help windowsrestore Résolu/Fermé

Question

Bonjour, voila j ai un virus  windowsrestore dans mon pc  de que j allume mon pc il me reste que 3 icones j ai plus mes lien en favoris  plzzzzz  aider moi  merci a vous d avance 



Configuration: Windows XP / Internet Explorer 7.0

Utilisateur anonyme · Answer

Bonjour

* Télécharger sur le bureau RogueKiller 
* Quitter tous les programmes en cours  
* Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur  
* Sinon lancer simplement RogueKiller.exe  
* Lorsque demandé, taper 1 et valider  
*  Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable),  colle son contenu dans la réponse    
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe 

Le cerveau a des capacités tellement étonnantes qu'aujourd'hui pratiquement tout le monde en a un.

andrealphuse · Answer

bonjour voila le rapport RogueKiller V4.3.6 par Tigzy contact sur https://www.luanagames.com/index.fr.html mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: YANNICK [Droits d'admin] Mode: Recherche -- Date : 04/04/2011 15:07:55 Processus malicieux: 2 [APPDT/TMP/DESKTOP] WTyVDJpaBGULUR.exe -- c:\documents and settings\all users.windows\application data\wtyvdjpabgulur.exe -> KILLED [APPDT/TMP/DESKTOP] 20373300.exe -- c:\documents and settings\all users.windows\application data\20373300.exe -> KILLED Entrees de registre: 4 [APPDT/TMP/DESKTOP] HKCU\[...]\Run : WTyVDJpaBGULUR (C:\Documents and Settings\All Users.WINDOWS\Application Data\WTyVDJpaBGULUR.exe) -> FOUND [APPDT/TMP/DESKTOP] HKUS\S-1-5-21-842925246-1123561945-682003330-1003[...]\Run : WTyVDJpaBGULUR (C:\Documents and Settings\All Users.WINDOWS\Application Data\WTyVDJpaBGULUR.exe) -> FOUND [HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND Fichier HOSTS: 127.0.0.1 localhost Termine : << RKreport[1].txt >> RKreport[1].txt

Utilisateur anonyme · Answer

*      Quitter tous les programmes en cours   
*  lancer sRogueKiller.exe  
*   Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur  
*  Lorsque demandé, taper 2 et valider  
*   Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable),  colle son contenu dans la réponse    
*   Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe 
================================================= 

* Télécharge et installe : Malwarebyte's Anti-Malware  
* (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/  
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée  
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)  
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"  
* Sélectionne tes disques durs" puis clique sur "Lancer l'examen"  
* A la fin du scan, clique sur Afficher les résultats  
* Coche tous les éléments détectés puis clique sur Supprimer la sélection  
* Enregistre le rapport  
* S'il t'est demandé de redémarrer, clique sur Yes  
* Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)  
* Si tu as besoin d'aide regarde ce tutorial   
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/  

Le cerveau a des capacités tellement étonnantes qu'aujourd'hui pratiquement tout le monde en a un.

Andrealphuse · Answer

La recherche d' infections est lancer depuis 18 min je te le poste des que c est fini

andrealphuse · Answer

voila le rapport

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 6266

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/04/2011 16:14:18
mbam-log-2011-04-04 (16-14-18).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 314571
Temps écoulé: 36 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WTyVDJpaBGULUR (Trojan.FakeAlert) -> Value: WTyVDJpaBGULUR -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\all users.windows\application data\wtyvdjpabgulur.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc4ded97-1e88-4b83-bfed-3939d6650efb}\RP516\A0094792.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\20373300.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\yannick.e6750-6ac5e2889\Bureau\rk_quarantine\20373300.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\yannick.e6750-6ac5e2889\Bureau\rk_quarantine\wtyvdjpabgulur.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

andrealphuse · Answer

apres l analyse avec Malwarebytes' Anti-Malware  j ai plus la fenetre de windows restory  et j ai toujours pass mes icones

Utilisateur anonyme · Answer

Tes icones sont elles revenues.??
 

On va faire une analyse de ton systéme.  
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Ou le lien FTP en secours :
ftp://zebulon.fr/ZHPDiag2.exe 

* Télécharge ZHPDiag  ( de Nicolas coolman ).  
ou 
ZHPDiag  

                                                  *********************** 
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, " exécuter en tant qu'Administrateur /!\  
* Laisse toi guider lors de l'installation  
* Il se lancera automatiquement à la fin de l'installation  
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)  
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette  
* Héberge le rapport ZHPDiag.txt sur le site cijoint.fr ou toofiles  puis copie/colle le lien fournit dans ta prochaine réponse sur le forum

andrealphuse · Answer

non  mes icones sont pas revenues

andrealphuse · Answer

http://www.cijoint.fr/cjlink.php?file=cj201104/cijst6RSqy.txt

Utilisateur anonyme · Answer

*	rends toi sur ce site : https://www.virustotal.com/gui/ 
==>Analyse ce fichier:
----------------------------------------------------------------------
 C:\PhysicalDisk0_MBR.bin     

----------------------------------------------------------------------
*	Cliquez sur Parcourir... :
*	Sélectionnez le fichier que vous voulez analyser et cliquez sur Ouvrir :
*	Cliquez ensuite sur Envoyez le fichier : s'il a déjà été analysé, demande une nouvelle analyse.
*	Fais un copier/coller du rapport sur le forum.

andrealphuse · Answer

Additional informationShow all  
MD5   : 05ee681840221d8ef5e2b3aef716d9ba 
SHA1  : 97aa7c42ab923f58a7f1e55a792e40468d4faa01 
SHA256: 0c5544a24593511009cb31f166cf38e0f39b77e5d80bb8c5a88f274e3ceba355 
ssdeep: 3072:ZgZxgZIEOc+V+Wny/VbIc5TcZUySbhayq6WDVhqdtQh0i0F2I8HPVBfQ5PHyprYU:CZxdZ
8oy/VLwYO 
File size : 115545 bytes 
First seen: 2011-04-04 15:54:54 
Last seen : 2011-04-04 15:54:54 
TrID: 
Unknown! 
sigcheck: 
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 


VT Community

andrealphuse · Answer

VT Community Sign in ? My account ? Sign out Signing out...   Languages ?  

VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email  
password  
  Keep me logged in 
 Sign in Signing in, please wait...   
 Login failed, please try again  
Forgot your password?  Create an account 

Edit my profile
View my profile
Inbox
 
  Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... 

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. 
File name: ZHPDiag.txt
Submission date: 2011-04-04 16:07:03 (UTC)
Current status: finished
Result: 0 /42 (0.0%)
 VT Community

not reviewed
 Safety score: -  
Compact Print results Antivirus Version Last Update Result 
AhnLab-V3 2011.04.04.00 2011.04.04 - 
AntiVir 7.11.5.183 2011.04.04 - 
Antiy-AVL 2.0.3.7 2011.04.04 - 
Avast 4.8.1351.0 2011.04.04 - 
Avast5 5.0.677.0 2011.04.04 - 
AVG 10.0.0.1190 2011.04.04 - 
BitDefender 7.2 2011.04.04 - 
CAT-QuickHeal 11.00 2011.04.03 - 
ClamAV 0.97.0.0 2011.04.04 - 
Commtouch 5.2.11.5 2011.03.24 - 
Comodo 8219 2011.04.04 - 
DrWeb 5.0.2.03300 2011.04.04 - 
Emsisoft 5.1.0.5 2011.04.04 - 
eSafe 7.0.17.0 2011.04.04 - 
eTrust-Vet 36.1.8251 2011.04.04 - 
F-Prot 4.6.2.117 2011.04.04 - 
F-Secure 9.0.16440.0 2011.04.02 - 
Fortinet 4.2.254.0 2011.04.02 - 
GData 22 2011.04.04 - 
Ikarus T3.1.1.103.0 2011.04.04 - 
Jiangmin 13.0.900 2011.03.31 - 
K7AntiVirus 9.96.4290 2011.04.04 - 
Kaspersky 7.0.0.125 2011.04.04 - 
McAfee 5.400.0.1158 2011.04.04 - 
McAfee-GW-Edition 2010.1C 2011.04.04 - 
Microsoft 1.6702 2011.04.04 - 
NOD32 6014 2011.04.04 - 
Norman 6.07.07 2011.04.04 - 
Panda 10.0.3.5 2011.04.04 - 
PCTools 7.0.3.5 2011.04.04 - 
Prevx 3.0 2011.04.04 - 
Rising 23.51.05.05 2011.04.02 - 
Sophos 4.64.0 2011.04.04 - 
SUPERAntiSpyware 4.40.0.1006 2011.04.04 - 
Symantec 20101.3.2.89 2011.04.04 - 
TheHacker 6.7.0.1.164 2011.04.04 - 
TrendMicro 9.200.0.1012 2011.04.04 - 
TrendMicro-HouseCall 9.200.0.1012 2011.04.04 - 
VBA32 3.12.14.3 2011.04.04 - 
VIPRE 8917 2011.04.04 - 
ViRobot 2011.4.4.4392 2011.04.04 - 
VirusBuster 13.6.286.0 2011.04.04 - 
Additional informationShow all  
MD5   : 05ee681840221d8ef5e2b3aef716d9ba 
SHA1  : 97aa7c42ab923f58a7f1e55a792e40468d4faa01 
SHA256: 0c5544a24593511009cb31f166cf38e0f39b77e5d80bb8c5a88f274e3ceba355 
ssdeep: 3072:ZgZxgZIEOc+V+Wny/VbIc5TcZUySbhayq6WDVhqdtQh0i0F2I8HPVBfQ5PHyprYU:CZxdZ
8oy/VLwYO 
File size : 115545 bytes 
First seen: 2011-04-04 16:07:03 
Last seen : 2011-04-04 16:07:03 
Magic: Non-ISO extended-ASCII English text, with CRLF line terminators 
TrID: 
Unknown! 
sigcheck: 
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
PEiD: - 
ExifTool: 
- 


VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it! 
VirusTotal Team 
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments? 

You can add basic styles to your comments using the following accepted bbcode tags:

[b]text/b -- bold
[i]text/i -- italics
[u]text/u -- underline
[s]text/s -- strikethrough
[code]text/code - preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for. 
 
Goodware Malware Spam attachment/link 
P2P download Propagating via IM Network worm 
Drive-by-download 



Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review. 

Preview commentEdit comment Post comment Posting comment...  
Comment successfully posted 





 

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. 
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- TOS & Privacy Policy

andrealphuse · Answer

comment je fait desole je suis nul en informatique

andrealphuse · Answer

celui la 

Rapport de ZHPDiag v1.27.1862 par Nicolas Coolman, Update du 03/04/2011
Run by YANNICK at 04/04/2011 17:38:14
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 172 GB (77%) free of 221 GB

---\ Logged in mode
Computer Name: E6750-6AC5E2889
User Name: YANNICK
All Users Names: YANNICK, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, 
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\ Environnement Variables
%AppData%=C:\Documents and Settings\YANNICK\Application Data
%LocalAppData%=C:\Documents and Settings\YANNICK\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\YANNICK\Menu Démarrer

---\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 172 Go of 221 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 159 Go of 245 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)



---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK



---\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.AF4EAA3B35A2D206E1902D7CA61B958A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/12/2010 00:53:04.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 11:15:54.) -- C:\WINDOWS\system32\drivers
tfs.sys [574976]



---\ Processus lancés
[MD5.1F31A588CC83A7B76715F9549515C161] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 196.2.) -- C:\WINDOWS\system32
vsvc32.exe   [154216]
[MD5.90DC23D940551DB35367FB1E40575B25] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe   [11736]
[MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [37664]
[MD5.673CF4F6BB1FBE09331B526802FBB892] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe   [345376]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe   [153376]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE   [322120]
[MD5.C4305F070481199D102F20DAC23E554B] - (.NVIDIA - NVIDIA Access Manager.) -- C:\Program Files\NVIDIA Corporation
Tune
TuneService.exe   [131072]
[MD5.627FA58ADC043704F9D14CA44340956F] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe   [360224]
[MD5.A1DD33D16F277CE34124EE52AB2C0F14] - (...) -- C:\WINDOWS\system32\PnkBstrA.exe   [75064]
[MD5.38CDA1E493C6589910A3FBE81ECCD354] - (...) -- C:\WINDOWS\system32\PnkBstrB.exe   [189480]
[MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe   [271760]
[MD5.83E70761489F8235E5BD94A6CCA8437D] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE   [18717696]
[MD5.FCB74635483CE82FF2BE9F91D2C8558E] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe   [91432]
[MD5.A63E46BECDDC697FF9C086D7AACBB0BE] - (.cyberlink - brs.) -- C:\Program Files\Cyberlink\Shared Files\brs.exe   [75048]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- C:\WINDOWS\system32\RUNDLL32.EXE   [33792]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe   [49208]
[MD5.2DFCB2393528446AEB9FB861A8FC39AB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe   [421160]
[MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe   [599328]
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   [68856]
[MD5.0CA8C2E721617AA2F923A8151C96FB33] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe   [820008]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [638816]
[MD5.85D374F30A2015D795B1E8D1258866D4] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe   [116280]
[MD5.C2271BD91106CEEC631265842CAD09DC] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [642048]



---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [YANNICK] -- C:\Documents and Settings\YANNICK\Application Data\Mozilla\Firefox\Profiles\o10br65d.default\searchplugins\live-search.xml
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 2.0.2.39.) -- C:\Program Files\DivX\DivX Plus Web Player
pdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DivX\DivX Player
pDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 3.3.0f4.) -- C:\Documents and Settings\YANNICK.E6750-6AC5E2889\Local Settings\Application Data\Unity\WebPlayer\loader
pUnity3D32.dll



---\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl



---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/
R0 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R1 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\ ---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll



---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll



---\ ---\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe 
O4 - HKLM\..\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe 
O4 - HKLM\..\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files\Cyberlink\Shared Files\brs.exe 
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll 
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll 
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe 
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [NVIDIA nTune] . (.NVIDIA - NVIDIA nTune Command.) -- C:\Program Files\NVIDIA Corporation
Tune
TuneCmd.exe 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe 
O4 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\..\Run: [NVIDIA nTune] . (.NVIDIA - NVIDIA nTune Command.) -- C:\Program Files\NVIDIA Corporation
Tune
TuneCmd.exe 
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co..)  -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe



---\ ---\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...)  -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A92000000001}\SC_Reader.ico (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...)  -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Visionneuse Microsoft Office PowerPoint 2007.lnk . (...)  -- C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Live ID.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\YANNICK\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.)  -- C:\WINDOWS\system32cimlby.exe
O4 - Global Startup: C:\Documents And Settings\YANNICK\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\YANNICK\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\YANNICK\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Windows Media Player\wmplayer.exe



---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll



---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Skype add-on for Internet Explorer - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll



---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



---\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15313CDF-7C07-4B4A-94B6-B35D729EAE01}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A25B85-6DAE-4185-8E8D-B412E0BF8363}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{48A25B85-6DAE-4185-8E8D-B412E0BF8363}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{15313CDF-7C07-4B4A-94B6-B35D729EAE01}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CS2\Services\Tcpip\..\{48A25B85-6DAE-4185-8E8D-B412E0BF8363}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{15313CDF-7C07-4B4A-94B6-B35D729EAE01}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CS3\Services\Tcpip\..\{48A25B85-6DAE-4185-8E8D-B412E0BF8363}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.242



---\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL



---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll



---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll



---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service:  (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service:  (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service:  (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service:  (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service:  (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service:  (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service:  (nTuneService) . (.NVIDIA - NVIDIA Access Manager.) - C:\Program Files\NVIDIA Corporation
Tune
TuneService.exe
O23 - Service:  (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 196.2.) - C:\WINDOWS\system32
vsvc32.exe
O23 - Service:  (PMBDeviceInfoProvider) . (.Sony Corporation - Device Information Provider.) - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service:  (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service:  (PnkBstrB) . (...) - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service:  (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service:  ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD8\000.fcl



---\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)



---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\MP Scheduled Scan.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\User_Feed_Synchronization-{03D05354-AEC8-433F-834F-7392818CEE4B}.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\WGASetup.job
[MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe



---\ Pilotes lancés au démarrage (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver:  (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver:  (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver:  (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\Windows\System32\DRIVERS\MpFilter.sys
O41 - Driver: (MpKsl26f52309) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A30835DB-7393-42A1-93DA-37A993085822}\MpKsl26f52309.sys (.not file.)
O41 - Driver: (MpKsl401ab82a) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38C5890-45E7-4830-A77B-51DF215657C2}\MpKsl401ab82a.sys (.not file.)
O41 - Driver: (MpKsl42e14320) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C423377C-11A8-45FD-87AF-2D7B99EB2C83}\MpKsl42e14320.sys (.not file.)
O41 - Driver: (MpKsl4784e949) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEEF2DCC-A928-4135-918D-55FC0F896C3A}\MpKsl4784e949.sys (.not file.)
O41 - Driver: (MpKsl527b0adb) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1571341-FDD8-4452-808A-F266A7A1BF8B}\MpKsl527b0adb.sys (.not file.)
O41 - Driver: (MpKsl641cc1ef) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38C5890-45E7-4830-A77B-51DF215657C2}\MpKsl641cc1ef.sys (.not file.)
O41 - Driver: (MpKsl728c1bce) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DD730E8-92C0-42F4-B7FD-25EB34E1C4F7}\MpKsl728c1bce.sys (.not file.)
O41 - Driver: (MpKsl796ea5b8) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BF46C6-09C8-4634-BC07-1AD0EF908F08}\MpKsl796ea5b8.sys (.not file.)
O41 - Driver: (MpKsl7db545bd) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38C5890-45E7-4830-A77B-51DF215657C2}\MpKsl7db545bd.sys (.not file.)
O41 - Driver: (MpKsl8ecfde06) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C53B86B4-7C70-45DA-9858-9310F4933F73}\MpKsl8ecfde06.sys (.not file.)
O41 - Driver: (MpKsla60012ac) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C423377C-11A8-45FD-87AF-2D7B99EB2C83}\MpKsla60012ac.sys (.not file.)
O41 - Driver: (MpKslac81359a) . (.Microsoft Corporation - KSLDriver.) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{356BD5E0-4AEA-4717-957C-6135022011B6}\MpKslac81359a.sys
O41 - Driver: (MpKsld7fc1ca7) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38C5890-45E7-4830-A77B-51DF215657C2}\MpKsld7fc1ca7.sys (.not file.)
O41 - Driver: (MpKsle2131de6) . (. - .) - c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1571341-FDD8-4452-808A-F266A7A1BF8B}\MpKsle2131de6.sys (.not file.)
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERSasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERSdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERSedbook.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS	cpip.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS	ermdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys



---\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.4.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {308B6AEA-DE50-4666-996D-0FA461719D6B}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Attansic L1 Gigabit Ethernet Driver - (.Pas de propriétaire.) [HKLM] -- AtcL1
O42 - Logiciel: Belkin F7D1101 Basic Wireless USB Adapter - (.Belkin.) [HKLM] -- InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}
O42 - Logiciel: Belkin F7D1101 Basic Wireless USB Adapter - (.Belkin.) [HKLM] -- {AFD89880-C544-4777-B645-FBF6D3391B11}
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CPUID HWMonitor 1.15 - (.Pas de propriétaire.) [HKLM] -- CPUID HWMonitor_is1
O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM] -- DivX Setup.divx.com
O42 - Logiciel: Cucusoft iPhone Ringtone Maker 2.4.4 - (.Cucusoft, Inc..) [HKLM] -- Cucusoft iPhone Ringtone Maker_is1
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- {2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}
O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM] -- {B13A7C41581B411290FBC0395694E2A9}
O42 - Logiciel: DivX Plus DirectShow Filters - (.DivX, Inc..) [HKLM] -- DivX Plus DirectShow Filters
O42 - Logiciel: Fun Aquarium 3D Screensaver 1.0 - (.Pas de propriétaire.) [HKLM] -- Fun Aquarium 3D Screensaver_is1
O42 - Logiciel: Futuremark SystemInfo - (.Futuremark Corporation.) [HKLM] -- {BEE64C14-BEF1-4610-8A68-A16EAA47B882}
O42 - Logiciel: Garfield(TM) - Sauver Arlène  - (.Hip Games.) [HKLM] -- Garfield Saving Arlene
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}
O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects
O42 - Logiciel: HP Smart Web Printing 4.60 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: ImageShack Uploader 2.2.0 - (.ImageShack Corp..) [HKLM] -- {8BCD7AE7-F713-4D50-BAB9-7839B9386870}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: JDownloader - (.AppWork UG (haftungsbeschränkt).) [HKLM] -- JDownloader
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] -- MSNINST
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1  (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Antimalware - (.Microsoft Corporation.) [HKLM] -- {774088D4-0777-4D78-904D-E435B318F5D2}
O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {0450B7B0-AC71-44A4-AB40-4DD678DF3A8C}
O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9011040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {859B9BCA-5376-4566-9F88-C6C9DAA7A925}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Movies2iPhone 1.24 for Windows - (.OKprods Ltd.) [HKLM] -- Movies2iPhone
O42 - Logiciel: My Photo Books (Foto-cards Edition) - (.Digilabs.) [HKLM] -- {F0142E13-8A6A-47B1-B6EA-AD02A7B63735}
O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
O42 - Logiciel: NVIDIA nTune - (.NVIDIA Corporation.) [HKLM] -- InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
O42 - Logiciel: NVIDIA nView Desktop Manager - (.NVIDIA Corporation.) [HKLM] -- NVIDIA nView Desktop Manager
O42 - Logiciel: OpenAL - (.Pas de propriétaire.) [HKLM] -- OpenAL
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PMB - (.Sony Corporation.) [HKLM] -- {B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {E7004147-2CCA-431C-AA05-2AB166B9785D}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Safari - (.Apple Inc..) [HKLM] -- {6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {981029E0-7FC9-4CF3-AB39-6F133621921A}
O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421}
O42 - Logiciel: VSO Image Resizer 4.0.2.5 - (.VSO-Software.) [HKLM] -- {8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1
O42 - Logiciel: VideoLAN VLC media player 0.8.6c - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] -- KB952011
O42 - Logiciel: Windows Genuine Advantage Validation 1.9.42.0 Cracked - (.Wocarson.) [HKLM] -- {EB1BE39D-4C36-40A0-8CFB-079A2D14CB79}
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Media Format Runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Xvid 1.2.1 final uninstall - (.Xvid team (Koepi).) [HKLM] -- Xvid_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {FAE36873-1941-4076-A9A5-48812B5EA0B7}
O42 - Logiciel: iVideoBot Pro 5.0.0 - (.VOWSoft, Ltd..) [HKLM] -- iVideoBot Pro
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

---\ HKCU & HKLM Software Keys
[HKCU\Software\AC3Filter]
[HKCU\Software\Adobe]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Astro Gemini Software]
[HKCU\Software\Auslogics]
[HKCU\Software\Belkin]
[HKCU\Software\BitTorrent]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Corel]
[HKCU\Software\Cyberlink]
[HKCU\Software\DVD Shrink]
[HKCU\Software\Digital River]
[HKCU\Software\DirectX AppWizard Apps]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\Future Pinball]
[HKCU\Software\GNU]
[HKCU\Software\Gaijin]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\ImageShack Corp.]
[HKCU\Software\ImageShack]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MouseIndustries]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\NeKo]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\SoftVTU]
[HKCU\Software\Softonic]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\Unity]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VOWSoft]
[HKCU\Software\VSO]
[HKCU\Software\Valve]
[HKCU\Software\Wargaming.Net]
[HKCU\Software\WinRAR]
[HKCU\Software\Witan Entertainment BV]
[HKCU\Software\Yahoo]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ASUS]
[HKLM\Software\Activision]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Attansic]
[HKLM\Software\Audible]
[HKLM\Software\Belkin]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Corel]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cucusoft]
[HKLM\Software\CyberLink]
[HKLM\Software\DICE]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\Even Balance]
[HKLM\Software\Futuremark Corporation]
[HKLM\Software\Futuremark]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Lake]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RtWLan]
[HKLM\Software\S3R521]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sony Corporation]
[HKLM\Software\TuneUp]
[HKLM\Software\US Army]
[HKLM\Software\VSO]
[HKLM\Software\Valve]
[HKLM\Software\VideoLAN]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Witan Entertainment BV]
[HKLM\Software\Wocarson]
[HKLM\Software\Yahoo]



---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/12/2010 - 12:54:36 - [0] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 14/11/2010 - 11:20:42 - [162858302] ----D- C:\Program Files\Adobe
O43 - CFD: 26/01/2010 - 18:43:32 - [7657398] ----D- C:\Program Files\AGEIA Technologies
O43 - CFD: 29/06/2010 - 20:19:58 - [2306366] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 10/11/2010 - 10:36:50 - [764597] ----D- C:\Program Files\Astro Gemini Software
O43 - CFD: 05/12/2008 - 17:36:52 - [19047997] ----D- C:\Program Files\ASUS
O43 - CFD: 23/01/2010 - 13:09:54 - [884448] ----D- C:\Program Files\Auslogics
O43 - CFD: 30/07/2010 - 17:52:08 - [68] ----D- C:\Program Files\avsysinfo
O43 - CFD: 23/03/2011 - 12:16:50 - [723913] ----D- C:\Program Files\Belkin
O43 - CFD: 17/10/2010 - 09:49:08 - [599834] ----D- C:\Program Files\Bonjour
O43 - CFD: 11/12/2010 - 14:29:32 - [3501304] ----D- C:\Program Files\CCleaner
O43 - CFD: 05/12/2010 - 14:24:48 - [111306107] ----D- C:\Program Files\Corel
O43 - CFD: 01/02/2010 - 18:44:38 - [2077454] ----D- C:\Program Files\CPUID
O43 - CFD: 30/07/2010 - 17:52:02 - [25896543] ----D- C:\Program Files\Cucusoft
O43 - CFD: 26/01/2010 - 18:53:02 - [158898133] ----D- C:\Program Files\CyberLink
O43 - CFD: 14/04/2008 - 11:13:10 - [2921110] ----D- C:\Program Files\DIFX
O43 - CFD: 28/04/2008 - 10:55:50 - [7823339] ----D- C:\Program Files\Disc2Phone
O43 - CFD: 08/12/2010 - 22:08:56 - [131057899] ----D- C:\Program Files\DivX
O43 - CFD: 28/12/2007 - 15:21:28 - [980121] ----D- C:\Program Files\DVD Shrink
O43 - CFD: 22/02/2010 - 18:23:06 - [569] ----D- C:\Program Files\Electronic Arts
O43 - CFD: 04/04/2011 - 13:22:46 - [8558717] ----D- C:\Program Files\Enigma Software Group
O43 - CFD: 15/08/2008 - 09:13:02 - [319488] ----D- C:\Program Files\ESTsoft
O43 - CFD: 01/08/2010 - 21:06:02 - [1129388120] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 27/10/2008 - 21:20:06 - [13376734] ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD: 08/12/2010 - 22:08:56 - [41087247] ----D- C:\Program Files\Freeplayer
O43 - CFD: 18/08/2010 - 15:26:50 - [60] ----D- C:\Program Files\Future Pinball
O43 - CFD: 02/02/2010 - 19:57:22 - [0] ----D- C:\Program Files\Futuremark
O43 - CFD: 11/03/2008 - 21:13:54 - [7468838] ----D- C:\Program Files\GameShadow
O43 - CFD: 08/12/2010 - 22:08:56 - [16045546] ----D- C:\Program Files\GameSpy Arcade
O43 - CFD: 18/01/2011 - 16:04:48 - [244916898] ----D- C:\Program Files\Google
O43 - CFD: 04/09/2010 - 13:29:38 - [613588659] ----D- C:\Program Files\Hip Games
O43 - CFD: 25/04/2010 - 10:46:48 - [190516615] ----D- C:\Program Files\HP
O43 - CFD: 03/11/2010 - 15:26:26 - [27631682] ----D- C:\Program Files\ImageShack Uploader
O43 - CFD: 05/12/2010 - 14:30:38 - [121274193] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 28/12/2007 - 14:57:12 - [96703] ----D- C:\Program Files\Intel
O43 - CFD: 14/02/2011 - 18:08:20 - [8944676] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 23/11/2010 - 14:59:42 - [1856115] ----D- C:\Program Files\iPod
O43 - CFD: 23/11/2010 - 14:59:56 - [128773687] ----D- C:\Program Files\iTunes
O43 - CFD: 01/04/2011 - 19:20:34 - [80177657] ----D- C:\Program Files\Java
O43 - CFD: 02/04/2011 - 11:13:34 - [1019006323] ----D- C:\Program Files\JDownloader
O43 - CFD: 18/08/2010 - 15:26:46 - [0] ----D- C:\Program Files\Lavalys
O43 - CFD: 23/01/2010 - 19:37:32 - [4958973] ----D- C:\Program Files\ma-config.com
O43 - CFD: 04/04/2011 - 15:32:38 - [5159921] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 17/10/2009 - 12:29:12 - [5674414] ----D- C:\Program Files\MediaInfo
O43 - CFD: 08/12/2010 - 22:08:58 - [2157699] ----D- C:\Program Files\Messenger
O43 - CFD: 31/01/2010 - 21:12:04 - [226432] ----D- C:\Program Files\Microsoft
O43 - CFD: 28/12/2007 - 14:51:18 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 06/11/2008 - 17:04:04 - [36450431] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 26/11/2009 - 19:32:40 - [12231585] ----D- C:\Program Files\Microsoft Games for Windows - LIVE
O43 - CFD: 14/07/2009 - 18:06:10 - [422948642] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 06/11/2009 - 20:23:18 - [1559148] ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD: 25/01/2011 - 21:23:58 - [18110254] ----D- C:\Program Files\Microsoft Security Client
O43 - CFD: 23/01/2010 - 13:37:12 - [15462931] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 22/03/2009 - 20:22:22 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 17/12/2008 - 15:04:44 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 28/12/2007 - 16:17:44 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 28/12/2007 - 16:18:20 - [4368271] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 28/12/2007 - 16:16:20 - [315392] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 11/12/2009 - 18:24:02 - [962896] ----D- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
O43 - CFD: 12/08/2010 - 19:18:42 - [10374874] ----D- C:\Program Files\Movie Maker
O43 - CFD: 10/11/2010 - 20:21:52 - [8982205] ----D- C:\Program Files\Movies2iPhone
O43 - CFD: 28/12/2007 - 16:46:18 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 03/08/2009 - 10:34:50 - [67836870] ----D- C:\Program Files\MSECache
O43 - CFD: 17/12/2008 - 15:57:58 - [21471461] ----D- C:\Program Files\MSN
O43 - CFD: 28/12/2007 - 14:48:44 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 27/01/2010 - 18:37:18 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 28/12/2007 - 16:47:42 - [6849] ----D- C:\Program Files\MSXML 6.0
O43 - CFD: 05/12/2010 - 15:14:20 - [142791320] ----D- C:\Program Files\My Photo Books (Foto-cards Edition)
O43 - CFD: 04/11/2009 - 15:54:26 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 16/02/2010 - 00:51:36 - [0] ----D- C:\Program Files\Nouveau dossier
O43 - CFD: 02/02/2010 - 18:57:56 - [164267166] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 02/02/2010 - 18:57:08 - [58814560] ----D- C:\Program Files\NVIDIA nTune Performance Application
O43 - CFD: 28/12/2007 - 14:48:50 - [1811] ----D- C:\Program Files\Online Services
O43 - CFD: 01/03/2008 - 14:06:10 - [1581760] ----D- C:\Program Files\OpenAL
O43 - CFD: 15/12/2010 - 20:38:14 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 01/03/2008 - 15:47:58 - [571829866] ----D- C:\Program Files\Panzer Elite Action
O43 - CFD: 08/12/2010 - 22:08:58 - [3515768395] ----D- C:\Program Files\pspvideo9
O43 - CFD: 20/09/2010 - 14:49:02 - [76337719] ----D- C:\Program Files\QuickTime
O43 - CFD: 28/12/2007 - 14:59:04 - [119321407] ----D- C:\Program Files\Realtek
O43 - CFD: 28/12/2007 - 16:44:28 - [37949185] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 23/11/2010 - 14:12:42 - [42618231] ----D- C:\Program Files\Safari
O43 - CFD: 11/12/2009 - 18:24:02 - [3125920] ----D- C:\Program Files\SDHelper (Spybot - Search & Destroy)
O43 - CFD: 28/12/2007 - 14:50:18 - [1032] ----D- C:\Program Files\Services en ligne
O43 - CFD: 01/08/2010 - 21:06:26 - [25537323] R---D- C:\Program Files\Skype
O43 - CFD: 18/01/2011 - 14:04:10 - [275395402] ----D- C:\Program Files\Sony
O43 - CFD: 04/04/2011 - 16:20:30 - [8710380628] ----D- C:\Program Files\Steam
O43 - CFD: 03/10/2008 - 18:32:10 - [768026] ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD: 25/08/2010 - 20:40:50 - [25251234] ----D- C:\Program Files\TeamSpeak 3 Client
O43 - CFD: 05/12/2010 - 21:34:04 - [6825432] ----D- C:\Program Files\Teamspeak2_RC2
O43 - CFD: 18/08/2010 - 12:03:36 - [10806682] ----D- C:\Program Files\TLKGAMES
O43 - CFD: 04/07/2010 - 20:06:26 - [1912] ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD: 25/01/2010 - 13:47:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 04/04/2011 - 14:08:16 - [23516878] ----D- C:\Program Files\Utilitaire de configuration iPhone
O43 - CFD: 25/09/2010 - 09:47:50 - [328056] ----D- C:\Program Files\uTorrent
O43 - CFD: 05/02/2008 - 17:07:28 - [33498528] ----D- C:\Program Files\VideoLAN
O43 - CFD: 24/02/2010 - 20:52:28 - [4534678] ----D- C:\Program Files\VOWSoft iPod Software
O43 - CFD: 25/11/2010 - 22:00:02 - [32080125] ----D- C:\Program Files\VSO
O43 - CFD: 21/01/2008 - 14:27:44 - [41074] ----D- C:\Program Files\Webteh
O43 - CFD: 19/12/2009 - 11:57:26 - [135949975] ----D- C:\Program Files\Windows Live
O43 - CFD: 06/11/2009 - 20:20:34 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 11/10/2008 - 21:25:36 - [3589774] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 26/01/2010 - 18:27:58 - [7559945] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 04/11/2009 - 15:54:24 - [3942655] ----D- C:\Program Files\Windows NT
O43 - CFD: 25/01/2010 - 13:47:00 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 26/01/2010 - 20:15:56 - [3921963] ----D- C:\Program Files\WinRAR
O43 - CFD: 28/12/2007 - 14:51:18 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 04/04/2011 - 14:08:16 - [777497] ----D- C:\Program Files\Xvid
O43 - CFD: 18/08/2010 - 15:27:30 - [0] ----D- C:\Program Files\Yahoo!
O43 - CFD: 04/04/2011 - 17:38:20 - [3679161] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 14/11/2010 - 11:20:50 - [6281214] ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 28/12/2007 - 15:16:48 - [119373758] ----D- C:\Program Files\Fichiers Communs\Ahead
O43 - CFD: 23/11/2010 - 14:59:40 - [107008281] ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD: 26/01/2010 - 18:52:58 - [114688] ----D- C:\Program Files\Fichiers Communs\CyberLink
O43 - CFD: 28/12/2007 - 16:18:38 - [86016] ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD: 04/03/2008 - 11:32:32 - [1290] ----D- C:\Program Files\Fichiers Communs\DirectX
O43 - CFD: 15/04/2010 - 11:16:10 - [30445276] ----D- C:\Program Files\Fichiers Communs\DivX Shared
O43 - CFD: 02/02/2010 - 20:10:30 - [3952449] ----D- C:\Program Files\Fichiers Communs\Futuremark Shared
O43 - CFD: 26/02/2010 - 21:54:02 - [997653] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD: 26/02/2010 - 21:54:22 - [1817436] ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD: 29/12/2007 - 22:00:46 - [17795774] ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 26/01/2010 - 18:46:34 - [315855949] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 28/12/2007 - 14:49:44 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 11/12/2010 - 10:33:24 - [131313] ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD: 02/01/2010 - 14:20:38 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 28/12/2007 - 14:49:48 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 01/08/2010 - 21:06:02 - [2135336] ----D- C:\Program Files\Fichiers Communs\Skype
O43 - CFD: 28/12/2007 - 15:43:12 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 06/11/2009 - 20:23:18 - [25827352] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 17/12/2008 - 14:29:34 - [256998808] ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD: 27/04/2008 - 13:23:40 - [42842000] -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD: 04/04/2011 - 13:22:30 - [193644032] ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard
O43 - CFD: 06/01/2008 - 12:06:54 - [1650935] ----D- C:\Documents and Settings\YANNICK\Application Data\Adobe
O43 - CFD: 06/01/2008 - 10:33:56 - [111140] ----D- C:\Documents and Settings\YANNICK\Application Data\Ahead
O43 - CFD: 23/09/2009 - 20:36:04 - [319826099] ----D- C:\Documents and Settings\YANNICK\Application Data\Apple Computer
O43 - CFD: 12/01/2008 - 20:04:16 - [136] ----D- C:\Documents and Settings\YANNICK\Application Data\ArcSoft
O43 - CFD: 04/11/2009 - 17:21:18 - [8995] ----D- C:\Documents and Settings\YANNICK\Application Data\Auslogics
O43 - CFD: 07/01/2008 - 03:04:58 - [330072] ----D- C:\Documents and Settings\YANNICK\Application Data\Bioshock

andrealphuse · Answer

a l autre 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000007d

Kernel Drivers (total 124):
  0x804D7000 \WINDOWS\system32
tkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB80A8000 leisr.sys
  0xB7F78000 ACPI.sys
  0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB7F67000 pci.sys
  0xB80B8000 isapnp.sys
  0xB80C8000 ohci1394.sys
  0xB80D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB80E8000 MountMgr.sys
  0xB7F48000 ftdisk.sys
  0xB85AC000 dmload.sys
  0xB7F22000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80F8000 VolSnap.sys
  0xB7F0A000 atapi.sys
  0xB8108000 disk.sys
  0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7EEA000 fltMgr.sys
  0xB7ED8000 sr.sys
  0xB8128000 PxHelp20.sys
  0xB7EC1000 KSecDD.sys
  0xB7E34000 Ntfs.sys
  0xB7E07000 NDIS.sys
  0xB7DED000 Mup.sys
  0xB82C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB6C30000 \SystemRoot\system32\DRIVERS
v4_mini.sys
  0xB6C1C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB83F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB6BF8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB83F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB6BD0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB82D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB82E8000 \SystemRoot\system32\DRIVERSedbook.sys
  0xB6BAD000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB8400000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB8308000 \SystemRoot\system32\DRIVERS\atl01_xp.sys
  0xB8318000 \SystemRoot\system32\DRIVERS
ic1394.sys
  0xB8408000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB85E8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0xB6B9C000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB7DB9000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB8410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB8797000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB81A8000 \SystemRoot\system32\DRIVERSasl2tp.sys
  0xB7DB1000 \SystemRoot\system32\DRIVERS
distapi.sys
  0xB6B85000 \SystemRoot\system32\DRIVERS
diswan.sys
  0xB81B8000 \SystemRoot\system32\DRIVERSaspppoe.sys
  0xB81C8000 \SystemRoot\system32\DRIVERSaspptp.sys
  0xB8418000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB6B74000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB81D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8420000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8428000 \SystemRoot\system32\DRIVERSaspti.sys
  0xB6B44000 \SystemRoot\system32\DRIVERSdpdr.sys
  0xB81E8000 \SystemRoot\system32\DRIVERS	ermdd.sys
  0xB8430000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB85EA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB6AE6000 \SystemRoot\system32\DRIVERS\update.sys
  0xB7A15000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8238000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB75FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB8610000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB03A0000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xB02A4000 \SystemRoot\system32\drivers\portcls.sys
  0xB69BB000 \SystemRoot\system32\drivers\drmk.sys
  0xB83B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xAFD1B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0xB8636000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB86B9000 \SystemRoot\System32\Drivers\Null.SYS
  0xB8638000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB8208000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB83D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB83E0000 \SystemRoot\System32\drivers\vga.sys
  0xB863A000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB863C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB8340000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8378000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB4CD7000 \SystemRoot\system32\DRIVERSasacd.sys
  0xAFC8C000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAFC33000 \SystemRoot\system32\DRIVERS	cpip.sys
  0xAFC0D000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xAFBE5000 \SystemRoot\system32\DRIVERS
etbt.sys
  0xAFBC3000 \SystemRoot\System32\drivers\afd.sys
  0xB8228000 \SystemRoot\system32\DRIVERS
etbios.sys
  0xAFB98000 \SystemRoot\system32\DRIVERSdbss.sys
  0xAFB28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB8248000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB83E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB8564000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xAFEDE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xAF729000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xAEEFB000 \SystemRoot\System32\Drivers\usbvideo.sys
  0xAF71D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xAFE6E000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAEE69000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
  0xAEE51000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB85EC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB01F9000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB8468000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB86DE000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32
v4_disp.dll
  0xBD623000 \SystemRoot\System32\ATMFD.DLL
  0xB761D000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB699B000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xAE946000 \SystemRoot\system32\DRIVERS
disuio.sys
  0xAE6B2000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xAE5AD000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB02C8000 \SystemRoot\system32\drivers\sysaudio.sys
  0xAE54F000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
  0xAE3C7000 \SystemRoot\system32\DRIVERS\srv.sys
  0xAE0F3000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
  0xB8390000 \??\C:\WINDOWS
voclock.sys
  0xADBAF000 \SystemRoot\System32\Drivers\HTTP.sys
  0xAEF41000 \??\c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{356BD5E0-4AEA-4717-957C-6135022011B6}\MpKslac81359a.sys
  0xB83A0000 \??\C:\DOCUME~1\YANNIC~1.E67\LOCALS~1\Temp\mbr.sys
  0x7C910000 \WINDOWS\system32
tdll.dll

Processes (total 47):
       0 System Idle Process
       4 System
     500 C:\WINDOWS\system32\smss.exe
     560 csrss.exe
     584 C:\WINDOWS\system32\winlogon.exe
     628 C:\WINDOWS\system32\services.exe
     644 C:\WINDOWS\system32\lsass.exe
     820 C:\WINDOWS\system32
vsvc32.exe
     844 C:\WINDOWS\system32\svchost.exe
    1332 svchost.exe
    1372 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1408 C:\WINDOWS\system32\svchost.exe
    1500 svchost.exe
    1608 svchost.exe
    1776 C:\WINDOWS\explorer.exe
     216 C:\WINDOWS\system32\spoolsv.exe
    1516 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1688 C:\Program Files\Bonjour\mDNSResponder.exe
    1872 C:\WINDOWS\system32\svchost.exe
    1912 C:\Program Files\Java\jre6\bin\jqs.exe
    2008 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
     548 C:\WINDOWS\system32\svchost.exe
     164 C:\Program Files\NVIDIA Corporation
Tune
TuneService.exe
    1032 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1200 C:\WINDOWS\system32\PnkBstrA.exe
    1208 C:\WINDOWS\system32\PnkBstrB.exe
    1676 C:\Program Files\CyberLink\Shared files\RichVideo.exe
     244 C:\WINDOWS\system32\svchost.exe
    1740 wdfmgr.exe
    2284 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    2560 C:\WINDOWS\RTHDCPL.EXE
    2640 alg.exe
    2668 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    2888 C:\Program Files\CyberLink\Shared files\brs.exe
    2928 C:\WINDOWS\system32undll32.exe
    3040 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    3572 C:\Program Files\iTunes\iTunesHelper.exe
    3648 C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    3688 C:\Program Files\Microsoft Security Client\msseces.exe
    3956 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2372 C:\Program Files\iPod\bin\iPodService.exe
     860 C:\Program Files\Internet Explorer\iexplore.exe
    3288 C:\Program Files\Internet Explorer\iexplore.exe
    3576 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    3360 C:\Program Files\ZHPDiag\mbrcheck.exe
     884 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

\.\C: --> \.\PhysicalDrive0 at offset 0x00000000'00007e00  (NTFS)
\.\D: --> \.\PhysicalDrive0 at offset 0x00000037'2d061400  (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725050VLA360, Rev: V56OA7EA

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719


Done!

Utilisateur anonyme · Answer

* Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

* Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur
* L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
* Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option (Cure) est sélectionnée,
* Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
* A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:	dsskillereport.txt)

andrealphuse · Answer

j ai fait comme tu ma dit  j ai Lance load_tdsskiller en faisant un double-clic dessus  apres analyse il m ouvre une fenetre texte met il y a rien dedans ?

andrealphuse · Answer

j ai ete dans mon disc c  dans le dossier tdsskiller et il y a pas de rapport ?

andrealphuse · Answer

comment ca relances le et post ?

andrealphuse · Answer

j ai fait comme tu ma dit j ai Lance load_tdsskiller en faisant un double-clic dessus apres analyse il m ouvre une fenetre texte met il y a rien dedans ?

Utilisateur anonyme · Answer

On va faire une vérification . 
Post un nouveau rapport zhpdiag. 
Héberge le rapport ZHPDiag.txt sur le site pjjoint.malekal.com ou cijoint.fr ou toofiles  puis copie/colle le lien fournit dans ta prochaine réponse sur le forum

andrealphuse · Answer

http://www.cijoint.fr/cjlink.php?file=cj201104/cijkZGiBLk.txt



voila le lien

Utilisateur anonyme · Answer

A faire dans l''ordre. 

1/ Copie/colle les lignes suivantes et place les dans ZHPFix :
2/Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag)
3/Clique sur l''icone représentant la lettre H (« coller les lignes Helper »)

----------------------------------------------------------
O42 - Logiciel: Windows Genuine Advantage Validation 1.9.42.0 Cracked - (.Wocarson.) [HKLM] -- {EB1BE39D-4C36-40A0-8CFB-079A2D14CB79}     
[HKLM\Software\Wocarson]     
O69 - SBI: prefs.js [YANNICK - o10br65d.default] user_pref("extensions.snipit.askTbInstalled", true); 
MBRFix
O43 - CFD: 30/07/2010 - 17:52:08 - [68] ----D- C:\Program Files\avsysinfo 
OPT:O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe     
OPT:O4 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe     
EmptyTemp

--------------------------------------------------------

- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse

andrealphuse · Answer

Rapport de ZHPFix 1.12.3273 par Nicolas Coolman, Update du 03/04/2011 Fichier d'export Registre : C:\ZHPExportRegistry-04-04-2011-20-59-20.txt Run by YANNICK at 04/04/2011 20:59:20 Windows XP Professional Service Pack 3 (Build 2600) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html ========== Logiciel(s) ========== O42 - Logiciel: Windows Genuine Advantage Validation 1.9.42.0 Cracked - (.Wocarson.) [HKLM] -- {EB1BE39D-4C36-40A0-8CFB-079A2D14CB79} => Logiciel déjà supprimé ========== Clé(s) du Registre ========== O42 - Logiciel: Windows Genuine Advantage Validation 1.9.42.0 Cracked - (.Wocarson.) [HKLM] -- {EB1BE39D-4C36-40A0-8CFB-079A2D14CB79} => Clé supprimée avec succès HKLM\Software\Wocarson => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe => Valeur supprimée avec succès O4 - HKUS\S-1-5-21-842925246-1123561945-682003330-1003\..\Run: [Steam] . (.Valve Corporation - Steam.) -- c:\program files\steam\steam.exe => Valeur absente ========== Préférences navigateur ========== O69 - SBI: prefs.js [YANNICK - o10br65d.default] user_pref("extensions.snipit.askTbInstalled", true); => Valeur supprimée avec succès O69 - SBI: prefs.js [YANNICK - o10br65d.default] user_pref("extensions.snipit.askTbInstalled", true); => Valeur supprimée avec succès ========== Dossier(s) ========== Dossiers temporaires Windows supprimés: 0 ========== Fichier(s) ========== Fichiers temporaires Windows supprimés : 2 ========== Master Boot Record ========== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HDT725050VLA360 rev.V56OA7EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6321ED]<< 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A696AB8] 3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A79D328] 5 ACPI[0xB7F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-19[0x8A71F940] kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8a6321ed user & kernel MBR OK Warning: possible MBR rootkit infection ! Resultat après le fix : Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HDT725050VLA360 rev.V56OA7EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6321ED]<< 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A696AB8] 3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A79D328] 5 ACPI[0xB7F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-19[0x8A71F940] kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8a6321ed user & kernel MBR OK Warning: possible MBR rootkit infection ! Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HDT725050VLA360 rev.V56OA7EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6321ED]<< 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A696AB8] 3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A79D328] 5 ACPI[0xB7F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-19[0x8A71F940] kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8a6321ed user & kernel MBR OK Warning: possible MBR rootkit infection ! Resultat après le fix : Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HDT725050VLA360 rev.V56OA7EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6321ED]<< 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A696AB8] 3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A79D328] 5 ACPI[0xB7F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-19[0x8A71F940] kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8a6321ed user & kernel MBR OK Warning: possible MBR rootkit infection ! ========== Récapitulatif ========== 2 : Clé(s) du Registre 2 : Valeur(s) du Registre 1 : Dossier(s) 1 : Fichier(s) 1 : Logiciel(s) 2 : Préférences navigateur 1 : Master Boot Record End of the scan

Utilisateur anonyme · Answer

*  Télécharger aswMBR.exe sur votre bureau.
*  Double cliquez sur le aswMBR.exe pour l'exécuter
*  Cliquez sur le bouton «Scan» pour commencer le balayage
*  Cliquez sur Save log pour sauvegarder le rapport
*  Enregistrez le aswASW.log sur le bureau
*	Poster le rapport sur le forum.

andrealphuse · Answer

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software Run date: 2011-04-04 21:14:43 ----------------------------- 21:14:43.234 OS Version: Windows 5.1.2600 Service Pack 3 21:14:43.234 Number of processors: 2 586 0xF0B 21:14:43.234 ComputerName: E6750-6AC5E2889 UserName: YANNICK 21:14:43.765 Initialize success 21:14:46.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 21:14:46.046 Disk 0 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 3 21:14:48.062 Disk 0 MBR read successfully 21:14:48.062 Disk 0 MBR scan 21:14:50.062 Disk 0 scanning sectors +976752000 21:14:50.078 Disk 0 scanning C:\WINDOWS\system32\drivers 21:14:53.203 Service scanning 21:14:54.406 Disk 0 trace - called modules: 21:14:54.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a6321ed]<< 21:14:54.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a696ab8] 21:14:54.406 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a79d328] 21:14:54.406 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8a71f940] 21:14:54.406 \Driver\atapi[0x8a72e630] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a6321ed 21:14:54.406 Scan finished successfully

Utilisateur anonyme · Answer

*  Relancer aswMBR.exe pour l'exécuter
*  Cliquez sur le bouton «Scan» pour commencer le balayage
*  Cliquez sur  "FixMbr" 
*  Enregistrez le aswASW.log sur le bureau
*	Poster le rapport sur le forum.

Help windowsrestore

27 réponses