Sujet Précédent Sujet Suivant

Combofix

Résolu/Fermé
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011 - 2 janv. 2011 à 15:59
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 4 janv. 2011 à 20:39
Bonjour,

Mon ordi a été infesté par le trojan dont vous parlez. J'ai suivi la procédure et je suis arrivé jusqu-au rapport de combofix mais je ne sais pas où je dois l'envoyer.

Merci par avance pour votre réponse.

CP

53 réponses

Réponse 1 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
Modifié par juju666 le 2/01/2011 à 16:14
hello

pourquoi as tu utilisé combofix ?

c'est pas un outil a utiliser ainsi... il pourrait figer ton pc. Il doit être utilisé si conseillé par une personne formée à l'outil et sachant récupérer le pc si problème il y a.

tu peux poster le rapport ici

puis :

Nous allons effectuer un diagnostic de ton PC:
Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau"<gras> et décoche la case <gras>"Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html

▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

@+
En formation avancée chez Helper-Formation.
Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée
0
Réponse 2 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 16:17
ici où ? Désolée mais je suis pas experte j'ai utilisé combofix en suivant les indications sur la page de discussion JS:Illredir-CB [Trj]. J'espère ne pas avoir emdommagé mon ordi.

Dois-je vraiment installerZHPDiag sur mon bureau ? Tout semble rentré dans l'ordre.
CP
0
Réponse 3 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 16:23
C:\ComboFix.txt
Ouvre ce fichier, ctrl+a, ctrl+c, reviens ici et fais ctrl+v

puis fais le diag avec ZHPDiag, il peut rester des traces

@+
0
Réponse 4 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 16:31
ComboFix 11-01-01.03 - Piquemal 02/01/2011 15:23:51.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3063.1916 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp119C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp1EE5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3A51.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp4088.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp4356.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp4893.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp52E7.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp5E16.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp5E32.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp69C9.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp6E3C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp709D.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp8361.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp94BF.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp95E8.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9701.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp98C5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp99FD.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9C00.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA080.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA36F.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA449.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA488.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA553.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA672.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpAA33.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpB75C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpBAD5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD020.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD73B.tmp
c:\users\Piquemal\AppData\Roaming\Desktopicon
c:\users\Piquemal\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Piquemal\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Piquemal\AppData\Roaming\nsb68A6.exe
c:\windows\system32\ajvydfaeubhejfko.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-02 au 2011-01-02 ))))))))))))))))))))))))))))))))))))
.

2011-01-02 14:30 . 2011-01-02 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 15:43 . 2011-01-01 15:43 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\windows\Sun
2010-12-10 16:02 . 2010-12-10 16:02 125641 ----a-w- c:\windows\system32\ee84486b.exe
2010-12-10 16:02 . 2010-12-24 17:11 61313 ----a-w- c:\windows\system32\nmbnmzbueesyerxlx.exe
2010-12-10 15:05 . 2011-01-01 16:57 -------- d-----w- c:\programdata\eMule

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35 1409 ----a-w- c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{889C8377-C298-7103-E112-5186220B3ED9} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-jaerrinezx - c:\windows\system32\ajvydfaeubhejfko.dll
AddRemove-AF9035HB DriverInstaller_10.4.26.1 - c:\users\Piquemal\AppData\Local\Temp\DriverInstall32.exe
AddRemove-eBay Icon - c:\users\Piquemal\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-nbpixgtowqk - c:\users\Piquemal\AppData\Roaming\nsb68A6.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-01-02 15:34:16
ComboFix-quarantined-files.txt 2011-01-02 14:34

Avant-CF: 184 285 736 960 octets libres
Après-CF: 184 229 912 576 octets libres

- - End Of File - - 02E75852882AD021C8546B8682DB2B29
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 16:52
Rapport de combo vu

Et ZHPDiag ? :)
0
Réponse 6 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 17:01
ZHPDiag pas installé. Je suis allée sur le lien commentcamarche et la procédure ne s'affiche pas comme indiqué donc j'ai préféré laisser tomber.
0
Réponse 7 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
Modifié par juju666 le 2/01/2011 à 17:11
pourtant c'est pas compliqué :)


Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

▶ Clique sur l'icône représentant une loupe en haut à gauche (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
En formation avancée chez Helper-Formation.
Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée
0
Réponse 8 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 17:23
Aussi, il faudrait faire ceci :


▶ Rentre dans ton panneau de configuration....
▶ Apparence et personnalisation...
▶ Option des dossiers...(double cliquer dessus)
▶ Dans l'onglet affichage un peu plus bas où il est indiqué "Afficher les dossiers et fichiers cachés": Coche cette option
▶ Encore plus bas : Masquer les fichiers protégés du système d'exploitation (recommandé) : à décocher.

▶ ▶ ensuite rends toi sur ce lien:
https://www.virustotal.com/gui/


▶ Là où il est indiqué "Envoyer le fichier", Clique sur "Parcourir"
recherche les entrées suivante dans ton disque : 

c:\windows\RegBootClean.exe


▶ Si une fenêtre apparait disant, "Le fichier a déjà été Analysé", Alors clique sur Réanalyser le fichier maintenant

▶ Copie et colle le lien de ta barre d'adresse ici, après que l'analyse soit terminée
0
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 17:48
http://www.virustotal.com/file-scan/reanalysis.html?id=88fb2595e82ceae84e49f8798cca1b107fe8494a427ccc37c0092de3b26257db-1293986909
0
Réponse 9 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 17:30
C"est pas compliqué quand on sait ce qu'on fait :)

J'ai fais le diagnostic Rapport de ZHPDiag v1.27.1471 par Nicolas Coolman, Update du 30/12/2010
Run by Piquemal at 1/2/2011 5:22:50 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v

---\\ System Information
Windows 7 Home Premium Edition, 32-bit (Build 7600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3063.3 MB (63% free)
System Restore:
System drive C: has 171 GB (60%) free of 283 GB

---\\ Logged in mode
Computer Name: PC-PIQUEMAL
User Name: Piquemal
All Users Names: Piquemal, HomeGroupUser$, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 171 Go of 283 Go)
E:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.10/31/2009 6:45:39 AM.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/28/2009 7:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 2:26:15 AM.) -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/14/2009 2:20:44 AM.) -- C:\Windows\System32\drivers\ntfs.sys [1210432]


---\\ Processus lancés
[MD5.B210175A0B9247540F4D8D8102C86A31] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [288312]
[MD5.41173AEE838B3988D4B00FA97629B93E] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744]
[MD5.D2FAF4BCDF73D10EBBAF38B5E009F41C] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [458844]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000]
[MD5.A2D390F1F2408B94EF34BFE3A00C29D3] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [148888]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288]
[MD5.D2661AF7E22AE40F7A49AF1155CC34D2] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [76344]
[MD5.BAB535431D88D878A2DDCD8B67CF900A] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe [274432]
[MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552]
[MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]
[MD5.64584E925516568C2F6ACF337991E9BC] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400]
[MD5.F59BEA8794FD4C8472E3F35848945319] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936]
[MD5.2240A1A5973B31F9D050C137BD5794EA] - (.Matsushita Electric Industrial Co., Ltd. - PHOTOfunSTUDIO.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [40960]
[MD5.540E5F7A6AA459A0CD53CA91267B1B2C] - (.Sigmatel - w98Eject.) -- C:\windows\System\w98eject.exe [61440]
[MD5.3A19B2D2B5659D375FFFBA9EB71987B8] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000]
[MD5.EEBD0B763F32A26421A35CC2C735E8E3] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368]
[MD5.43DEA4C9A58CED1054794AAD727A43D9] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2352416]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888]
[MD5.017B1CDDA13B2FBBD54232BA19C8C6A5] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe [47104]
[MD5.58CF468D3FF4CF830339FE5E45356355] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [673040]
[MD5.8B4022226C18FA378C324C11CBADDA36] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [304304]
[MD5.E71E84BD9910750E421708112ADFC822] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [621568]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.732] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF\tbSoft.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI160] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (.Broadcom Corporation..) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk . (.Matsushita Electric Industrial Co., Ltd..) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk . (.Sigmatel.) -- C:\windows\System\w98eject.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk . (.Pas de propriétaire.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..) -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.) -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Format Factory.lnk . (.Free Time.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..) -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.) -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Format Factory.lnk . (.Free Time.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (.Pas de propriétaire.) -- C:\windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSGuide.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\windows\system32\GPhotos.scr
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll


---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com
O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.fr/ExtraFilmUploader6.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\windows\system32\webcheck.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (ACDaemon) . (.ArcSoft Inc. - ArcSoft Connect Service.) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service: (AgereModemAudio) . (.LSI Corporation - LSI Soft Modem Call Progress Service.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
O23 - Service: (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\windows\system32\FsUsbExService.exe
O23 - Service: (FTRTSVC) . (.France Telecom SA - Pas de description.) - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\windows\Tasks\CreateChoiceProcessTask.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeLogonTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeScheduledTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] [APT] [{2167FF56-FE64-4A91-A2EA-95E891001126}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.8B02A2A49A76AE63E51F7642B6B063A3] [APT] [{583B7D91-384F-4032-B9C8-E85FFA02C02F}] (.France Telecom SA.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetectorSetup.exe
[MD5.00000000000000000000000000000000] [APT] [{6EBDA793-4DBC-4B49-991C-EC1DA5846904}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{8B7EA9FF-981A-4888-9F9E-C83C1B182F97}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A49883E1-5E17-4734-8581-57BEAFEDA364}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B107D644-E83E-424B-B624-C52C4AB71E33}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F99EFB9C-9408-4930-8443-B1EBD4BFF3F8}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.D244D86CBEE4DE76EC4D151D9836E808] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: C:\windows\system32\drivers\afd.sys (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) - C:\Windows\System32\drivers\mfehidk.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - C:\Windows\System32\drivers\mfetdik.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A92000000001}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {74EC78BC-B379-4E29-9006-8F161DCAABA6}
O42 - Logiciel: ArcSoft Software Suite - (.ArcSoft.) [HKLM] -- {497A1721-088F-41EF-8876-B43C9DA5528B}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: CPQ Wallpaper - (.Hewlett-Packard.) [HKLM] -- {F173C2B3-296F-458C-98FF-1676A42EBA02}
O42 - Logiciel: Card Detector for Huawei E160 - (.Pas de propriétaire.) [HKLM] -- CardDetectorHUAWEI160
O42 - Logiciel: Choice Guard - (.Microsoft Corporation.) [HKLM] -- {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
O42 - Logiciel: Contextual Tool Yourmoneybox - (.Pas de propriétaire.) [HKLM] -- ee84486b
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- {D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: DirectX 9 Runtime - (.Sonic Solutions.) [HKLM] -- {AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
O42 - Logiciel: Désinstallation de Internet Everywhere - (.Pas de propriétaire.) [HKLM] -- {BEWINTERNET-FR-DMGP-V2}.UninstallSuite
O42 - Logiciel: Extrafilm Designer FR - (.Pas de propriétaire.) [HKLM] -- ExtraFilmDesignerFR
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
O42 - Logiciel: HP Common Access Service Library - (.Hewlett-Packard.) [HKLM] -- {87CA636B-85B8-4611-A81D-F97E71024AFD}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM] -- {511376F5-7E5A-4EC9-B603-193B1D425BC3}
O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard.) [HKLM] -- {76AF1F61-BB44-4694-A0EA-C6830C8BEF41}
O42 - Logiciel: HP User Guides 0140 - (.Hewlett-Packard.) [HKLM] -- {9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {54CC7901-804D-4155-B353-21F0CC9112AB}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {3CCB732A-E472-4CF9-B1EE-F18365341FE0}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {82EF29B1-9B60-4142-A155-0599216DD053}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 5.2 - (.Photo Editor Software, Inc..) [HKLM] -- Magic Photo Editor_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}
O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] -- {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
O42 - Logiciel: Optimization System Earnforfun. - (.Pas de propriétaire.) [HKLM] -- nmbnmzbueesyerxlx
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930}
O42 - Logiciel: PHOTOfunSTUDIO -viewer- - (.Panasonic.) [HKLM] -- {9A9DBEBC-C800-4776-A970-D76D6AA405B1}
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: QLBCASL - (.Hewlett-Packard.) [HKLM] -- {F1D7AC58-554A-4A58-B784-B61558B1449A}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2005 Runtime - (.RealNetworks.) [HKLM] -- {026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio MyDVD - (.Roxio.) [HKLM] -- {30A2A953-DEB1-466A-B660-F4399C7C6B9D}
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Drive Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver Drive
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- {AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SigmaTel MSCN Audio Player - (.Pas de propriétaire.) [HKLM] -- {D53F7F05-4F17-4024-88C8-3C012E8555B4}
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar
O42 - Logiciel: Sonic CinePlayer Decoder Pack - (.Sonic Solutions.) [HKLM] -- {8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard.) [HKLM] -- {E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {01523985-2098-43AF-9C97-12B07BE02A9B}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {F69E83CF-B440-43F8-89E6-6EA80712109B}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {059C042E-796A-4ACC-A81A-ECC2010BB78C}
O42 - Logiciel: avast! Antivirus - (.Alwil Software.) [HKLM] -- avast!

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\89e1f2ec]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software\{36117CC7-66F5-092D-B3E0-85B89AD3F7BB}]
[HKCU\Software\AppDataLow\Software\{C6E3F236-56FB-B0CE-DADE-CF4532C12819}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\Aurigma]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ExtraFilmDesignerFR]
[HKCU\Software\FreeTime]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INTEL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mobileleader]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Panasonic]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Roxio]
[HKCU\Software\Samsung]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Textalk]
[HKCU\Software\Trolltech]
[HKCU\Software\Wget]
[HKCU\Software\Widcomm]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HPS]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LSI]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\MarkAny]
[HKLM\Software\Marvell]
[HKLM\Software\McAfee]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\PDFComplete]
[HKLM\Software\Panasonic]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Roxio]
[HKLM\Software\Samsung]
[HKLM\Software\Softonic_France_FF]
[HKLM\Software\Sonic]
[HKLM\Software\Sonix]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Synaptics]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\illiminable]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD: 2/14/2010 - 12:22:08 PM ----D- C:\Program Files\Adobe
O43 - CFD: 11/10/2009 - 11:11:30 AM ----D- C:\Program Files\Alwil Software
O43 - CFD: 1/1/2010 - 6:42:30 PM ----D- C:\Program Files\Apple Software Update
O43 - CFD: 1/1/2010 - 6:40:20 PM ----D- C:\Program Files\ArcSoft
O43 - CFD: 12/8/2009 - 1:35:24 PM ----D- C:\Program Files\CADEAUPHOTO.COM
O43 - CFD: 2/5/2010 - 5:18:10 PM ----D- C:\Program Files\CardDetector
O43 - CFD: 1/2/2011 - 3:27:16 PM ----D- C:\Program Files\Common Files
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Conduit
O43 - CFD: 9/26/2010 - 1:05:00 PM ----D- C:\Program Files\CyberLink
O43 - CFD: 11/3/2010 - 8:51:02 PM ----D- C:\Program Files\DIFX
O43 - CFD: 11/6/2009 - 7:26:10 PM ----D- C:\Program Files\DVD Maker
O43 - CFD: 11/29/2009 - 9:35:56 PM ----D- C:\Program Files\Extrafilm Designer FR
O43 - CFD: 3/27/2010 - 5:34:18 PM ----D- C:\Program Files\FreeTime
O43 - CFD: 3/28/2010 - 8:35:48 PM ----D- C:\Program Files\Google
O43 - CFD: 12/21/2010 - 6:55:46 PM ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 11/3/2009 - 4:59:38 PM ----D- C:\Program Files\IDT
O43 - CFD: 12/21/2010 - 6:56:36 PM --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 11/3/2009 - 4:55:24 PM ----D- C:\Program Files\Intel
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/10/2009 - 12:12:30 PM ----D- C:\Program Files\Java
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\JRE
O43 - CFD: 11/3/2009 - 5:00:12 PM ----D- C:\Program Files\LSI SoftModem
O43 - CFD: 12/23/2009 - 11:38:58 PM ----D- C:\Program Files\Magic Photo Editor
O43 - CFD: 11/3/2010 - 8:57:18 PM ----D- C:\Program Files\MarkAny
O43 - CFD: 11/3/2010 - 9:56:24 PM ----D- C:\Program Files\MarkAnyContentSAFER
O43 - CFD: 9/15/2009 - 1:29:42 AM ----D- C:\Program Files\Marvell
O43 - CFD: 11/3/2009 - 5:01:46 PM ----D- C:\Program Files\Microsoft
O43 - CFD: 7/27/2009 - 12:09:12 PM ----D- C:\Program Files\Microsoft Games
O43 - CFD: 12/19/2010 - 8:54:18 AM ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 6/26/2010 - 9:06:50 AM ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\MSBuild
O43 - CFD: 11/10/2009 - 10:50:46 AM ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 9/12/2010 - 1:59:26 PM ----D- C:\Program Files\Nero
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 4/3/2010 - 11:48:24 AM ----D- C:\Program Files\Orange
O43 - CFD: 1/1/2010 - 6:25:22 PM ----D- C:\Program Files\Panasonic
O43 - CFD: 11/3/2010 - 8:57:16 PM ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD: 11/29/2009 - 7:34:16 PM ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 1/1/2010 - 6:43:06 PM ----D- C:\Program Files\QuickTime
O43 - CFD: 3/28/2010 - 8:23:18 PM ----D- C:\Program Files\Real
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Roxio
O43 - CFD: 11/2/2010 - 10:20:36 PM ----D- C:\Program Files\Samsung
O43 - CFD: 7/18/2010 - 7:12:40 PM ----D- C:\Program Files\SigmaTel
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Softonic_France_FF
O43 - CFD: 11/4/2009 - 12:17:38 AM ----D- C:\Program Files\Synaptics
O43 - CFD: 7/14/2009 - 5:53:24 AM --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 3/27/2010 - 5:35:42 PM ----D- C:\Program Files\VideoLAN
O43 - CFD: 11/3/2009 - 4:57:18 PM ----D- C:\Program Files\WIDCOMM
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Defender
O43 - CFD: 11/6/2009 - 7:14:42 PM ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/3/2009 - 5:01:40 PM ----D- C:\Program Files\Windows Live
O43 - CFD: 11/3/2009 - 5:01:30 PM ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Windows Mail
O43 - CFD: 10/15/2010 - 5:36:00 PM ----D- C:\Program Files\Windows Media Player
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Windows NT
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 7/14/2009 - 5:52:34 AM ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 1/2/2011 - 5:22:58 PM ----D- C:\Program Files\ZHPDiag
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 9/19/2010 - 8:15:54 PM ----D- C:\ProgramData\Adobe
O43 - CFD: 12/10/2010 - 5:03:46 PM ----D- C:\ProgramData\al
O43 - CFD: 1/1/2010 - 6:42:28 PM ----D- C:\ProgramData\Apple
O43 - CFD: 1/1/2010 - 6:42:46 PM ----D- C:\ProgramData\Apple Computer
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Application Data
O43 - CFD: 12/1/2010 - 11:57:16 AM ----D- C:\ProgramData\ArcSoft
O43 - CFD: 9/26/2010 - 1:12:28 PM ----D- C:\ProgramData\CyberLink
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Desktop
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Documents
O43 - CFD: 1/1/2011 - 5:57:10 PM ----D- C:\ProgramData\eMule
O43 - CFD: 11/29/2009 - 9:35:54 PM ----D- C:\ProgramData\ExtraFilm
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Favorites
O43 - CFD: 3/28/2010 - 8:22:20 PM ----D- C:\ProgramData\Google
O43 - CFD: 12/21/2010 - 6:45:26 PM ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 12/7/2009 - 6:26:10 PM ----D- C:\ProgramData\hps
O43 - CFD: 9/12/2010 - 1:54:16 PM -S--D- C:\ProgramData\Microsoft
O43 - CFD: 11/10/2009 - 10:18:52 AM ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 9/12/2010 - 1:59:28 PM ----D- C:\ProgramData\Nero
O43 - CFD: 11/3/2010 - 9:24:46 PM ----D- C:\ProgramData\PC Suite
O43 - CFD: 12/14/2010 - 7:18:12 PM ----D- C:\ProgramData\Real
O43 - CFD: 4/28/2010 - 6:23:46 AM ----D- C:\ProgramData\Roxio
O43 - CFD: 3/27/2010 - 6:36:22 PM ----D- C:\ProgramData\Sonic
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 9/26/2010 - 1:04:56 PM ----D- C:\ProgramData\Temp
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Templates
O43 - CFD: 11/3/2009 - 5:04:02 PM ----D- C:\ProgramData\Uninstall
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A59F6806FDB6C66625F0C7657C39F726] - 1/1/2011 - 4:43:01 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.exe [102400]
O44 - LFC:[MD5.F306D7C356B56C33AFB1F68695BFB25E] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.CFG [1508]
O44 - LFC:[MD5.97E9B09F9F2DA6DD79F9415B824CD296] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.LOG [820]
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 1/2/2011 - 3:02:42 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\QTFont.qfn [54156]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 1/2/2011 - 3:21:23 PM ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\windows\SWXCACLS.exe [212480]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 1/2/2011 - 3:21:50 PM ---A- . (.NirSoft - NirCmd.) -- C:\windows\NIRCMD.exe [31232]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF]
0
Réponse 10 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 17:32
Hop hop hop :D

C'est cool mais faut l'héberger sur cijoint.fr car là il n'est pas complet ;-)

Ensuite tu feras CECI stp suite à l'intervention de notre ami Ced_King qui m'a contacté par Message Privé (et que je remercie)

0
Réponse 11 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 18:01
Ok vu

- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte

- copie/colle dedans les lignes suivantes : 


KillAll::

Files::
c:\windows\system32\ee84486b.exe
c:\windows\system32\nmbnmzbueesyerxlx.exe


- Enregistre ce fichier sous le nom CFScript --> (Type du fichier : tous les fichiers)

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes .
- Fais un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

=> Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Combofix va démarrer,
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
0
Réponse 12 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 18:38
voila c fait

ComboFix 11-01-01.03 - Piquemal 02/01/2011 18:16:35.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3063.1972 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Piquemal\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-12-02 au 2011-01-02 ))))))))))))))))))))))))))))))))))))
.

2011-01-02 17:22 . 2011-01-02 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 16:22 . 2011-01-02 16:23 -------- d-----w- c:\program files\ZHPDiag
2011-01-01 15:43 . 2011-01-01 15:43 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\windows\Sun
2010-12-10 16:02 . 2010-12-10 16:02 125641 ----a-w- c:\windows\system32\ee84486b.exe
2010-12-10 16:02 . 2010-12-24 17:11 61313 ----a-w- c:\windows\system32\nmbnmzbueesyerxlx.exe
2010-12-10 15:05 . 2011-01-01 16:57 -------- d-----w- c:\programdata\eMule

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35 1409 ----a-w- c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4972)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-01-02 18:29:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-02 17:29
ComboFix2.txt 2011-01-02 14:34

Avant-CF: 184 016 191 488 octets libres
Après-CF: 183 702 802 432 octets libres

- - End Of File - - BD5E623174C315084DD5FB470C8C792F
0
Réponse 13 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 18:45
Ok, erreur dans le script, on recommence.... désolé.

- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte

- copie/colle dedans les lignes suivantes : 


KillAll:: 

File:: 
c:\windows\system32\ee84486b.exe 
c:\windows\system32\nmbnmzbueesyerxlx.exe


- Enregistre ce fichier sous le nom CFScript --> (Type du fichier : tous les fichiers)

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes .
- Fais un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

=> Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Combofix va démarrer,
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.

@+
0
Réponse 14 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 19:17
voila le nouveau rapport

ComboFix 11-01-01.03 - Piquemal 02/01/2011 18:55:03.3.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3063.1979 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Piquemal\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\ee84486b.exe"
"c:\windows\system32\nmbnmzbueesyerxlx.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ee84486b.exe
c:\windows\system32\nmbnmzbueesyerxlx.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-02 au 2011-01-02 ))))))))))))))))))))))))))))))))))))
.

2011-01-02 18:00 . 2011-01-02 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 16:22 . 2011-01-02 16:23 -------- d-----w- c:\program files\ZHPDiag
2011-01-01 15:43 . 2011-01-01 15:43 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03 -------- d-----w- c:\windows\Sun
2010-12-10 15:05 . 2011-01-01 16:57 -------- d-----w- c:\programdata\eMule

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35 1409 ----a-w- c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-ee84486b - c:\windows\system32\ee84486b.exe
AddRemove-nmbnmzbueesyerxlx - c:\windows\system32\nmbnmzbueesyerxlx.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(6116)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-01-02 19:06:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-02 18:06
ComboFix2.txt 2011-01-02 17:29
ComboFix3.txt 2011-01-02 14:34

Avant-CF: 183 754 776 576 octets libres
Après-CF: 183 712 989 184 octets libres

- - End Of File - - C55BC61BF3B38D47A17F4FD0863B4428
0
Réponse 15 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 19:20
Voilàààààààààààààà c'est mieux :D

Peux tu passer à ZHPDiag s'il te plaît? :)

@+
0
Réponse 16 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 19:33
Rapport de ZHPDiag v1.27.1471 par Nicolas Coolman, Update du 30/12/2010
Run by Piquemal at 1/2/2011 7:24:09 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v

---\\ System Information
Windows 7 Home Premium Edition, 32-bit (Build 7600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3063.3 MB (63% free)
System Restore:
System drive C: has 171 GB (60%) free of 283 GB

---\\ Logged in mode
Computer Name: PC-PIQUEMAL
User Name: Piquemal
All Users Names: Piquemal, HomeGroupUser$, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 171 Go of 283 Go)
E:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.10/31/2009 6:45:39 AM.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/28/2009 7:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 2:26:15 AM.) -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/14/2009 2:20:44 AM.) -- C:\Windows\System32\drivers\ntfs.sys [1210432]


---\\ Processus lancés
[MD5.B210175A0B9247540F4D8D8102C86A31] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [288312]
[MD5.41173AEE838B3988D4B00FA97629B93E] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744]
[MD5.D2FAF4BCDF73D10EBBAF38B5E009F41C] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [458844]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000]
[MD5.A2D390F1F2408B94EF34BFE3A00C29D3] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [148888]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288]
[MD5.D2661AF7E22AE40F7A49AF1155CC34D2] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [76344]
[MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424]
[MD5.BAB535431D88D878A2DDCD8B67CF900A] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe [274432]
[MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552]
[MD5.F400694D7D2785F60133C20F7F2F4F7A] - (.ArcSoft Inc. - ArcSoft Connect Notifier.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [309824]
[MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952]
[MD5.64584E925516568C2F6ACF337991E9BC] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400]
[MD5.F59BEA8794FD4C8472E3F35848945319] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936]
[MD5.2240A1A5973B31F9D050C137BD5794EA] - (.Matsushita Electric Industrial Co., Ltd. - PHOTOfunSTUDIO.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [40960]
[MD5.540E5F7A6AA459A0CD53CA91267B1B2C] - (.Sigmatel - w98Eject.) -- C:\windows\System\w98eject.exe [61440]
[MD5.3A19B2D2B5659D375FFFBA9EB71987B8] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000]
[MD5.EEBD0B763F32A26421A35CC2C735E8E3] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368]
[MD5.43DEA4C9A58CED1054794AAD727A43D9] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2352416]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888]
[MD5.017B1CDDA13B2FBBD54232BA19C8C6A5] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe [47104]
[MD5.58CF468D3FF4CF830339FE5E45356355] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [673040]
[MD5.8B4022226C18FA378C324C11CBADDA36] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [304304]
[MD5.E71E84BD9910750E421708112ADFC822] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [621568]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.732] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF\tbSoft.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI160] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (.Broadcom Corporation..) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk . (.Matsushita Electric Industrial Co., Ltd..) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk . (.Sigmatel.) -- C:\windows\System\w98eject.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk . (.Pas de propriétaire.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..) -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.) -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Format Factory.lnk . (.Free Time.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..) -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.) -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Format Factory.lnk . (.Free Time.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk . (.Pas de propriétaire.) -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (.Pas de propriétaire.) -- C:\windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSGuide.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\windows\system32\GPhotos.scr
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll


---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com
O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.fr/ExtraFilmUploader6.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\windows\system32\webcheck.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (ACDaemon) . (.ArcSoft Inc. - ArcSoft Connect Service.) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service: (AgereModemAudio) . (.LSI Corporation - LSI Soft Modem Call Progress Service.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
O23 - Service: (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\windows\system32\FsUsbExService.exe
O23 - Service: (FTRTSVC) . (.France Telecom SA - Pas de description.) - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\windows\Tasks\CreateChoiceProcessTask.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeLogonTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeScheduledTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] [APT] [{2167FF56-FE64-4A91-A2EA-95E891001126}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.8B02A2A49A76AE63E51F7642B6B063A3] [APT] [{583B7D91-384F-4032-B9C8-E85FFA02C02F}] (.France Telecom SA.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetectorSetup.exe
[MD5.00000000000000000000000000000000] [APT] [{6EBDA793-4DBC-4B49-991C-EC1DA5846904}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{8B7EA9FF-981A-4888-9F9E-C83C1B182F97}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A49883E1-5E17-4734-8581-57BEAFEDA364}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B107D644-E83E-424B-B624-C52C4AB71E33}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F99EFB9C-9408-4930-8443-B1EBD4BFF3F8}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.D244D86CBEE4DE76EC4D151D9836E808] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: C:\windows\system32\drivers\afd.sys (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) - C:\Windows\System32\drivers\mfehidk.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - C:\Windows\System32\drivers\mfetdik.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A92000000001}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {74EC78BC-B379-4E29-9006-8F161DCAABA6}
O42 - Logiciel: ArcSoft Software Suite - (.ArcSoft.) [HKLM] -- {497A1721-088F-41EF-8876-B43C9DA5528B}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: CPQ Wallpaper - (.Hewlett-Packard.) [HKLM] -- {F173C2B3-296F-458C-98FF-1676A42EBA02}
O42 - Logiciel: Card Detector for Huawei E160 - (.Pas de propriétaire.) [HKLM] -- CardDetectorHUAWEI160
O42 - Logiciel: Choice Guard - (.Microsoft Corporation.) [HKLM] -- {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- {D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: DirectX 9 Runtime - (.Sonic Solutions.) [HKLM] -- {AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
O42 - Logiciel: Désinstallation de Internet Everywhere - (.Pas de propriétaire.) [HKLM] -- {BEWINTERNET-FR-DMGP-V2}.UninstallSuite
O42 - Logiciel: Extrafilm Designer FR - (.Pas de propriétaire.) [HKLM] -- ExtraFilmDesignerFR
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
O42 - Logiciel: HP Common Access Service Library - (.Hewlett-Packard.) [HKLM] -- {87CA636B-85B8-4611-A81D-F97E71024AFD}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM] -- {511376F5-7E5A-4EC9-B603-193B1D425BC3}
O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard.) [HKLM] -- {76AF1F61-BB44-4694-A0EA-C6830C8BEF41}
O42 - Logiciel: HP User Guides 0140 - (.Hewlett-Packard.) [HKLM] -- {9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {54CC7901-804D-4155-B353-21F0CC9112AB}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {3CCB732A-E472-4CF9-B1EE-F18365341FE0}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {82EF29B1-9B60-4142-A155-0599216DD053}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 5.2 - (.Photo Editor Software, Inc..) [HKLM] -- Magic Photo Editor_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}
O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] -- {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930}
O42 - Logiciel: PHOTOfunSTUDIO -viewer- - (.Panasonic.) [HKLM] -- {9A9DBEBC-C800-4776-A970-D76D6AA405B1}
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: QLBCASL - (.Hewlett-Packard.) [HKLM] -- {F1D7AC58-554A-4A58-B784-B61558B1449A}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2005 Runtime - (.RealNetworks.) [HKLM] -- {026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio MyDVD - (.Roxio.) [HKLM] -- {30A2A953-DEB1-466A-B660-F4399C7C6B9D}
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Drive Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver Drive
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- {AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SigmaTel MSCN Audio Player - (.Pas de propriétaire.) [HKLM] -- {D53F7F05-4F17-4024-88C8-3C012E8555B4}
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar
O42 - Logiciel: Sonic CinePlayer Decoder Pack - (.Sonic Solutions.) [HKLM] -- {8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard.) [HKLM] -- {E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {01523985-2098-43AF-9C97-12B07BE02A9B}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {F69E83CF-B440-43F8-89E6-6EA80712109B}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {059C042E-796A-4ACC-A81A-ECC2010BB78C}
O42 - Logiciel: avast! Antivirus - (.Alwil Software.) [HKLM] -- avast!

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\89e1f2ec]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software\{36117CC7-66F5-092D-B3E0-85B89AD3F7BB}]
[HKCU\Software\AppDataLow\Software\{C6E3F236-56FB-B0CE-DADE-CF4532C12819}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\Aurigma]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ExtraFilmDesignerFR]
[HKCU\Software\FreeTime]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INTEL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mobileleader]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Panasonic]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Roxio]
[HKCU\Software\Samsung]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Textalk]
[HKCU\Software\Trolltech]
[HKCU\Software\Wget]
[HKCU\Software\Widcomm]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HPS]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LSI]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\MarkAny]
[HKLM\Software\Marvell]
[HKLM\Software\McAfee]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\PDFComplete]
[HKLM\Software\Panasonic]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Roxio]
[HKLM\Software\Samsung]
[HKLM\Software\Softonic_France_FF]
[HKLM\Software\Sonic]
[HKLM\Software\Sonix]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Synaptics]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\illiminable]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD: 2/14/2010 - 12:22:08 PM ----D- C:\Program Files\Adobe
O43 - CFD: 11/10/2009 - 11:11:30 AM ----D- C:\Program Files\Alwil Software
O43 - CFD: 1/1/2010 - 6:42:30 PM ----D- C:\Program Files\Apple Software Update
O43 - CFD: 1/1/2010 - 6:40:20 PM ----D- C:\Program Files\ArcSoft
O43 - CFD: 12/8/2009 - 1:35:24 PM ----D- C:\Program Files\CADEAUPHOTO.COM
O43 - CFD: 2/5/2010 - 5:18:10 PM ----D- C:\Program Files\CardDetector
O43 - CFD: 1/2/2011 - 6:57:50 PM ----D- C:\Program Files\Common Files
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Conduit
O43 - CFD: 9/26/2010 - 1:05:00 PM ----D- C:\Program Files\CyberLink
O43 - CFD: 11/3/2010 - 8:51:02 PM ----D- C:\Program Files\DIFX
O43 - CFD: 11/6/2009 - 7:26:10 PM ----D- C:\Program Files\DVD Maker
O43 - CFD: 11/29/2009 - 9:35:56 PM ----D- C:\Program Files\Extrafilm Designer FR
O43 - CFD: 3/27/2010 - 5:34:18 PM ----D- C:\Program Files\FreeTime
O43 - CFD: 3/28/2010 - 8:35:48 PM ----D- C:\Program Files\Google
O43 - CFD: 12/21/2010 - 6:55:46 PM ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 11/3/2009 - 4:59:38 PM ----D- C:\Program Files\IDT
O43 - CFD: 12/21/2010 - 6:56:36 PM --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 11/3/2009 - 4:55:24 PM ----D- C:\Program Files\Intel
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/10/2009 - 12:12:30 PM ----D- C:\Program Files\Java
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\JRE
O43 - CFD: 11/3/2009 - 5:00:12 PM ----D- C:\Program Files\LSI SoftModem
O43 - CFD: 12/23/2009 - 11:38:58 PM ----D- C:\Program Files\Magic Photo Editor
O43 - CFD: 11/3/2010 - 8:57:18 PM ----D- C:\Program Files\MarkAny
O43 - CFD: 11/3/2010 - 9:56:24 PM ----D- C:\Program Files\MarkAnyContentSAFER
O43 - CFD: 9/15/2009 - 1:29:42 AM ----D- C:\Program Files\Marvell
O43 - CFD: 11/3/2009 - 5:01:46 PM ----D- C:\Program Files\Microsoft
O43 - CFD: 7/27/2009 - 12:09:12 PM ----D- C:\Program Files\Microsoft Games
O43 - CFD: 12/19/2010 - 8:54:18 AM ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 6/26/2010 - 9:06:50 AM ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\MSBuild
O43 - CFD: 11/10/2009 - 10:50:46 AM ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 9/12/2010 - 1:59:26 PM ----D- C:\Program Files\Nero
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 4/3/2010 - 11:48:24 AM ----D- C:\Program Files\Orange
O43 - CFD: 1/1/2010 - 6:25:22 PM ----D- C:\Program Files\Panasonic
O43 - CFD: 11/3/2010 - 8:57:16 PM ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD: 11/29/2009 - 7:34:16 PM ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 1/1/2010 - 6:43:06 PM ----D- C:\Program Files\QuickTime
O43 - CFD: 3/28/2010 - 8:23:18 PM ----D- C:\Program Files\Real
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Roxio
O43 - CFD: 11/2/2010 - 10:20:36 PM ----D- C:\Program Files\Samsung
O43 - CFD: 7/18/2010 - 7:12:40 PM ----D- C:\Program Files\SigmaTel
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Softonic_France_FF
O43 - CFD: 11/4/2009 - 12:17:38 AM ----D- C:\Program Files\Synaptics
O43 - CFD: 7/14/2009 - 5:53:24 AM --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 3/27/2010 - 5:35:42 PM ----D- C:\Program Files\VideoLAN
O43 - CFD: 11/3/2009 - 4:57:18 PM ----D- C:\Program Files\WIDCOMM
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Defender
O43 - CFD: 11/6/2009 - 7:14:42 PM ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/3/2009 - 5:01:40 PM ----D- C:\Program Files\Windows Live
O43 - CFD: 11/3/2009 - 5:01:30 PM ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Windows Mail
O43 - CFD: 10/15/2010 - 5:36:00 PM ----D- C:\Program Files\Windows Media Player
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Windows NT
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 7/14/2009 - 5:52:34 AM ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 1/2/2011 - 7:24:18 PM ----D- C:\Program Files\ZHPDiag
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 9/19/2010 - 8:15:54 PM ----D- C:\ProgramData\Adobe
O43 - CFD: 12/10/2010 - 5:03:46 PM ----D- C:\ProgramData\al
O43 - CFD: 1/1/2010 - 6:42:28 PM ----D- C:\ProgramData\Apple
O43 - CFD: 1/1/2010 - 6:42:46 PM ----D- C:\ProgramData\Apple Computer
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Application Data
O43 - CFD: 12/1/2010 - 11:57:16 AM ----D- C:\ProgramData\ArcSoft
O43 - CFD: 9/26/2010 - 1:12:28 PM ----D- C:\ProgramData\CyberLink
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Desktop
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Documents
O43 - CFD: 1/1/2011 - 5:57:10 PM ----D- C:\ProgramData\eMule
O43 - CFD: 11/29/2009 - 9:35:54 PM ----D- C:\ProgramData\ExtraFilm
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Favorites
O43 - CFD: 3/28/2010 - 8:22:20 PM ----D- C:\ProgramData\Google
O43 - CFD: 12/21/2010 - 6:45:26 PM ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 12/7/2009 - 6:26:10 PM ----D- C:\ProgramData\hps
O43 - CFD: 9/12/2010 - 1:54:16 PM -S--D- C:\ProgramData\Microsoft
O43 - CFD: 11/10/2009 - 10:18:52 AM ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 9/12/2010 - 1:59:28 PM ----D- C:\ProgramData\Nero
O43 - CFD: 11/3/2010 - 9:24:46 PM ----D- C:\ProgramData\PC Suite
O43 - CFD: 12/14/2010 - 7:18:12 PM ----D- C:\ProgramData\Real
O43 - CFD: 4/28/2010 - 6:23:46 AM ----D- C:\ProgramData\Roxio
O43 - CFD: 3/27/2010 - 6:36:22 PM ----D- C:\ProgramData\Sonic
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 9/26/2010 - 1:04:56 PM ----D- C:\ProgramData\Temp
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Templates
O43 - CFD: 11/3/2009 - 5:04:02 PM ----D- C:\ProgramData\Uninstall
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A59F6806FDB6C66625F0C7657C39F726] - 1/1/2011 - 4:43:01 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.exe [102400]
O44 - LFC:[MD5.F306D7C356B56C33AFB1F68695BFB25E] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.CFG [1508]
O44 - LFC:[MD5.97E9B09F9F2DA6DD79F9415B824CD296] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.LOG [820]
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 1/2/2011 - 3:02:42 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\QTFont.qfn [54156]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 1/2/2011 - 3:21:50 PM ---A- . (.NirSoft - NirCmd.) -- C:\windows\NIRCMD.exe [31232]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\sed.exe [98816]
O44 -
0
Réponse 17 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
Modifié par juju666 le 2/01/2011 à 19:36
Il est incomplet :)


Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html

En formation avancée chez Helper-Formation.
Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée
0
Réponse 18 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 19:39
oh oui pardon je l'ai mis sur ci joint
0
Réponse 19 / 53
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
2 janv. 2011 à 19:47
je ne vois pas le lien ? :)
0
Réponse 20 / 53
carop09 Messages postés 18 Date d'inscription dimanche 2 janvier 2011 Statut Membre Dernière intervention 3 janvier 2011
2 janv. 2011 à 20:05
je l'ai renvoyé ???!
0

Discussions similaires

combofix
batigool15 -
batigool15 -

38 réponses
probleme avec combofix!
amira1812 -
amira1812 -

20 réponses
combofix téléchargeable
abmag -
oussamaz -

63 réponses