Sujet Précédent Sujet Suivant

Rogue.eorezo

Fermé
lullalynne - Modifié par lullalynne le 9/04/2011 à 12:09
 lullalynne - 9 avril 2011 à 17:24
Bonjour,

Assaillie de fenêtres publicitaires, j'ai lancé un scan avec Malwarebytes, qui a trouvé pas mal de menaces Rogue.eorezo et deux Spyware Agence Exclusive. Comme je n'arrive pas à les supprimer, ils sont seulement en quarantaine pour l'instant.

Voici le rapport:

------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6318

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

09/04/2011 11:26:57
mbam-log-2011-04-09 (11-26-57).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 147223
Temps écoulé: 3 minute(s), 43 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
c:\Users\JCB\AppData\Roaming\EoRezo\softwareupdate\softwareupdatehp.exe (Rogue.Eorezo) -> 3244 -> Unloaded process successfully.
c:\program files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> 3540 -> Unloaded process successfully.
c:\program files\EoRezo\eorezo.exe (Rogue.Eorezo) -> 3600 -> Unloaded process successfully.
c:\program files\spidermessenger\spidermessenger.exe (Spyware.AgenceExclusive) -> 3764 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\eomultilanguage.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\eorezocomm.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\eorezotools_30.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\freeimage.dll (Rogue.Eorezo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoEngineBHO.EOBHO.1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoEngineBHO.EOBHO (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBHO.1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBHO (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7B76B90-3455-4AE6-A752-EAC4D19689E5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1 (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper (Rogue.Eorezo) -> Value: SoftwareHelper -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EoEngine (Rogue.Eorezo) -> Value: EoEngine -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Value: eorezo -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpiderMessenger (Spyware.AgenceExclusive) -> Value: SpiderMessenger -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\program files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\JCB\AppData\Roaming\EoRezo\softwareupdate\softwareupdatehp.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\spidermessenger\spidermessenger.exe (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\eorezoimg_22.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\confmedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eomultilanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezocomm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_19.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezoimg_23.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_18.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_27.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_28.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_29.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eorezotools_30.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\freeimage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins001.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins001.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\atl90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\mfc90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.atl.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.crt.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\microsoft.vc90.mfc.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\msvcr90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.

-------------------------------------------------------------


Si quelqu'un peut m'aider, merci d'avance !

6 réponses

Réponse 1 / 6
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
9 avril 2011 à 12:36
Salut, :

"quarantined and deleted succesfully" => Signifie que les fichiers ont normalement bien été détruits.

Fait ceci pour un scan approfondi du pc :


On va commencer par analyser ton pc, :

Télécharges Zhpdiag ici : https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Une fois le téléchargement achevé, dézippes le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme.

Clique sur Tous pour cocher toutes les cases des options.

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.

Rends toi sur http://www.cijoint.fr clic sur Parcourir, choisis le rapport sur ton bureau et clic sur Créer le lien,
Un lien te sera généré, postes le dans ta prochaine réponse .
0
Réponse 2 / 6
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
Modifié par juju666 le 9/04/2011 à 12:38
salut pour plus d'infos sur eorezo : https://forum.malekal.com/viewtopic.php?t=18245&start=

trop tard pour moi bonne chasse flo :-)

.::. Contributeur Sécurité .::.
0
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
9 avril 2011 à 12:55
toi aussi ;-)

++
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 avril 2011 à 12:55
:-)
0
Réponse 3 / 6
lullalynne
9 avril 2011 à 13:32
Merci !
J'avais oublié de préciser que j'avais utilisé AD remover après (mais je n'ai pas gardé le rapport :/)
Et en ce qui concerne Zhpdiag, aucun problème pour le téléchargement et l'installation, mais "code 740" ("l'opération demandée nécessite une élévation") au moment de le lancer...
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 avril 2011 à 13:33
clic droit exécuter en tant qu'admin
0
Réponse 4 / 6
lullalynne
9 avril 2011 à 13:46
Rapport de ZHPDiag v1.27.1864 par Nicolas Coolman, Update du 08/04/2011
Run by JCB at 09/04/2011 13:38:08
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19019 (Defaut)

---\\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 243 GB (74%) free of 325 GB

---\\ Logged in mode
Computer Name: PC-DE-JCB
User Name: JCB
All Users Names: JCB, Administrateur,
Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\JCB\AppData\Roaming
%LocalAppData%=C:\Users\JCB\AppData\Local
%StartMenu%=C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 243 Go of 325 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK



---\\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.19/09/2009 20:58:48.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 08:33:37.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.74BCC23D622F32DA0450D164735ACAB1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/12/2010 07:27:04.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.19/01/2008 08:33:37.) -- C:\Windows\system32\Winlogon.exe [314880]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/01/2008 08:41:30.) -- C:\Windows\system32\drivers\atapi.sys [21560]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/01/2008 08:43:40.) -- C:\Windows\system32\drivers\ntfs.sys [1081912]



---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.D93985F5D87DF1A119E939EADB5C4B9E] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6266880]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536]
[MD5.B1361669BDC6ED612C35B7C67ADA2240] - (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784]
[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [49152]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [54576]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288]
[MD5.009811BD21D0BD7BA5C7765565505764] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [97680]
[MD5.689C6EA7A17B3AE0F2A0151465EF311E] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jusched.exe [132760]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152]
[MD5.7CAC10A1C258DFCB5ADE563BAE6D2F15] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [67128]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]
[MD5.B988D7F127B94BD5BF8356FE81B985C4] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638232]
[MD5.88C44CA9A052AEAEC0C91A57CE5AB41A] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [304304]
[MD5.12104BCC3953031BE642FE220C940314] - (.AOL LLC - AOL IE Toolbar Server.) -- c:\program files\aol\aol toolbar 5.0\AolTbServer.exe [99680]
[MD5.5698B99B81D3692BF9FCDEE5A07EA250] - (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe [231888]
[MD5.FB784E1B24CD06EEC019F26EF79527AC] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642560]
[MD5.CB96ABDD198C4BE6A45FCE7020E6D040] - (.Microsoft Corporation - Microsoft Feeds Synchronization.) -- C:\Windows\system32\msfeedssync.exe [13312]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Clé orpheline
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe
O4 - HKLM\..\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
O4 - HKLM\..\Run: [StartCCC] . (...) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jureg.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1739496453-880061959-252499459-1000\..\Run: [EPSON Stylus D92 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk . (.CyberLink.) -- C:\Program Files\CyberLink\DVD Suite Deluxe\PowerStarter.exe
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\JCB\Desktop\BASKET.lnk . (...) -- C:\Users\JCB\Documents\BASKET
O4 - Global Startup: C:\Users\JCB\Desktop\Bureau.lnk . (...) -- C:\Users\JCB\Desktop
O4 - Global Startup: C:\Users\JCB\Desktop\Desperados - Une aventure au Far West.LNK . (.Spellbound Software.) -- C:\Program Files\Infogrames\Desperados - Une aventure au Far West (français)\desperados.exe
O4 - Global Startup: C:\Users\JCB\Desktop\Documents.lnk . (...) -- C:\Users\JCB\Documents
O4 - Global Startup: C:\Users\JCB\Desktop\Dracula.lnk . (...) -- E:\D__\Dracula.exe (.not file.)
O4 - Global Startup: C:\Users\JCB\Desktop\Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
O4 - Global Startup: C:\Users\JCB\Desktop\Microsoft Office OneNote 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
O4 - Global Startup: C:\Users\JCB\Desktop\Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
O4 - Global Startup: C:\Users\JCB\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
O4 - Global Startup: C:\Users\JCB\Desktop\Musique.lnk . (...) -- C:\Users\JCB\Music
O4 - Global Startup: C:\Users\JCB\Desktop\Photos.lnk . (...) -- C:\Users\JCB\Pictures
O4 - Global Startup: C:\Users\JCB\Desktop\Scarface.lnk . (.Sierra Entertainment.) -- C:\Program Files\Radical Games\Scarface\Scarface.exe
O4 - Global Startup: C:\Users\JCB\Desktop\SpiderMessenger.lnk . (...) -- C:\Program Files\SpiderMessenger\SpiderMessenger.exe (.not file.)
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\JCB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Recherche AOL Toolbar . (.Pas de propriétaire - Pas de description.) -- c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} . (.not file.) - (.not file.)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Envoyer à OneNote - {3369AF0D-62E9-4bda-8103-B4C75499B578} . (.AOL - AOL Toolbar.) -- c:\program files\aol\aol toolbar 5.0\resources\fr-fr\aoltbres.dll
O9 - Extra button: &Envoyer à OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC44BA96-0A57-40A2-98A8-0CA0AB2E15D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC44BA96-0A57-40A2-98A8-0CA0AB2E15D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DC44BA96-0A57-40A2-98A8-0CA0AB2E15D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: (ezntsvc) . (.EasyBits Software Corp. - EasyBits Magic Desktop Services for Windows.) - C:\Windows\system32\ezNTSvc.exe
O23 - Service: (GameConsoleService) . (.WildTangent, Inc. - GameConsoleService.) - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{ACDB2B10-7A20-497F-8E10-95DC816567CF}.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.689C6EA7A17B3AE0F2A0151465EF311E] [APT] [JavaUpdateAdministrator] (.Sun Microsystems, Inc..) -- C:\Windows\system32\jusched.exe
[MD5.689C6EA7A17B3AE0F2A0151465EF311E] [APT] [JavaUpdateJCB] (.Sun Microsystems, Inc..) -- C:\Windows\system32\jusched.exe
[MD5.9FFC7FD56CC35E7FA94E9AEDD39D0E0A] [APT] [RecoveryCD] (.Pas de propriétaire.) -- C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe
[MD5.3D236E66593BE77B16A2A3DFEC9032AA] [APT] [{C8B09CE8-F281-4C02-8B47-09D86897CC88}] (.Pas de propriétaire.) -- C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
[MD5.61D3771702DE72053FEE2A98F213A030] [APT] [Scheduled Maintenance] (.PC-Doctor, Inc..) -- C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe
[MD5.6D0F62A4D823A36A529369257CD8C00D] [APT] [Scheduled Maintenance Swap] (.Pas de propriétaire.) -- C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: AOL Toolbar 5.0 - (.AOL.) [HKLM] -- AOL Toolbar
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.4.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.Pas de propriétaire.) [HKLM] -- {8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}
O42 - Logiciel: Clue - (.Pas de propriétaire.) [HKLM] -- Clue
O42 - Logiciel: CyberLink DVD Suite Deluxe - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: Desperados - Une aventure au Far West 1.01 - (.Pas de propriétaire.) [HKLM] -- Desperados - Une aventure au Far West 1.01
O42 - Logiciel: EPSON Attach To Email - (.SEIKO EPSON.) [HKLM] -- InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}
O42 - Logiciel: EPSON Easy Photo Print - (.Pas de propriétaire.) [HKLM] -- {B66E665A-DF96-4C38-9422-C7F74BC1B4E5}
O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM] -- {2EB81825-E9EE-44F4-8F51-1240C3898DC6}
O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities
O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] -- {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}
O42 - Logiciel: EPSON Stylus C90_91_D92 Manuel - (.Pas de propriétaire.) [HKLM] -- EPSON Stylus C90_91_D92 Guide d'utilisation
O42 - Logiciel: EPSON Web-To-Page - (.Pas de propriétaire.) [HKLM] -- {7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}
O42 - Logiciel: EasyBits Magic Desktop - (.Pas de propriétaire.) [HKLM] -- EasyBits Magic Desktop
O42 - Logiciel: Evo-W300USB - (.OvisLink.) [HKLM] -- {59061D20-CFC3-4C2E-8B41-9243678ACE8D}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {73A43E42-3658-4DD9-8551-FACDA3632538}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {C8D47273-7A1A-4614-A3D8-263632D8A5ED}
O42 - Logiciel: HP Customer Feedback - (.Hewlett-Packard.) [HKLM] -- {9DBA770F-BF73-4D39-B1DF-6035D95268FC}
O42 - Logiciel: HP Easy Setup - Frontend - (.Hewlett-Packard.) [HKLM] -- {1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}
O42 - Logiciel: HP On-Screen Cap/Num/Scroll Lock Indicator - (.Hewlett-Packard.) [HKLM] -- OsdMaestro
O42 - Logiciel: HP Photosmart Essential 2.5 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: HP Picasso Media Center Add-In - (.HP.) [HKLM] -- {55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {818ABC3C-635C-4651-8183-D0E9640B7DD1}
O42 - Logiciel: Hewlett-Packard Active Check - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Hewlett-Packard Asset Agent for Health Check - (.HP.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Indeo® software - (.Pas de propriétaire.) [HKLM] -- Indeo® software
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: Les offres internet Orange - (.France Telecom.) [HKLM] -- {CD1EE4FF-BEED-47EA-9726-E2BB783BC4C1}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {7F10292C-A190-4176-A665-A1ED3478DF86}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {A49F249F-0C91-497F-86DF-B2585E8E76B7}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {3B160861-7250-451E-B5EE-8B92BF30A710}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: My HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Outils de diagnostic du matériel - (.PC-Doctor, Inc..) [HKLM] -- PC-Doctor 5 for Windows
O42 - Logiciel: Paint.NET v3.5.8 - (.dotPDN LLC.) [HKLM] -- {9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: Python 2.5 - (.Martin v. Löwis.) [HKLM] -- {0A2C5854-557E-48C8-835A-3B9F074BDCAA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Scarface: The World is Yours - (.Sierra Entertainment.) [HKLM] -- InstallShield_{27D7F575-4AA0-4C12-AA68-128E1C8979F7}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Solution de clavier multimédia amélioré - (.Hewlett-Packard.) [HKLM] -- KBD
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-5464-3428-800000000003}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
O42 - Logiciel: ccc-Branding - (.ATI.) [HKLM] -- {4F027497-15AE-4DE5-B3BC-8E721C6127DE}
O42 - Logiciel: cspep.0 - (.cspep.) [HKLM] -- cspep_is1
O42 - Logiciel: muvee autoProducer 6.1 - (.muvee Technologies.) [HKLM] -- {5115C036-C0D5-4E1B-81C9-542CA967478A}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AOL]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\Classes]
[HKCU\Software\CyberLink]
[HKCU\Software\EPSON]
[HKCU\Software\EasyBits]
[HKCU\Software\Google]
[HKCU\Software\HP Guide]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MimarSinan]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Paint.NET]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\SEIKO EPSON]
[HKCU\Software\SecuROM]
[HKCU\Software\Softthinks]
[HKCU\Software\SpiderMessenger]
[HKCU\Software\cspep]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\Avira]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\EPSON]
[HKLM\Software\EasyBits]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hasbro Interactive]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LightScribe]
[HKLM\Software\MDC]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Microids]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OvisLink]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Paint.NET]
[HKLM\Software\Policies]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Spellbound Software]
[HKLM\Software\Symantec]
[HKLM\Software\TrendMicro]
[HKLM\Software\VUGames]
[HKLM\Software\Volatile]
[HKLM\Software\WildTangent]
[HKLM\Software\Win32 Services]
[HKLM\Software\Wow6432Node]
[HKLM\Software\X-AVCSD]
[HKLM\Software\mozilla.org]
[HKLM\Software\muvee Technologies]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/05/2008 - 15:18:52 - [12686438] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 09/10/2010 - 21:23:26 - [211015618] ----D- C:\Program Files\Adobe
O43 - CFD: 06/05/2008 - 12:06:00 - [2485262] ----D- C:\Program Files\AOL
O43 - CFD: 10/02/2008 - 07:40:30 - [14491485] ----D- C:\Program Files\ATI
O43 - CFD: 10/02/2008 - 07:41:30 - [121470450] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 19/09/2009 - 18:52:28 - [168466520] ----D- C:\Program Files\Avira
O43 - CFD: 09/10/2010 - 21:23:26 - [661692392] ----D- C:\Program Files\Common Files
O43 - CFD: 09/04/2011 - 11:32:04 - [1894740] ----D- C:\Program Files\cspep
O43 - CFD: 10/02/2008 - 07:52:22 - [735162839] ----D- C:\Program Files\CyberLink
O43 - CFD: 10/02/2008 - 15:20:16 - [51506213] ----D- C:\Program Files\EasyBits
O43 - CFD: 08/05/2008 - 15:23:40 - [136532922] ----D- C:\Program Files\EasyBits For Kids
O43 - CFD: 26/02/2011 - 22:16:04 - [129136599] ----D- C:\Program Files\EPSON
O43 - CFD: 06/05/2008 - 12:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 29/01/2010 - 14:15:50 - [15000590] ----D- C:\Program Files\Google
O43 - CFD: 13/07/2008 - 14:10:04 - [25994754] ----D- C:\Program Files\Hasbro Interactive
O43 - CFD: 12/12/2009 - 12:51:06 - [96744108] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 05/12/2009 - 10:43:02 - [37336091] ----D- C:\Program Files\HP
O43 - CFD: 10/02/2008 - 08:03:34 - [203831777] ----D- C:\Program Files\HP Games
O43 - CFD: 13/07/2008 - 14:18:50 - [131927537] ----D- C:\Program Files\Infogrames
O43 - CFD: 26/02/2011 - 22:15:00 - [72501850] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 25/06/2009 - 19:48:58 - [1507134] ----D- C:\Program Files\Intel
O43 - CFD: 11/02/2011 - 13:01:50 - [4566580] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 10/02/2008 - 07:54:48 - [82500517] ----D- C:\Program Files\Java
O43 - CFD: 09/04/2011 - 11:20:10 - [4921884] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 02/11/2006 - 14:37:36 - [92807095] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 08/05/2008 - 15:17:42 - [369705991] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 24/02/2011 - 13:06:10 - [38371963] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 04/01/2011 - 19:34:58 - [145421942] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 30/11/2010 - 04:03:12 - [8167779] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 25/06/2009 - 19:46:02 - [35013] ----D- C:\Program Files\Microïds
O43 - CFD: 30/11/2010 - 04:36:38 - [99168366] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 10/02/2008 - 07:53:08 - [155114987] ----D- C:\Program Files\muvee Technologies
O43 - CFD: 12/12/2009 - 12:51:50 - [12699561] R---D- C:\Program Files\Online Services
O43 - CFD: 19/09/2009 - 11:26:30 - [6242328] ----D- C:\Program Files\OvisLink
O43 - CFD: 20/03/2011 - 19:15:12 - [31080925] ----D- C:\Program Files\Paint.NET
O43 - CFD: 10/02/2008 - 08:13:24 - [142417061] ----D- C:\Program Files\PC-Doctor 5 for Windows
O43 - CFD: 11/05/2008 - 08:54:38 - [2867903525] ----D- C:\Program Files\Radical Games
O43 - CFD: 12/12/2009 - 12:47:14 - [62844252] ----D- C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 14:37:36 - [38686465] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 02/11/2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 28/11/2010 - 12:45:24 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 28/11/2010 - 12:45:18 - [2760704] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 28/11/2010 - 12:45:08 - [4492240] ----D- C:\Program Files\Windows Defender
O43 - CFD: 28/11/2010 - 12:45:18 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/02/2011 - 13:01:50 - [9116344] ----D- C:\Program Files\Windows Mail
O43 - CFD: 30/11/2010 - 04:36:40 - [4609018] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 06/05/2008 - 12:00:46 - [7945486] ----D- C:\Program Files\Windows NT
O43 - CFD: 28/11/2010 - 12:45:16 - [13464738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 28/11/2010 - 12:45:24 - [6869802] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 09/04/2011 - 13:38:16 - [4687977] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 09/10/2010 - 21:23:32 - [6281214] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 08/05/2008 - 15:17:40 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 10/02/2008 - 07:45:58 - [4027816] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 13/08/2008 - 19:02:30 - [15718017] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 10/02/2008 - 07:54:38 - [33904542] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 05/12/2009 - 10:44:48 - [32098366] ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD: 10/02/2008 - 07:52:32 - [56415] ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD: 07/01/2011 - 13:10:54 - [431675350] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 10/02/2008 - 07:53:08 - [49399251] ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 19/09/2009 - 11:51:32 - [539114] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 28/11/2010 - 12:45:08 - [42700942] ----D- C:\Program Files\Common Files\System
O43 - CFD: 06/05/2008 - 12:31:30 - [4093952] ----D- C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 09/10/2010 - 21:23:32 - [15171323] ----D- C:\ProgramData\Adobe
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 10/02/2008 - 07:45:04 - [187] ----D- C:\ProgramData\ATI
O43 - CFD: 19/09/2009 - 18:52:28 - [76959978] ----D- C:\ProgramData\Avira
O43 - CFD: 06/05/2008 - 12:00:46 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 25/06/2009 - 19:26:24 - [1281] ----D- C:\ProgramData\CyberLink
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 13/08/2008 - 18:59:30 - [395761] ----D- C:\ProgramData\EPSON
O43 - CFD: 06/05/2008 - 12:00:46 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 20/09/2009 - 17:14:46 - [536147] ----D- C:\ProgramData\Google
O43 - CFD: 06/05/2008 - 12:34:24 - [1803680] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 10/02/2008 - 07:45:58 - [50159] ----D- C:\ProgramData\HP
O43 - CFD: 09/04/2011 - 11:20:08 - [6522211] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 06/05/2008 - 12:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 09/04/2011 - 13:37:58 - [111605277] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 08/01/2011 - 08:50:40 - [57040] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 06/05/2008 - 12:00:46 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 10/02/2008 - 07:53:06 - [0] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 10/02/2008 - 07:58:56 - [1235] ----D- C:\ProgramData\PC-Doctor
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 19/09/2009 - 11:49:32 - [2555] ----D- C:\ProgramData\Symantec
O43 - CFD: 02/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 26/02/2011 - 22:53:12 - [3184] ----D- C:\ProgramData\UDL
O43 - CFD: 13/07/2008 - 14:07:12 - [787331675] ----D- C:\ProgramData\WildTangent
O43 - CFD: 20/09/2009 - 08:05:08 - [1331725] ----D- C:\Users\JCB\AppData\Roaming\Adobe
O43 - CFD: 06/05/2008 - 12:34:10 - [0] ----D- C:\Users\JCB\AppData\Roaming\ATI
O43 - CFD: 09/04/2011 - 11:12:18 - [0] ----D- C:\Users\JCB\AppData\Roaming\Avira
O43 - CFD: 25/06/2009 - 19:26:24 - [20] ----D- C:\Users\JCB\AppData\Roaming\CyberLink
O43 - CFD: 26/02/2011 - 22:45:12 - [152] ----D- C:\Users\JCB\AppData\Roaming\EPSON
O43 - CFD: 20/09/2009 - 18:41:46 - [464] ----D- C:\Users\JCB\AppData\Roaming\Google
O43 - CFD: 06/05/2008 - 12:34:22 - [324685] ----D- C:\Users\JCB\AppData\Roaming\Hewlett-Packard
O43 - CFD: 12/12/2009 - 12:52:50 - [50926] ----D- C:\Users\JCB\AppData\Roaming\HpUpdate
O43 - CFD: 06/05/2008 - 12:33:42 - [0] ----D- C:\Users\JCB\AppData\Roaming\Identities
O43 - CFD: 13/08/2008 - 18:59:50 - [0] ----D- C:\Users\JCB\AppData\Roaming\InstallShield
O43 - CFD: 06/05/2008 - 18:35:54 - [4595] ----D- C:\Users\JCB\AppData\Roaming\Macromedia
O43 - CFD: 09/04/2011 - 11:20:14 - [17605209] ----D- C:\Users\JCB\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 14:37:36 - [0] ----D- C:\Users\JCB\AppData\Roaming\Media Center Programs
O43 - CFD: 09/04/2011 - 13:37:58 - [18433567] -S--D- C:\Users\JCB\AppData\Roaming\Microsoft
O43 - CFD: 19/09/2009 - 18:47:24 - [0] ----D- C:\Users\JCB\AppData\Roaming\Mozilla
O43 - CFD: 06/05/2008 - 18:35:54 - [248] ----D- C:\Users\JCB\AppData\Roaming\PlayFirst
O43 - CFD: 06/05/2008 - 12:34:08 - [0] ----D- C:\Users\JCB\AppData\Roaming\Symantec
O43 - CFD: 06/05/2008 - 18:35:26 - [551] ----D- C:\Users\JCB\AppData\Roaming\WildTangent
O43 - CFD: 05/12/2009 - 10:44:28 - [0] ----D- C:\Users\JCB\AppData\Roaming\WinBatch



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.494FB1CC571A7643366CCEC7E8735F68] - 09/04/2011 - 12:01:40 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.24EF12006FFCCE7500FCFD7FF8EF1200] - 09/04/2011 - 10:58:58 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1307554]
O44 - LFC:[MD5.E834C71288A514F8954B4A8E57A8349A] - 09/04/2011 - 10:28:36 ---A- . (...) -- C:\Windows\PFRO.log [2482]
O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 09/04/2011 - 10:20:08 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 09/04/2011 - 10:20:03 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 04/04/2011 - 18:17:20 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [137656]



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.769B18AD7440189B2F133E853CCD8F4C] - 08/04/2011 - 20:51:31 ---A- - C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-600E0B48.pf
O45 - LFCP:[MD5.ADAE32BF6C9387D38F97247E6C5D9B3E] - 09/04/2011 - 07:46:23 ---A- - C:\Windows\Prefetch\E_FARNBZE.EXE-483109E4.pf
O45 - LFCP:[MD5.48C75B251880B9E85E0D4E51093EDAFC] - 09/04/2011 - 10:00:00 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf
O45 - LFCP:[MD5.239B9FC91F7C3B8E0EFCD65B0FDBCC0F] - 09/04/2011 - 10:24:09 ---A- - C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-42950EBF.pf
O45 - LFCP:[MD5.ECE0C41D14D4268D31EF344539319174] - 09/04/2011 - 10:24:10 ---A- - C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-292C7977.pf
O45 - LFCP:[MD5.12CE34307850B737AEF06EF75D0C9C84] - 09/04/2011 - 10:30:18 ---A- - C:\Windows\Prefetch\CCC.EXE-ECD4BD27.pf
O45 - LFCP:[MD5.7DEF7AA354EFBABA159D5AC2C356FF85] - 09/04/2011 - 10:30:59 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-EEE1E016.pf
O45 - LFCP:[MD5.8C6BA8CADB120FAB67E70CF7A06D4CE8] - 09/04/2011 - 10:32:03 ---A- - C:\Windows\Prefetch\CSPEP.EXE-03C7F7BF.pf
O45 - LFCP:[MD5.F517C594813C12E061C3D25BA5FB93E9] - 09/04/2011 - 10:52:42 ---A- - C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-42767AE9.pf
O45 - LFCP:[MD5.255AB15A74F82F163CE0D202D49BE863] - 09/04/2011 - 10:53:42 ---A- - C:\Windows\Prefetch\HPHC_SERVICE.EXE-B8B935C8.pf
O45 - LFCP:[MD5.23859114432E78AC574CC82F328C2148] - 09/04/2011 - 10:54:07 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.39600E406D5173B1E2B86EE4B16133B2] - 09/04/2011 - 10:55:49 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.7B057A21FB945107E78A4763353F1677] - 09/04/2011 - 10:56:07 ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf
O45 - LFCP:[MD5.0633AA5E1DDB79AB5CC227970CCA4A69] - 09/04/2011 - 10:57:15 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf
O45 - LFCP:[MD5.95E529BDEBD6AD630EB39E9C18299FA5] - 09/04/2011 - 10:57:24 ---A- - C:\Windows\Prefetch\KBD.EXE-958C92DC.pf
O45 - LFCP:[MD5.13A495CFA9B5D71CB0B482CF487DD00C] - 09/04/2011 - 10:58:33 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf
O45 - LFCP:[MD5.E9E3ADFA1F85B8CD2F24F0D274DE0CA5] - 09/04/2011 - 10:58:40 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
O45 - LFCP:[MD5.503289459FBAF4387ADFE99B51A20815] - 09/04/2011 - 10:59:19 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf
O45 - LFCP:[MD5.99D949D2904F913399BBEB42B747527F] - 09/04/2011 - 11:00:09 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-B3E65CF6.pf
O45 - LFCP:[MD5.E5025F534DF120F24F14104FD7F13BFB] - 09/04/2011 - 11:08:10 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf
O45 - LFCP:[MD5.6F5B840D8041CBBC5764918014CF4B7F] - 09/04/2011 - 11:08:11 ---A- - C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf
O45 - LFCP:[MD5.7FFE842C86D645324C79E55EA0E629EA] - 09/04/2011 - 11:12:55 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf
O45 - LFCP:[MD5.BFCDA8F2BF8157EE35E2E5CD34839459] - 09/04/2011 - 11:33:26 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.B773A9F49E7E6B14F85EC4999009C309] - 09/04/2011 - 12:01:41 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.5134D3FD0971616436C9E7F52CA6EB86] - 09/04/2011 - 12:01:59 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.657C11CC7E035D4880678A12C0BC2DD8] - 09/04/2011 - 12:02:00 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.F482BF98CCE5F7E70F2245CD40F7FE35] - 09/04/2011 - 12:02:06 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.5A6A438F87918539FE298F353FBCF62E] - 09/04/2011 - 12:02:06 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.4CC3
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 avril 2011 à 13:46
héberge ton rapport il est incomplet et flo te donnera la suite
0
lullalynne
9 avril 2011 à 13:49
http://www.cijoint.fr/cjlink.php?file=cj201104/cij7LKKqiF.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
9 avril 2011 à 15:43
Ok, fait ceci :


* Lance ZHPFix (via ZHPDiag)
* Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
* Copie/colle les lignes suivantes et place les dans ZHPFix :

O4 - Global Startup: C:\Users\JCB\Desktop\SpiderMessenger.lnk . (...) -- C:\Program Files\SpiderMessenger\SpiderMessenger.exe (.not file.)
[HKCU\Software\SpiderMessenger]
[HKLM\Software\Classes\Interface\{6e4c89cf-3061-4ee4-b22a-b7a8aaea5cb3}]
O61 - LFC:Last File Created 09/04/2011 - 10:48:29 ---A- C:\Users\JCB\AppData\Local\Temp\~nsu.tmp\Au_.exe
O61 - LFC:Last File Created 06/04/2011 - 11:05:42 ---A- C:\Users\JCB\AppData\Local\Google\Toolbar Cache\6.6.1409.1944\fr\translate_element.js.content [2309]
O61 - LFC:Last File Created 07/04/2011 - 11:01:45 ---A- C:\Users\JCB\AppData\Local\Google\Toolbar Cache\6.6.1409.1944\fr\translate_languages.json.content [1481]
O61 - LFC:Last File Created 09/04/2011 - 12:38:27 ---A- C:\Users\JCB\AppData\Local\Google\Toolbar DNS data\data [43961]

* Clique sur « Tous », puis sur « Nettoyer »
* Copie/colle la totalité du rapport dans ta prochaine réponse


Puis, :


Tu vas utiliser le logiciel CCleaner pour faire un petit peu de nettoyage :

ATTENTION : Ce n'est en aucun cas un logiciel de désinfection, ccleaner va nettoyer le pc des fichiers temporaires inutiles ( certains sont infectieux quelquefois ) et autres cookies internet et accessoirement, il répare le registre pour o[b]ptimiser le pc/b, mais [b]il ne désinfecte pas/b le pc.

=> Famille outils d'optimisation

Tu peux garder l'outil sur ton pc pour un nettoyage de temps en temps ( environ 1 fois/mois )


>Telecharge et installe le Logiciel Ccleaner ici :

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

>Lances le programme et paramètre-le ainsi :

>Onglet "option" clique sur "avancé" décoche la case "effacer les fichiers temporaires de windows datant de plus de 48 heures".

>Nettoyage<

>Onglet "Nettoyeur" clique sur "analyser" puis sur "nettoyer", tu refait l'opération jusqu'à ce qu'il n'y ai plus rien a supprimer

>Onglet "registre" clique sur "rechercher les erreurs" puis "corriger les erreurs sélectionnées", tu refait l'opération jusqu'à ce qu'il n'y ai plus rien a réparer.

>Il est conseillé de garder l'outil sur son pc et de faire quotidiennement un nettoyage.



Ce logiciel est utilisé pour nettoyer les outils qui ont servi à la désinfection :
N'oublie pas de réactiver l'UAC si tu as eu besoin de la desactiver
[list]
[*] Téléchargez DelFix d'Xplode
[*] Lancez puis puis cliquez sur le bouton Suppression
[*] Après quelques secondes, un rapport s'ouvrira.
[*] Le rapport est sauvegardé à la racine du disque dur ( C:\DelFixSearch.txt )


Les infections se logent souvent dans les restauration du systeme sans que ne l'on puisse le voir, il est donc important de la purger si tu ne veux pas être réinfecter à la prochaine restauration si tu as besoin :

Purge la restauration de ton système


*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre le PC ...

*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre le PC ...




Créé un nouveau point de restauration :

> Démarrer
> Tous les programmes
> Accessoires
> Outils Système
> Restauration du système.


Devant l'écran d'accueil, choisi "créer un point de restauration", puis donnes-lui un nom comme "point de restauration saint par exemple" et clique sur "créer".




Améliorer sa sécurité


Conseils pour protéger son pc :

Un bon antivirus :

En gratuit : Avira Antivir ou Avast.

En payant :
Kaspersky ou Eset NOD32

Un pare-feu :

Le pare-feu de windows est suffisant pour une utilisation classique du pc.
Cependant, pour les utilisateurs plus rigoureux et recherchant une meilleure protection, je conseille des pare-feu professionnels gratuits :

Comodo ( désonseillé pour les novices et débutants car plutot complexe )
Kerio
Zone Alarm

Désinstaller celui de windows si on choisi un de ci-dessus.
Pour désactiver le pare-feu windows :

> Cliquer sur "Démarrer" puis "panneau de configuration"
> Cliquer sur "centre de sécurité" puis "pare-feu windows"
> Cocher la case "désactiver" et cliquer sur "ok"


Pour COMODO, voici un petit tuto pour le configurer : https://www.malekal.com/tutorial-comodo-firewall/

Un anti malware en plus :

Malwarebytes


Je te conseille de naviguer avec Firefox si ce n'est déja fait, télécharge la derniere version ici :

http://www.mozilla-europe.org/fr/firefox/


Couplée avec de bons modules complémentaires, on améliore vraiment sa sécurité, tu le couple avec :

- Noscript:
https://addons.mozilla.org/fr/firefox/addon/noscript/

>Tuto pour configurer noscript :

https://www.commentcamarche.net/faq/15677-noscript-un-bon-bouclier-et-obeissant

-Wot :

https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

-Adblock plus :

https://addons.mozilla.org/fr/firefox/addon/adblock-plus/

Tuto> http://www.6ma.fr/tuto/adblock-plus-bloquer-les-publicites-sur-firefox/


Evite les crack et le téléchargements avec des P2P (emule...) vecteurs de malwares :

https://forum.malekal.com/viewtopic.php?t=893&start=

https://forum.malekal.com/viewtopic.php?t=3208&start=


A consulter :

https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf

https://www.commentcamarche.net/faq/7752-logiciels-gratuits-pour-assurer-une-bonne-securite-de-base
0
Réponse 6 / 6
lullalynne
9 avril 2011 à 17:24
Rapport de ZHPFix 1.12.3274 par Nicolas Coolman, Update du 06/04/2011
Fichier d'export Registre : C:\ZHPExportRegistry-09-04-2011-17-13-55.txt
Run by JCB at 09/04/2011 17:13:55
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Clé(s) du Registre ==========
HKCU\Software\SpiderMessenger => Clé absente
HKLM\Software\Classes\Interface\{6e4c89cf-3061-4ee4-b22a-b7a8aaea5cb3} => Clé absente

========== Fichier(s) ==========
c:\users\jcb\desktop\spidermessenger.lnk => Fichier absent
c:\program files\spidermessenger\spidermessenger.exe => Fichier absent
c:\users\jcb\appdata\local\temp\~nsu.tmp\au_.exe => Fichier absent
c:\users\jcb\appdata\local\google\toolbar cache\6.6.1409.1944\fr\translate_element.js.content => Fichier absent
c:\users\jcb\appdata\local\google\toolbar cache\6.6.1409.1944\fr\translate_languages.json.content => Fichier absent
c:\users\jcb\appdata\local\google\toolbar dns data\data => Fichier absent

========== Autre ==========
http://www.cijoint.fr/cjlink.php?file=cj201104/cij7LKKqiF.txt => Format Non supporté


========== Récapitulatif ==========
2 : Clé(s) du Registre
6 : Fichier(s)
1 : Autre


End of the scan
0