[MD5.76DAC52F7A6D3AD3C8307D012ACF46CE] - (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000]
[MD5.EEBF2F715C02C8A6CE6DBE844DD1B4E3] - (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368]
[MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE [316720]
[MD5.1EDC4865C8003A0251956835273904B1] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [685360]
[MD5.8A4177883F756B18B50366B3B1878E5F] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [2051016]
[MD5.D5A730DFDEAE005373E62BC2A866E3BB] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638232]
[MD5.99B6CE3840F5AD5C4B13B666249AA467] - (.Microsoft Corporation - Microsoft Search Client Server.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe [316208]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120]
[MD5.CEDF6D51B66006142B892BE96F8E5E18] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [304304]
[MD5.A51D1C449E9CA956F477F9BFBE67A5C8] - (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe [232912]
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [168960]
[MD5.9A80E1F31DDB1FE19B4E3C34773B7B57] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [620544]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50917.0.) -- c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll (.not file.)


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) (2008, 7, 28, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Google Quick Search Box] . (.Google Inc. - Google Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Bouygues Connection Manager] . (.Bouygues - Internet Mobile 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype. Take a deep breath.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype. Take a deep breath.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk . (.Nikon Corporation.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk . (.Ralink Technology, Corp..) -- C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk . (.ShalSoft.) -- C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d'écran et lancement.lnk . (.Microsoft Corporation.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk . (.Pas de propriétaire.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\élo\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Documents And Settings\élo\Desktop\DivX Movies.lnk . (.Pas de propriétaire.) -- C:\Users\élo\Videos\DivX Movies
O4 - Global Startup: C:\Documents And Settings\élo\Desktop\Multi Virus Cleaner 2010.lnk . (.AxBx.) -- C:\Program Files\AxBx\Multi Virus Cleaner 2010\MVC.exe
O4 - Global Startup: C:\Documents And Settings\élo\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\élo\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Users\élo\Desktop\DivX Movies.lnk . (.Pas de propriétaire.) -- C:\Users\élo\Videos\DivX Movies
O4 - Global Startup: C:\Users\élo\Desktop\Multi Virus Cleaner 2010.lnk . (.AxBx.) -- C:\Program Files\AxBx\Multi Virus Cleaner 2010\MVC.exe
O4 - Global Startup: C:\Users\élo\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GigaTribe.lnk . (.ShalSoft.) -- C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline
O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Recherche AOL Toolbar . (.Pas de propriétaire - Pas de description.) -- C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - (.not file.) - C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} . (.not file.) - (.not file.)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C65868ED-496A-45BE-AA01-A2E4C70512AB}: NameServer = 62.201.129.99 62.201.159.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{C65868ED-496A-45BE-AA01-A2E4C70512AB}: NameServer = 62.201.129.99 62.201.159.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8882B3-604A-41D0-AC1D-E5F8151449DD}: DhcpNameServer = 172.17.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{89722D78-0846-4930-849F-32F0DFF28797}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D8882B3-604A-41D0-AC1D-E5F8151449DD}: DhcpNameServer = 172.17.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{89722D78-0846-4930-849F-32F0DFF28797}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{89722D78-0846-4930-849F-32F0DFF28797}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{89722D78-0846-4930-849F-32F0DFF28797}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (Recovery Service for Windows) . (.Pas de propriétaire - STServices.) - C:\Windows\SMINST\BLService.exe
O23 - Service: (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\system32\DRIVERS\xaudio.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{E9AF673B-DD6E-4F9D-9B49-99C9FCB11FEC}.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.92DBAF713557FECA30B747D9ADC3E3DD] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\regutils.dll
O40 - ASIC: LightScribe Control Panel - {10880D85-AAD9-4558-ABDC-2AB1552D831F} . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Windows Mail\WinMail.exe
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\Windows\system32\Macromed\Flash\Flash10i.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: AOL Toolbar 5.0 - (.AOL LLC.) [HKLM] -- AOL Toolbar
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8.1.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81200000003}
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- {1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
O42 - Logiciel: ArcSoft Panorama Maker 4 - (.ArcSoft.) [HKLM] -- {D45E8C45-B601-4A80-AFD8-E16338744DE1}
O42 - Logiciel: Atheros Driver Installation Program - (.Atheros.) [HKLM] -- {C3A32068-8AB1-4327-BB16-BED9C6219DC7}
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] -- {415B2719-AD3A-4944-B404-C472DB6085B3}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {83770D14-21B9-44B3-8689-F7B523F94560}
O42 - Logiciel: CleanUp! - (.Pas de propriétaire.) [HKLM] -- CleanUp!
O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM] -- CNXT_AUDIO_HDA
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}
O42 - Logiciel: ESU for Microsoft Vista - (.Hewlett-Packard.) [HKLM] -- {3877C901-7B90-4727-A639-B6ED2DD59D43}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: GigaTribe 2.52 - (.ShalSoft.) [HKLM] -- ShalSoft.GigaTribe_is1
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Pas de propriétaire.) [HKLM] -- CNXT_MODEM_HDAUDIO_HERMOSA_HSF
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}
O42 - Logiciel: HP DVD Play 3.7 - (.Hewlett-Packard.) [HKLM] -- {45D707E9-F3C4-11D9-A373-0050BAE317E1}
O42 - Logiciel: HP Doc Viewer - (.Hewlett-Packard.) [HKLM] -- {082702D5-5DD8-4600-BCE5-48B15174687F}
O42 - Logiciel: HP Easy Setup - Frontend - (.Hewlett-Packard.) [HKLM] -- {51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}
O42 - Logiciel: HP Help and Support - (.Hewlett-Packard.) [HKLM] -- {E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
O42 - Logiciel: HP Quick Launch Buttons 6.40 F1 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Total Care Advisor - (.Hewlett-Packard.) [HKLM] -- {f32502b5-5b64-4882-bf61-77f23edcac4f}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
O42 - Logiciel: HP User Guides 0118 - (.Hewlett-Packard.) [HKLM] -- {B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {340F521E-3576-4E1A-B75C-EB0ACF751379}
O42 - Logiciel: HPNetworkAssistant - (.Hewlett-Packard..) [HKLM] -- {228C6B46-64E2-404E-898A-EF0830603EF4}
O42 - Logiciel: Hewlett-Packard Active Check for Health Check - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Hewlett-Packard Asset Agent for Health Check - (.HP.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Internet Mobile 3G+ Bouygues Telecom - (.Bouygues.) [HKLM] -- {19DAF1F5-CDB8-448D-8E77-A69BE699F20F}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: KaraFun 1.18 - (.Recisio.) [HKLM] -- KaraFun_is1
O42 - Logiciel: LightScribe System Software 1.12.33.2 - (.LightScribe.) [HKLM] -- {582287DA-0806-4AC0-BF19-C15E3A466034}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live
O42 - Logiciel: MessengerPlusLive France TB Toolbar - (.MessengerPlusLive France TB.) [HKLM] -- MessengerPlusLive_France_TB Toolbar
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Home and Student 2010 - Français - (.Microsoft Corporation.) [HKLM] -- {90140011-0061-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office « Démarrer en un clic » 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.Click2Run
O42 - Logiciel: Microsoft Office « Démarrer en un clic » 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-006D-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {3B160861-7250-451E-B5EE-8B92BF30A710}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Multi Virus Cleaner 2010 - (.AxBx.) [HKLM] -- Multi Virus Cleaner 2010_is1
O42 - Logiciel: My HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: NetWaiting - (.BVRP Software, Inc.) [HKLM] -- {3F92ABBB-6BBF-11D5-B229-002078017FBF}
O42 - Logiciel: Nikon Message Center - (.Nikon.) [HKLM] -- {D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
O42 - Logiciel: Nikon Transfer - (.Nikon.) [HKLM] -- {E9757890-7EC5-46C8-99AB-B00F07B6525C}
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.) [HKLM] -- {6860B340-530D-46B3-91F8-1AE1F70F7C33}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: QuickPlay SlingPlayer 0.4.6 - (.SlingMedia.) [HKLM] -- SlingMedia.QPSlingPlayer_is1
O42 - Logiciel: Ralink Wireless LAN Card - (.RALINK.) [HKLM] -- {E91E8912-769D-42F0-8408-0E329443BABC}
O42 - Logiciel: Realtek 8169 8168 8101E 8102E Ethernet Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
O42 - Logiciel: Skype(TM) 3.6 - (.Skype Technologies S.A..) [HKLM] -- {5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM] -- {767CC44C-9BBC-438D-BAD3-FD4595DD148B}
O42 - Logiciel: VLC media player 0.9.6 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {61AD15B2-50DB-4686-A739-14FE180D4429}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {AF844339-2F8A-4593-81B3-9F4C54038C4E}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {19A4A990-5343-4FF7-B3B5-6F046C091EDF}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {AB93C51F-71F9-4A28-8134-FE1B5B9373E9}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM] -- Yahoo! Companion
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] -- eMule
O42 - Logiciel: muvee autoProducer 6.1 - (.muvee Technologies.) [HKLM] -- {35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\AOL]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\DivXNetworks]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Binary Noise]
[HKCU\Software\Bouygues]
[HKCU\Software\CavenDish]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\MIDI Drivers]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Muvee)]
[HKCU\Software\MainConcept (Nikon)]
[HKCU\Software\MainConcept]
[HKCU\Software\MimarSinan]
[HKCU\Software\Netscape]
[HKCU\Software\Nikon]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Patchou]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RALINK]
[HKCU\Software\RECISIO]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\ShalSoft]
[HKCU\Software\Skype]
[HKCU\Software\Synaptics]
[HKCU\Software\Trend Micro]
[HKCU\Software\Trolltech]
[HKCU\Software\Usbfix]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\Yahoo]
[HKCU\Software\eMule]
[HKCU\Software\funkitron]
[HKCU\Software\muvee Technologies]
[HKCU\Software\stevengould.org]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AOL]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\ArcSoft]
[HKLM\Software\Atheros]
[HKLM\Software\BVRP Software, Inc]
[HKLM\Software\Bouygues]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conexant]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\EasyBits]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Huawei technologies]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LightScribe]
[HKLM\Software\MDC]
[HKLM\Software\Macromedia]
[HKLM\Software\MessengerPlusLive_France_TB]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nikon]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Organic]
[HKLM\Software\Patchou]
[HKLM\Software\PctelEapPeer Authentication]
[HKLM\Software\Policies]
[HKLM\Software\RALINK]
[HKLM\Software\RECISIO]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\ShalSoft]
[HKLM\Software\Skype]
[HKLM\Software\SmithMicro]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Symantec]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\WildTangent]
[HKLM\Software\Yahoo]
[HKLM\Software\ZTEUSBDriverFlag]
[HKLM\Software\mozilla.org]
[HKLM\Software\muvee Technologies]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD: 12/12/2010 - 15:16:46 ----D- C:\Program Files\Ad-Remover
O43 - CFD: 01/08/2008 - 02:40:26 ----D- C:\Program Files\Adobe
O43 - CFD: 25/04/2010 - 16:14:24 ----D- C:\Program Files\Alwil Software
O43 - CFD: 01/08/2008 - 02:50:16 ----D- C:\Program Files\AOL
O43 - CFD: 03/12/2008 - 18:07:46 ----D- C:\Program Files\ArcSoft
O43 - CFD: 27/09/2008 - 12:13:18 ----D- C:\Program Files\Atheros
O43 - CFD: 26/12/2008 - 00:16:16 ----D- C:\Program Files\Audacity
O43 - CFD: 26/05/2010 - 20:17:02 ----D- C:\Program Files\AxBx
O43 - CFD: 17/09/2010 - 19:39:16 ----D- C:\Program Files\Bouygues Telecom
O43 - CFD: 13/03/2009 - 09:25:52 ----D- C:\Program Files\CCleaner
O43 - CFD: 10/01/2009 - 19:33:26 ----D- C:\Program Files\Circle Developement
O43 - CFD: 27/09/2008 - 12:12:22 ----D- C:\Program Files\Cisco
O43 - CFD: 26/05/2010 - 18:45:34 ----D- C:\Program Files\CleanUp!
O43 - CFD: 17/09/2010 - 19:39:16 ----D- C:\Program Files\Common Files
O43 - CFD: 27/09/2008 - 12:21:02 ----D- C:\Program Files\CONEXANT
O43 - CFD: 31/03/2009 - 10:29:46 ----D- C:\Program Files\CyberLink
O43 - CFD: 10/07/2009 - 22:14:46 ----D- C:\Program Files\DivX
O43 - CFD: 01/08/2008 - 02:49:46 ----D- C:\Program Files\EasyBits For Kids
O43 - CFD: 30/09/2009 - 12:44:02 ----D- C:\Program Files\eMule
O43 - CFD: 19/11/2008 - 19:11:58 -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 17/04/2009 - 10:11:04 ----D- C:\Program Files\GigaTribe
O43 - CFD: 25/04/2010 - 16:13:22 ----D- C:\Program Files\Google
O43 - CFD: 27/09/2008 - 12:11:38 ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 01/08/2008 - 02:58:32 ----D- C:\Program Files\HP
O43 - CFD: 01/08/2008 - 02:01:46 ----D- C:\Program Files\HP Games
O43 - CFD: 24/06/2010 - 15:21:40 --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 27/09/2008 - 12:13:48 ----D- C:\Program Files\Intel
O43 - CFD: 26/11/2010 - 20:03:10 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 17/04/2009 - 17:07:04 ----D- C:\Program Files\Java
O43 - CFD: 17/04/2009 - 17:07:54 ----D- C:\Program Files\JRE
O43 - CFD: 29/07/2009 - 19:59:34 ----D- C:\Program Files\KaraFun
O43 - CFD: 07/11/2010 - 11:46:42 ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD: 07/11/2010 - 11:52:42 ----D- C:\Program Files\MessengerPlusLive_France_TB
O43 - CFD: 10/10/2009 - 11:49:54 ----D- C:\Program Files\Microsoft
O43 - CFD: 25/08/2010 - 06:46:22 ----D- C:\Program Files\Microsoft Application Virtualization Client
O43 - CFD: 02/11/2006 - 13:35:52 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 23/08/2010 - 21:05:52 ----D- C:\Program Files\Microsoft Office
O43 - CFD: 02/10/2010 - 08:09:18 ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 20/03/2009 - 14:32:18 ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 12/08/2010 - 06:55:28 ----D- C:\Program Files\Microsoft Works
O43 - CFD: 23/08/2010 - 20:49:54 ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 12/08/2010 - 06:58:54 ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/11/2006 - 13:35:52 ----D- C:\Program Files\MSBuild
O43 - CFD: 19/11/2008 - 20:42:22 ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 01/08/2008 - 02:24:16 ----D- C:\Program Files\muvee Technologies
O43 - CFD: 27/09/2008 - 12:18:12 ----D- C:\Program Files\NetWaiting
O43 - CFD: 03/12/2008 - 18:08:50 ----D- C:\Program Files\Nikon
O43 - CFD: 19/11/2008 - 19:18:50 R---D- C:\Program Files\Online Services
O43 - CFD: 17/04/2009 - 17:07:50 ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 10/10/2009 - 19:01:12 ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 24/06/2010 - 15:21:40 ----D- C:\Program Files\RALINK
O43 - CFD: 27/09/2008 - 12:17:06 ----D- C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 13:35:52 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 20/11/2008 - 19:49:16 ----D- C:\Program Files\Skype
O43 - CFD: 12/12/2010 - 14:52:14 ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 27/09/2008 - 12:16:32 ----D- C:\Program Files\Synaptics
O43 - CFD: 16/09/2010 - 18:38:06 ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD: 12/12/2010 - 14:30:28 ----D- C:\Program Files\TrendMicro
O43 - CFD: 02/11/2006 - 13:58:20 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 20/11/2008 - 22:29:14 ----D- C:\Program Files\VideoLAN
O43 - CFD: 26/05/2010 - 21:28:58 ----D- C:\Program Files\Windows Calendar
O43 - CFD: 26/05/2010 - 21:28:56 ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 26/05/2010 - 21:28:54 ----D- C:\Program Files\Windows Defender
O43 - CFD: 30/11/2010 - 20:46:26 ----D- C:\Program Files\Windows Live
O43 - CFD: 20/03/2009 - 14:30:08 ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 11/11/2010 - 18:54:44 ----D- C:\Program Files\Windows Mail
O43 - CFD: 17/10/2010 - 19:27:26 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 19/11/2008 - 19:11:58 ----D- C:\Program Files\Windows NT
O43 - CFD: 26/05/2010 - 21:28:56 ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 28/05/2010 - 15:53:54 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 26/05/2010 - 21:28:56 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 13/03/2009 - 09:25:50 ----D- C:\Program Files\Yahoo!
O43 - CFD: 12/12/2010 - 16:25:48 ----D- C:\Program Files\ZHPDiag
O43 - CFD: 01/08/2008 - 02:40:36 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 23/08/2010 - 21:05:54 ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 10/07/2009 - 22:14:30 ----D- C:\Program Files\Common Files\DivX Shared
O43 - CFD: 01/08/2008 - 02:53:20 ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 01/08/2008 - 02:59:54 ----D- C:\Program Files\Common Files\Java
O43 - CFD: 27/09/2008 - 12:52:02 ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 30/11/2010 - 20:29:18 ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 01/08/2008 - 02:24:16 ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 03/12/2008 - 18:10:06 ----D- C:\Program Files\Common Files\Nikon
O43 - CFD: 17/09/2010 - 19:39:16 ----D- C:\Program Files\Common Files\PctelEapPeer Authentication
O43 - CFD: 02/11/2006 - 12:18:34 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 20/11/2008 - 19:49:12 ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 02/11/2006 - 12:18:34 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 19/11/2008 - 19:57:44 ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 26/05/2010 - 21:28:56 ----D- C:\Program Files\Common Files\System
O43 - CFD: 13/03/2009 - 08:50:26 ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 19/11/2008 - 21:37:26 -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD: 01/08/2008 - 02:40:54 ----D- C:\ProgramData\Adobe
O43 - CFD: 25/04/2010 - 16:10:44 ----D- C:\ProgramData\Alwil Software
O43 - CFD: 31/03/2009 - 10:26:56 ----D- C:\ProgramData\AOL
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 27/09/2008 - 12:12:18 ----D- C:\ProgramData\Atheros
O43 - CFD: 17/09/2010 - 19:39:28 ----D- C:\ProgramData\Bouygues Telecom
O43 - CFD: 19/11/2008 - 19:11:58 -SH-D- C:\ProgramData\Bureau
O43 - CFD: 14/01/2009 - 10:48:52 ----D- C:\ProgramData\CyberLink
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Documents
O43 - CFD: 30/09/2009 - 12:44:18 ----D- C:\ProgramData\eMule
O43 - CFD: 03/12/2008 - 18:08:18 ----D- C:\ProgramData\EnterNHelp
O43 - CFD: 19/11/2008 - 19:11:58 -SH-D- C:\ProgramData\Favoris
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 29/10/2009 - 23:05:24 ----D- C:\ProgramData\Google
O43 - CFD: 27/09/2008 - 12:47:16 ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 31/03/2009 - 10:28:44 ----D- C:\ProgramData\LightScribe
O43 - CFD: 19/11/2008 - 19:11:58 -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 07/11/2010 - 18:34:16 ----D- C:\ProgramData\Messenger Plus!
O43 - CFD: 30/11/2010 - 20:14:28 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 16/03/2009 - 09:32:30 ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 19/11/2008 - 19:11:58 -SH-D- C:\ProgramData\Modèles
O43 - CFD: 01/08/2008 - 02:24:12 ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 03/12/2008 - 18:08:58 ----D- C:\ProgramData\Nikon
O43 - CFD: 03/12/2008 - 18:08:18 ----D- C:\ProgramData\Plug-Ins
O43 - CFD: 13/07/2009 - 20:15:36 ----D- C:\ProgramData\Recisio
O43 - CFD: 13/11/2010 - 14:32:34 ----D- C:\ProgramData\Skype
O43 - CFD: 12/12/2010 - 14:51:02 ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 19/11/2008 - 19:56:10 ----D- C:\ProgramData\Symantec
O43 - CFD: 25/06/2010 - 14:04:24 ---AD- C:\ProgramData\TEMP
O43 - CFD: 02/11/2006 - 13:59:46 -SH-D- C:\ProgramData\Templates
O43 - CFD: 03/12/2008 - 18:08:18 ----D- C:\ProgramData\Ultima_T15
O43 - CFD: 02/10/2010 - 08:41:12 ----D- C:\ProgramData\VirtualizedApplications
O43 - CFD: 25/06/2010 - 11:02:46 ----D- C:\ProgramData\WildTangent
O43 - CFD: 10/05/2010 - 14:04:58 ----D- C:\ProgramData\WindowsSearch
O43 - CFD: 19/11/2008 - 21:36:38 ----D- C:\ProgramData\WLInstaller
O43 - CFD: 13/03/2009 - 09:25:48 ----D- C:\ProgramData\Yahoo! Companion
O43 - CFD: 01/08/2008 - 02:40:36 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 23/08/2010 - 21:05:54 ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 10/07/2009 - 22
0
chocoreve
 
ah pardon, c'etait pas comme ça que j'ai fait tout à leur,
http://www.cijoint.fr/cjlink.php?file=cj201012/cijLBYTCip.txt
0
chocoreve
 
Pour info, je viens de réessayer de télécharger itunes et ca ne marche pas........................
toujours ce message " .....n'est pas un application win 32 valide"
rrrrhhhhhh c'est pas vraiment pas cool.
0
Réponse 8 / 18
Utilisateur anonyme
 
Télécharge Lop S&D(de Eric_71 et Angeldark) sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
http://eric71.geekstogo.com/tools/LopSD.exe


* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 9 / 18
chocoreve
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista(TM) Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz )
BIOS : Default System BIOS
USER : élo ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:140 Go (Free:32 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB) - FAT32 - Total:3766 Mo (Free:3 Go)
Q:\ (Local Disk)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/12/2010|17:13 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[23/11/2008|17:48] C:\Users\LO6B3E~1\AppData\Local\Adobe
[19/11/2008|19:52] C:\Users\LO6B3E~1\AppData\Local\AOL
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Application Data
[31/03/2009|10:24] C:\Users\LO6B3E~1\AppData\Local\Apps
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\AtStart.txt
[17/09/2010|19:46] C:\Users\LO6B3E~1\AppData\Local\Bouygues Telecom
[01/09/2010|11:23] C:\Users\LO6B3E~1\AppData\Local\d3d9caps.dat
[25/11/2010|17:24] C:\Users\LO6B3E~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\DSwitch.txt
[30/09/2009|12:44] C:\Users\LO6B3E~1\AppData\Local\eMule
[30/11/2010|20:25] C:\Users\LO6B3E~1\AppData\Local\GDIPFONTCACHEV1.DAT
[13/06/2010|21:17] C:\Users\LO6B3E~1\AppData\Local\Google
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Historique
[12/12/2010|14:51] C:\Users\LO6B3E~1\AppData\Local\IconCache.db
[30/11/2010|21:12] C:\Users\LO6B3E~1\AppData\Local\Microsoft
[03/04/2009|09:53] C:\Users\LO6B3E~1\AppData\Local\Microsoft Games
[08/02/2009|15:39] C:\Users\LO6B3E~1\AppData\Local\Microsoft Help
[19/11/2008|20:44] C:\Users\LO6B3E~1\AppData\Local\Mozilla
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\QSwitch.txt
[23/05/2010|15:30] C:\Users\LO6B3E~1\AppData\Local\QuickPlay
[24/06/2010|16:21] C:\Users\LO6B3E~1\AppData\Local\RT73_{FE577A96-1B7E-4DD9-917A-03041683ADF2}_prof
[24/06/2010|16:21] C:\Users\LO6B3E~1\AppData\Local\RT73_{FE577A96-1B7E-4DD9-917A-03041683ADF2}_sta
[31/03/2009|10:24] C:\Users\LO6B3E~1\AppData\Local\Seven Zip
[23/08/2010|18:16] C:\Users\LO6B3E~1\AppData\Local\SoftGrid Client
[12/12/2010|17:12] C:\Users\LO6B3E~1\AppData\Local\Temp
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Temporary Internet Files
[14/09/2010|13:41] C:\Users\LO6B3E~1\AppData\Local\VirtualStore
[12/12/2010|11:44] C:\Users\LO6B3E~1\AppData\Local\Windows Live

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[12/12/2010 00:10][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E9AF673B-DD6E-4F9D-9B49-99C9FCB11FEC}.job
[12/12/2010 16:41][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[12/12/2010 16:04][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[12/12/2010 16:03][--ah-----] C:\Windows\tasks\SA.DAT
[12/12/2010 16:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[01/08/2008|02:40] C:\ProgramData\Adobe
[25/04/2010|16:10] C:\ProgramData\Alwil Software
[31/03/2009|10:26] C:\ProgramData\AOL
[02/11/2006|13:59] C:\ProgramData\Application Data
[27/09/2008|12:12] C:\ProgramData\Atheros
[17/09/2010|19:39] C:\ProgramData\Bouygues Telecom
[19/11/2008|19:11] C:\ProgramData\Bureau
[14/01/2009|10:48] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[30/09/2009|12:44] C:\ProgramData\eMule
[03/12/2008|18:08] C:\ProgramData\EnterNHelp
[21/11/2008|15:50] C:\ProgramData\ezsid.dat
[19/11/2008|19:11] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[29/10/2009|23:05] C:\ProgramData\Google
[27/09/2008|12:47] C:\ProgramData\Hewlett-Packard
[31/03/2009|10:28] C:\ProgramData\LightScribe
[19/11/2008|19:11] C:\ProgramData\Menu D'marrer
[07/11/2010|18:34] C:\ProgramData\Messenger Plus!
[30/11/2010|20:14] C:\ProgramData\Microsoft
[16/03/2009|09:32] C:\ProgramData\Microsoft Help
[19/11/2008|19:11] C:\ProgramData\ModSles
[01/08/2008|02:24] C:\ProgramData\muvee Technologies
[03/12/2008|18:08] C:\ProgramData\Nikon
[28/08/2009|17:36] C:\ProgramData\PKP_DLdu.DAT
[03/12/2008|18:08] C:\ProgramData\Plug-Ins
[13/07/2009|20:15] C:\ProgramData\Recisio
[03/12/2008|18:08] C:\ProgramData\Screen Saver
[13/11/2010|14:32] C:\ProgramData\Skype
[12/12/2010|14:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[19/11/2008|19:56] C:\ProgramData\Symantec
[25/06/2010|14:04] C:\ProgramData\TEMP
[02/11/2006|13:59] C:\ProgramData\Templates
[03/12/2008|18:08] C:\ProgramData\Ultima_T15
[02/10/2010|08:41] C:\ProgramData\VirtualizedApplications
[25/06/2010|11:02] C:\ProgramData\WildTangent
[10/05/2010|14:04] C:\ProgramData\WindowsSearch
[19/11/2008|21:36] C:\ProgramData\WLInstaller
[13/03/2009|09:25] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[01/08/2008|02:40] C:\Program Files\Adobe
[12/12/2010|15:16] C:\Program Files\Ad-Remover
[25/04/2010|16:14] C:\Program Files\Alwil Software
[01/08/2008|02:50] C:\Program Files\AOL
[03/12/2008|18:07] C:\Program Files\ArcSoft
[27/09/2008|12:13] C:\Program Files\Atheros
[26/12/2008|00:16] C:\Program Files\Audacity
[26/05/2010|20:17] C:\Program Files\AxBx
[17/09/2010|19:39] C:\Program Files\Bouygues Telecom
[13/03/2009|09:25] C:\Program Files\CCleaner
[10/01/2009|19:33] C:\Program Files\Circle Developement
[27/09/2008|12:12] C:\Program Files\Cisco
[26/05/2010|18:45] C:\Program Files\CleanUp!
[17/09/2010|19:39] C:\Program Files\Common Files
[27/09/2008|12:21] C:\Program Files\CONEXANT
[31/03/2009|10:29] C:\Program Files\CyberLink
[10/07/2009|22:14] C:\Program Files\DivX
[01/08/2008|02:49] C:\Program Files\EasyBits For Kids
[30/09/2009|12:44] C:\Program Files\eMule
[19/11/2008|19:11] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/04/2009|10:11] C:\Program Files\GigaTribe
[25/04/2010|16:13] C:\Program Files\Google
[27/09/2008|12:11] C:\Program Files\Hewlett-Packard
[01/08/2008|02:58] C:\Program Files\HP
[01/08/2008|02:01] C:\Program Files\HP Games
[24/06/2010|15:21] C:\Program Files\InstallShield Installation Information
[27/09/2008|12:13] C:\Program Files\Intel
[26/11/2010|20:03] C:\Program Files\Internet Explorer
[17/04/2009|17:07] C:\Program Files\Java
[17/04/2009|17:07] C:\Program Files\JRE
[29/07/2009|19:59] C:\Program Files\KaraFun
[07/11/2010|11:46] C:\Program Files\Messenger Plus! Live
[07/11/2010|11:52] C:\Program Files\MessengerPlusLive_France_TB
[10/10/2009|11:49] C:\Program Files\Microsoft
[25/08/2010|06:46] C:\Program Files\Microsoft Application Virtualization Client
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[23/08/2010|21:05] C:\Program Files\Microsoft Office
[02/10/2010|08:09] C:\Program Files\Microsoft Silverlight
[20/03/2009|14:32] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2010|06:55] C:\Program Files\Microsoft Works
[23/08/2010|20:49] C:\Program Files\Microsoft.NET
[12/08/2010|06:58] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[19/11/2008|20:42] C:\Program Files\MSXML 4.0
[01/08/2008|02:24] C:\Program Files\muvee Technologies
[27/09/2008|12:18] C:\Program Files\NetWaiting
[03/12/2008|18:08] C:\Program Files\Nikon
[19/11/2008|19:18] C:\Program Files\Online Services
[17/04/2009|17:07] C:\Program Files\OpenOffice.org 3
[10/10/2009|19:01] C:\Program Files\PhotoFiltre
[24/06/2010|15:21] C:\Program Files\RALINK
[27/09/2008|12:17] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[20/11/2008|19:49] C:\Program Files\Skype
[12/12/2010|14:52] C:\Program Files\Spybot - Search & Destroy
[27/09/2008|12:16] C:\Program Files\Synaptics
[16/09/2010|18:38] C:\Program Files\TomTom DesktopSuite
[12/12/2010|14:30] C:\Program Files\TrendMicro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[20/11/2008|22:29] C:\Program Files\VideoLAN
[26/05/2010|21:28] C:\Program Files\Windows Calendar
[26/05/2010|21:28] C:\Program Files\Windows Collaboration
[26/05/2010|21:28] C:\Program Files\Windows Defender
[30/11/2010|20:46] C:\Program Files\Windows Live
[20/03/2009|14:30] C:\Program Files\Windows Live SkyDrive
[11/11/2010|18:54] C:\Program Files\Windows Mail
[17/10/2010|19:27] C:\Program Files\Windows Media Player
[19/11/2008|19:11] C:\Program Files\Windows NT
[26/05/2010|21:28] C:\Program Files\Windows Photo Gallery
[28/05/2010|15:53] C:\Program Files\Windows Portable Devices
[26/05/2010|21:28] C:\Program Files\Windows Sidebar
[13/03/2009|09:25] C:\Program Files\Yahoo!
[12/12/2010|16:28] C:\Program Files\ZHPDiag

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/08/2008|02:40] C:\Program Files\Common Files\Adobe
[23/08/2010|21:05] C:\Program Files\Common Files\DESIGNER
[10/07/2009|22:14] C:\Program Files\Common Files\DivX Shared
[01/08/2008|02:53] C:\Program Files\Common Files\InstallShield
[01/08/2008|02:59] C:\Program Files\Common Files\Java
[27/09/2008|12:52] C:\Program Files\Common Files\LightScribe
[30/11/2010|20:29] C:\Program Files\Common Files\microsoft shared
[01/08/2008|02:24] C:\Program Files\Common Files\muvee Technologies
[03/12/2008|18:10] C:\Program Files\Common Files\Nikon
[17/09/2010|19:39] C:\Program Files\Common Files\PctelEapPeer Authentication
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[20/11/2008|19:49] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[19/11/2008|19:57] C:\Program Files\Common Files\Symantec Shared
[26/05/2010|21:28] C:\Program Files\Common Files\System
[13/03/2009|08:50] C:\Program Files\Common Files\Windows Live
[19/11/2008|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 94 Processes )

iexplore.exe ~ [PID:2600]
iexplore.exe ~ [PID:4692]
iexplore.exe ~ [PID:6088]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 17:13:44
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\LO6B3E~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7WP10NCX\0-O1TSadUD-crack-s-[1].png


[F:15][D:26]-> C:\Users\LO6B3E~1\AppData\Local\Temp
[F:141][D:1]-> C:\Users\LO6B3E~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:378][D:9]-> C:\Users\LO6B3E~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:45][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 12/12/2010|17:17 - Option : [1]

--------------------\\ Fin du rapport a 17:17:21
[ UAC => 1 ]
0
Réponse 10 / 18
Utilisateur anonyme
 
Clic droit sur le raccourci Lop S&D présent sur ton Bureau, et sur exécuter en tant qu'administrateur
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
0
Réponse 11 / 18
chocoreve
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista(TM) Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz )
BIOS : Default System BIOS
USER : élo ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:140 Go (Free:32 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB) - FAT32 - Total:3766 Mo (Free:3 Go)
Q:\ (Local Disk)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12/12/2010|17:31 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[23/11/2008|17:48] C:\Users\LO6B3E~1\AppData\Local\Adobe
[19/11/2008|19:52] C:\Users\LO6B3E~1\AppData\Local\AOL
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Application Data
[31/03/2009|10:24] C:\Users\LO6B3E~1\AppData\Local\Apps
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\AtStart.txt
[17/09/2010|19:46] C:\Users\LO6B3E~1\AppData\Local\Bouygues Telecom
[01/09/2010|11:23] C:\Users\LO6B3E~1\AppData\Local\d3d9caps.dat
[25/11/2010|17:24] C:\Users\LO6B3E~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\DSwitch.txt
[30/09/2009|12:44] C:\Users\LO6B3E~1\AppData\Local\eMule
[30/11/2010|20:25] C:\Users\LO6B3E~1\AppData\Local\GDIPFONTCACHEV1.DAT
[13/06/2010|21:17] C:\Users\LO6B3E~1\AppData\Local\Google
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Historique
[12/12/2010|14:51] C:\Users\LO6B3E~1\AppData\Local\IconCache.db
[30/11/2010|21:12] C:\Users\LO6B3E~1\AppData\Local\Microsoft
[03/04/2009|09:53] C:\Users\LO6B3E~1\AppData\Local\Microsoft Games
[08/02/2009|15:39] C:\Users\LO6B3E~1\AppData\Local\Microsoft Help
[19/11/2008|20:44] C:\Users\LO6B3E~1\AppData\Local\Mozilla
[19/11/2008|19:24] C:\Users\LO6B3E~1\AppData\Local\QSwitch.txt
[23/05/2010|15:30] C:\Users\LO6B3E~1\AppData\Local\QuickPlay
[24/06/2010|16:21] C:\Users\LO6B3E~1\AppData\Local\RT73_{FE577A96-1B7E-4DD9-917A-03041683ADF2}_prof
[24/06/2010|16:21] C:\Users\LO6B3E~1\AppData\Local\RT73_{FE577A96-1B7E-4DD9-917A-03041683ADF2}_sta
[31/03/2009|10:24] C:\Users\LO6B3E~1\AppData\Local\Seven Zip
[23/08/2010|18:16] C:\Users\LO6B3E~1\AppData\Local\SoftGrid Client
[12/12/2010|17:31] C:\Users\LO6B3E~1\AppData\Local\Temp
[19/11/2008|19:15] C:\Users\LO6B3E~1\AppData\Local\Temporary Internet Files
[14/09/2010|13:41] C:\Users\LO6B3E~1\AppData\Local\VirtualStore
[12/12/2010|11:44] C:\Users\LO6B3E~1\AppData\Local\Windows Live

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[12/12/2010 00:10][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E9AF673B-DD6E-4F9D-9B49-99C9FCB11FEC}.job
[12/12/2010 16:41][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[12/12/2010 16:04][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[12/12/2010 16:03][--ah-----] C:\Windows\tasks\SA.DAT
[12/12/2010 16:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[01/08/2008|02:40] C:\ProgramData\Adobe
[25/04/2010|16:10] C:\ProgramData\Alwil Software
[31/03/2009|10:26] C:\ProgramData\AOL
[02/11/2006|13:59] C:\ProgramData\Application Data
[27/09/2008|12:12] C:\ProgramData\Atheros
[17/09/2010|19:39] C:\ProgramData\Bouygues Telecom
[19/11/2008|19:11] C:\ProgramData\Bureau
[14/01/2009|10:48] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[30/09/2009|12:44] C:\ProgramData\eMule
[03/12/2008|18:08] C:\ProgramData\EnterNHelp
[21/11/2008|15:50] C:\ProgramData\ezsid.dat
[19/11/2008|19:11] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[29/10/2009|23:05] C:\ProgramData\Google
[27/09/2008|12:47] C:\ProgramData\Hewlett-Packard
[31/03/2009|10:28] C:\ProgramData\LightScribe
[19/11/2008|19:11] C:\ProgramData\Menu D'marrer
[07/11/2010|18:34] C:\ProgramData\Messenger Plus!
[30/11/2010|20:14] C:\ProgramData\Microsoft
[16/03/2009|09:32] C:\ProgramData\Microsoft Help
[19/11/2008|19:11] C:\ProgramData\ModSles
[01/08/2008|02:24] C:\ProgramData\muvee Technologies
[03/12/2008|18:08] C:\ProgramData\Nikon
[28/08/2009|17:36] C:\ProgramData\PKP_DLdu.DAT
[03/12/2008|18:08] C:\ProgramData\Plug-Ins
[13/07/2009|20:15] C:\ProgramData\Recisio
[03/12/2008|18:08] C:\ProgramData\Screen Saver
[13/11/2010|14:32] C:\ProgramData\Skype
[12/12/2010|14:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[19/11/2008|19:56] C:\ProgramData\Symantec
[25/06/2010|14:04] C:\ProgramData\TEMP
[02/11/2006|13:59] C:\ProgramData\Templates
[03/12/2008|18:08] C:\ProgramData\Ultima_T15
[02/10/2010|08:41] C:\ProgramData\VirtualizedApplications
[25/06/2010|11:02] C:\ProgramData\WildTangent
[10/05/2010|14:04] C:\ProgramData\WindowsSearch
[19/11/2008|21:36] C:\ProgramData\WLInstaller
[13/03/2009|09:25] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[01/08/2008|02:40] C:\Program Files\Adobe
[12/12/2010|15:16] C:\Program Files\Ad-Remover
[25/04/2010|16:14] C:\Program Files\Alwil Software
[01/08/2008|02:50] C:\Program Files\AOL
[03/12/2008|18:07] C:\Program Files\ArcSoft
[27/09/2008|12:13] C:\Program Files\Atheros
[26/12/2008|00:16] C:\Program Files\Audacity
[26/05/2010|20:17] C:\Program Files\AxBx
[17/09/2010|19:39] C:\Program Files\Bouygues Telecom
[13/03/2009|09:25] C:\Program Files\CCleaner
[27/09/2008|12:12] C:\Program Files\Cisco
[26/05/2010|18:45] C:\Program Files\CleanUp!
[17/09/2010|19:39] C:\Program Files\Common Files
[27/09/2008|12:21] C:\Program Files\CONEXANT
[31/03/2009|10:29] C:\Program Files\CyberLink
[10/07/2009|22:14] C:\Program Files\DivX
[01/08/2008|02:49] C:\Program Files\EasyBits For Kids
[30/09/2009|12:44] C:\Program Files\eMule
[19/11/2008|19:11] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/04/2009|10:11] C:\Program Files\GigaTribe
[25/04/2010|16:13] C:\Program Files\Google
[27/09/2008|12:11] C:\Program Files\Hewlett-Packard
[01/08/2008|02:58] C:\Program Files\HP
[01/08/2008|02:01] C:\Program Files\HP Games
[24/06/2010|15:21] C:\Program Files\InstallShield Installation Information
[27/09/2008|12:13] C:\Program Files\Intel
[26/11/2010|20:03] C:\Program Files\Internet Explorer
[17/04/2009|17:07] C:\Program Files\Java
[17/04/2009|17:07] C:\Program Files\JRE
[29/07/2009|19:59] C:\Program Files\KaraFun
[07/11/2010|11:46] C:\Program Files\Messenger Plus! Live
[07/11/2010|11:52] C:\Program Files\MessengerPlusLive_France_TB
[10/10/2009|11:49] C:\Program Files\Microsoft
[25/08/2010|06:46] C:\Program Files\Microsoft Application Virtualization Client
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[23/08/2010|21:05] C:\Program Files\Microsoft Office
[02/10/2010|08:09] C:\Program Files\Microsoft Silverlight
[20/03/2009|14:32] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2010|06:55] C:\Program Files\Microsoft Works
[23/08/2010|20:49] C:\Program Files\Microsoft.NET
[12/08/2010|06:58] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[19/11/2008|20:42] C:\Program Files\MSXML 4.0
[01/08/2008|02:24] C:\Program Files\muvee Technologies
[27/09/2008|12:18] C:\Program Files\NetWaiting
[03/12/2008|18:08] C:\Program Files\Nikon
[19/11/2008|19:18] C:\Program Files\Online Services
[17/04/2009|17:07] C:\Program Files\OpenOffice.org 3
[10/10/2009|19:01] C:\Program Files\PhotoFiltre
[24/06/2010|15:21] C:\Program Files\RALINK
[27/09/2008|12:17] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[20/11/2008|19:49] C:\Program Files\Skype
[12/12/2010|14:52] C:\Program Files\Spybot - Search & Destroy
[27/09/2008|12:16] C:\Program Files\Synaptics
[16/09/2010|18:38] C:\Program Files\TomTom DesktopSuite
[12/12/2010|14:30] C:\Program Files\TrendMicro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[20/11/2008|22:29] C:\Program Files\VideoLAN
[26/05/2010|21:28] C:\Program Files\Windows Calendar
[26/05/2010|21:28] C:\Program Files\Windows Collaboration
[26/05/2010|21:28] C:\Program Files\Windows Defender
[30/11/2010|20:46] C:\Program Files\Windows Live
[20/03/2009|14:30] C:\Program Files\Windows Live SkyDrive
[11/11/2010|18:54] C:\Program Files\Windows Mail
[17/10/2010|19:27] C:\Program Files\Windows Media Player
[19/11/2008|19:11] C:\Program Files\Windows NT
[26/05/2010|21:28] C:\Program Files\Windows Photo Gallery
[28/05/2010|15:53] C:\Program Files\Windows Portable Devices
[26/05/2010|21:28] C:\Program Files\Windows Sidebar
[13/03/2009|09:25] C:\Program Files\Yahoo!
[12/12/2010|16:28] C:\Program Files\ZHPDiag

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/08/2008|02:40] C:\Program Files\Common Files\Adobe
[23/08/2010|21:05] C:\Program Files\Common Files\DESIGNER
[10/07/2009|22:14] C:\Program Files\Common Files\DivX Shared
[01/08/2008|02:53] C:\Program Files\Common Files\InstallShield
[01/08/2008|02:59] C:\Program Files\Common Files\Java
[27/09/2008|12:52] C:\Program Files\Common Files\LightScribe
[30/11/2010|20:29] C:\Program Files\Common Files\microsoft shared
[01/08/2008|02:24] C:\Program Files\Common Files\muvee Technologies
[03/12/2008|18:10] C:\Program Files\Common Files\Nikon
[17/09/2010|19:39] C:\Program Files\Common Files\PctelEapPeer Authentication
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[20/11/2008|19:49] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[19/11/2008|19:57] C:\Program Files\Common Files\Symantec Shared
[26/05/2010|21:28] C:\Program Files\Common Files\System
[13/03/2009|08:50] C:\Program Files\Common Files\Windows Live
[19/11/2008|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 89 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 17:31:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\LO6B3E~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7WP10NCX\0-O1TSadUD-crack-s-[1].png


[F:13][D:26]-> C:\Users\LO6B3E~1\AppData\Local\Temp
[F:143][D:1]-> C:\Users\LO6B3E~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:378][D:9]-> C:\Users\LO6B3E~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:45][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 12/12/2010|17:17 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 12/12/2010|17:35 - Option : [2]

--------------------\\ Fin du rapport a 17:35:06
[ UAC => 1 ]
0
Réponse 12 / 18
Utilisateur anonyme
 
Copie les lignes suivantes en gras ci dessous, c'est à dire
que tu sélectionnes les lignes indiquées en gras avec ta souris, tu fait
clic droit dessus>copier

R3 - URLSearchHook: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
O2 - BHO: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
OPT:O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
OPT:O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
OPT:O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
OPT:O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
OPT:O4 - Global Startup: C:\Users\élo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk . (.Pas de propriétaire.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O42 - Logiciel: MessengerPlusLive France TB Toolbar - (.MessengerPlusLive France TB.) [HKLM] -- MessengerPlusLive_France_TB Toolbar
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB]
[HKLM\Software\MessengerPlusLive_France_TB]
[HKLM\Software\BrowserChoice]
O43 - CFD: 07/11/2010 - 11:52:42 ----D- C:\Program Files\MessengerPlusLive_France_TB


* Lance ZHPFix, soit à partir d'un raccourci sur le bureau, soit à partir de
ZHPDiag (avec Vista/Seven, clic droit dessus, et sur exécuter en
tant qu'administrateur)
* Clique sur l'icône représentant la lettre H, cela collera les lignes que tu
as mis en mémoire
* Clique sur OK, sur Tous, puis sur Nettoyer
* Copie/colle la totalité du rapport dans ta prochaine réponse

0
Réponse 13 / 18
chocoreve
 
Rapport de ZHPFix 6.12.3226 par Nicolas Coolman, Update du 06/12/2010
Fichier d'export Registre : C:\ZHPExportRegistry-12-12-2010-18-04-34.txt
Run by élo at 12/12/2010 18:04:34
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O2 - BHO: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll => Clé absente
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] => Clé supprimée avec succès
[HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] => Clé supprimée avec succès
HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB => Clé supprimée avec succès
HKLM\Software\MessengerPlusLive_France_TB => Clé absente
HKLM\Software\BrowserChoice => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll => Valeur absente
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll => Valeur supprimée avec succès
O3 - Toolbar: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_France_TB\tbMess.dll => Valeur absente
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe => Valeur supprimée avec succès
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe => Valeur supprimée avec succès
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur supprimée avec succès
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll => Valeur supprimée avec succès
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll => Valeur supprimée avec succès
O4 - HKUS\S-1-5-21-1276604291-2610430254-1979128324-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur absente

========== Dossier(s) ==========
C:\Program Files\MessengerPlusLive_France_TB => Dossier absent

========== Fichier(s) ==========
c:\program files\messengerpluslive_france_tb\tbmess.dll () => Fichier absent
c:\program files\yahoo!\companion\installs\cpn\yt.dll => Supprimé et mis en quarantaine
c:\users\élo\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.0.lnk => Supprimé et mis en quarantaine

========== Logiciel(s) ==========
O42 - Logiciel: MessengerPlusLive France TB Toolbar - (.MessengerPlusLive France TB.) [HKLM] -- MessengerPlusLive_France_TB Toolbar => Logiciel déjà supprimé


========== Récapitulatif ==========
6 : Clé(s) du Registre
10 : Valeur(s) du Registre
1 : Dossier(s)
3 : Fichier(s)
1 : Logiciel(s)


End of the scan
0
Réponse 14 / 18
Utilisateur anonyme
 
--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 17:31:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

Il y a 3 éléments cachés, je voudrai vérifier s'il y a un rootkit

Désactive l'UAC: contrôle de compte d'utilisateur

Clique sur le menu Démarrer puis sur Panneau de configuration , Comptes d'utilisateurs
Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs:
Une nouvelle fenêtre s'ouvre,décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur puis OK:
Une demande s'affiche si vous voulez redémarrer votre ordinateur, clique sur redémarrer maintenant


* Télécharge Defogger (de jpshortstuff) sur ton Bureau
* Lance le
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
* Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"


Il faut impérativement désactiver tous tes logiciels de protection (antivirus,
antispyware, pare-feu) pour utiliser ce programme
Télécharge Gmer http://www.gmer.net/
* Clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.

O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
0
Réponse 15 / 18
chocoreve
 
GMER a planté 2 fois
pendant que je scane, l'application se termine sans raison, je n'ai donc pas le temps de continuer
0
Réponse 16 / 18
chocoreve
 
le scan de GMER a réussi
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-12 20:22:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC44C
Running: reumreum.exe; Driver: C:\Users\LO6B3E~1\AppData\Local\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90D30BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90D309D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90D30B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82BABDF0 7 Bytes JMP 90D30B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C1728F 5 Bytes JMP 90D2C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82C70063 5 Bytes JMP 90D2DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82C71905 7 Bytes JMP 90D309D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CD190A 7 Bytes JMP 90D30BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1724] kernel32.dll!SetUnhandledExceptionFilter 7566A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!CreateWindowExW 75C41305 3 Bytes JMP 6D4FDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!CreateWindowExW + 4 75C41309 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxParamW 75C610B0 5 Bytes JMP 6D4254F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxIndirectParamW 75C62EF5 5 Bytes JMP 6D5F5027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxParamA 75C78152 5 Bytes JMP 6D5F4FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxIndirectParamA 75C7847D 5 Bytes JMP 6D5F508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxIndirectA 75C8D4D9 5 Bytes JMP 6D5F4F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxIndirectW 75C8D5D3 5 Bytes JMP 6D5F4EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxExA 75C8D639 5 Bytes JMP 6D5F4E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxExW 75C8D65D 5 Bytes JMP 6D5F4E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 6D4F9AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!CallNextHookEx 75C38E3B 3 Bytes JMP 6D4ED14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!CallNextHookEx + 4 75C38E3F 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 6D464686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!CreateWindowExW 75C41305 3 Bytes JMP 6D4FDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!CreateWindowExW + 4 75C41309 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!DialogBoxParamW 75C610B0 5 Bytes JMP 6D4254F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!DialogBoxIndirectParamW 75C62EF5 5 Bytes JMP 6D5F5027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!DialogBoxParamA 75C78152 5 Bytes JMP 6D5F4FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!DialogBoxIndirectParamA 75C7847D 5 Bytes JMP 6D5F508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!MessageBoxIndirectA 75C8D4D9 5 Bytes JMP 6D5F4F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!MessageBoxIndirectW 75C8D5D3 5 Bytes JMP 6D5F4EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!MessageBoxExA 75C8D639 5 Bytes JMP 6D5F4E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] USER32.dll!MessageBoxExW 75C8D65D 5 Bytes JMP 6D5F4E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ole32.dll!OleLoadFromStream 75B01E80 5 Bytes JMP 6D5F538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ole32.dll!CoCreateInstance 75B39F3E 5 Bytes JMP 6D4FDBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!closesocket 75D5330C 5 Bytes JMP 6B5941DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!recv 75D5343A 5 Bytes JMP 6B594549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!socket 75D536D1 5 Bytes JMP 6B59354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!connect 75D540D9 5 Bytes JMP 6B5935DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!getaddrinfo 75D5418A 5 Bytes JMP 6B593704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6104] ws2_32.dll!send 75D5659B 5 Bytes JMP 6B593B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00280002
IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00280000
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Est ce que je dois faire autre chose avec GMER, après avoir scan et save?
0
Réponse 17 / 18
Utilisateur anonyme
 
Apparemment, rien d'anormal
Reessaye Malwarebytes
0
Réponse 18 / 18
sru14229 Messages postés 328 Statut Membre 11
 
c'est bien un virus baggle et c'est findykill qui le nettoie
charge findykill et nettoie ton pc
-3
chocoreve
 
j'ai déjà utiliser findykill, analysé et supprimé, mais apparement il y a encore quelque chose (parce que j'ai réessayé de téléchargé itunes!)
là je viens de télécharger ZHPDiag, j''ai vu ça sur les autres post peut etre que ca va apporté quelque chose
0
chocoreve
 
ci joint le rapport ZHPDiag
http://www.cijoint.fr/cjlink.php?file=cj201012/cijOqyG2rh.txt
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses