Trojean.Eorezo

Résolu
boulba -  
 Utilisateur anonyme -
Bonjour,

<co
nfig>Windows 7 / Firefox 4.0.1</config>

Bsr

je suis infecté,par un trojean Eorezo,j'ai fait un scan avec Malwarebytes,vous envoie le resultas du scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6888

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/06/2011 19:45:35
mbam-log-2011-06-18 (19-45-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 158729
Temps écoulé: 2 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files (x86)\agence-exclusive\pctutobho.dll (Trojan.Eorezo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6888

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/06/2011 19:45:35
mbam-log-2011-06-18 (19-45-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 158729
Temps écoulé: 2 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files (x86)\agence-exclusive\pctutobho.dll (Trojan.Eorezo) -> Quarantined and deleted successfully.

40 réponses

  • 1
  • 2
Résumé de la discussion

Une infection par Trojan.Eorezo est signalée sur un système Windows 7 avec Firefox 4.0.1, après qu’un scan Malwarebytes a détecté et mis en quarantaine des éléments malveillants dans le registre et un fichier. Les résultats décrivent dix clés du registre infectées et un fichier détecté dans le répertoire c:\program files (x86)\agence-exclusive\pctutobho.dll, qui a été mis en quarantaine et supprimés, avec des modules et extensions malveillants retirés. Des solutions complémentaires telles que Delfix, Ad-Remover et CCleaner sont recommandées, avec la désactivation puis réactivation de la restauration système et l’inspection des extensions et barres d’outils du navigateur pour un nettoyage approfondi.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonsoir,

    relance MBAM, vide sa quarantaine,

    * Télécharge de AD-Remover sur ton Bureau. (Merci à l'équipe TeamXscript)
    http://www.teamxscript.org/adremoverTelechargement.html
    ( Lien officiel )

    https://www.androidworld.fr/
    ( Miroir )
    /!\ Ferme toutes applications en cours /!\

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « Nettoyer »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    0
  2. boulba
     
    voici le scan de AD-R

    ; Fichier de configuration des langues d'Ad-Remover (C_XX)
    ; Ne pas éditer ce fichier sous peine d'entrainer un dysfonctionnement d'Ad-Remover.

    ; GUI

    [FR]

    _MenuHelp=?
    _MenuHelpAbout=À propos
    _MenuHelpWebSite=Visiter le site web
    _MenuTools=Outils
    _MenuToolsQua=Gestion de la quarantaine
    _MenuToolsCtb=Gérer les barres d'outils

    Gui_ActionScan=Option: Scan
    Gui_ActionClean=Option: Nettoyage
    Gui_Button1_txt=Scanner
    Gui_Button2_txt=Nettoyer
    Gui_Button3_txt=Désinstaller
    Gui_Button4_txt=Quitter
    Gui_ButtonG_txt=Choix
    Gui_TimeSpendTxt=Temps écoulé:

    ; Boites de dialogue

    _BeginCleaning=Ad-Remover va commencer le nettoyage, laissez-le procèder. Veuillez noter qu'à la fin du nettoyage, certains de vos paramètres d'Internet Explorer seront réinitialisés. @CRLF@ @CRLF@ Cliquez sur OK pour amorcer la phase de nettoyage
    _BeginCleaning_Title=REDEMARRAGE
    _MissingComponents=ERREUR !--Un ou plusieurs composant(s) est/sont manquant(s) ! @CRLF@ @CRLF@ La réinstallation du programme peut corriger le problème. @CRLF@ @CRLF@ Composant(s) manquant(s):
    _MsgBoxConfirm=Confirmez-vous votre action?
    _NonRecognizedOS=Votre système d'exploitation n'a pas été reconnu par Ad-Remover. @CRLF@ @CRLF@ Voulez-vous cependant continuer ? ( Cela n'est pas sans risques ! )
    _NonRecognizedOS_Title=... Système d'exploitation non reconnu !!!
    _OptionalReboot=Il serait préférable de redémarrer la machine pour finaliser le nettoyage. @CRLF@Voulez-vous redémarrer ? ( Recommandé ) @CRLF@ @CRLF@Le rapport est situé ici:
    _OptionalReboot_Title=Redémarrage optionnel
    _ProcessesInformation=Ad-Remover va fermer tous les programmes afin de faciliter le nettoyage

    ; Entête rapport

    _Header1=RAPPORT D'$_NAME$ $_VER$ | UNIQUEMENT XP/VISTA/7
    _Header2=Mis à jour par $_AUTHOR$ le $_UPDATE_DATE$
    _Header3=Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    _Header4=Site web: http://www.teamxscript.org
    _Header5=Lancé à @HOUR@:@MIN@:@SEC@ le @MDAY@/@MON@/@YEAR@
    _NormalBootMode=Mode normal
    _ProfileName=Nom du profil:
    _SafeBootMode=Mode sans echec

    ; Descriptions éléments

    ServiceFound=Présent
    ServiceDeleted=Stoppé et supprimé
    ServiceNotDeleted=Erreur de suppression
    FileFound=Fichier trouvé:
    FileDeleted=Fichier supprimé:
    FileNotDeleted=Erreur suppression fichier:
    FolderFound=Dossier trouvé:
    FolderDeleted=Dossier supprimé:
    FolderNotDeleted=Erreur suppression dossier:
    RegKeyFound=Clé trouvée:
    RegKeyDeleted=Clé supprimée:
    RegKeyNotDeleted=Erreur suppression clé:
    RegValueFound=Valeur trouvée:
    RegValueDeleted=Valeur supprimée:
    RegValueNotDeleted=Erreur suppression valeur:

    ; Divers

    _Actions=Action(s)
    _Byte=Octet(s)
    _CannotCleanJsFile=/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
    _CannotGetVersion=Impossible d'obtenir la version
    _Enabled=Activé
    _EndAt=Fin à:
    _ExtraScan=Scan additionnel
    _File=Fichier(s)
    _FileOpened=Fichier ouvert
    _FileClosed=Fichier Fermé
    _Folder=Dossier(s)
    _FFLineFound=Ligne trouvée
    _FFLineDeleted=Ligne supprimée
    _Research=Recherche
    _TempFileDeleted=Fichiers temporaires supprimés.
    0
  3. CLAUDIUS52 Messages postés 22 Statut Membre
     
    Bjr

    jme suis trompé sur l'envoi du scan AD_R voici le bon:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:32:04 le 18/06/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    ICHGAR@ICHGAR-HP (Hewlett-Packard HP 625)

    ============== ACTION(S) ==============

    Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\PCtuto
    Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\Agence-Exclusive
    Erreur suppression dossier: C:\Users\ICHGAR\AppData\Local\Agence-Exclusive
    Dossier supprimé: C:\Program Files (x86)\Agence-Exclusive
    Dossier supprimé: C:\Users\ICHGAR\AppData\Local\PCTuto
    Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
    Dossier supprimé: C:\Program Files (x86)\PCTuto

    (!) -- Fichiers temporaires supprimés.

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
    HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
    HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

    -- C:\Users\ICHGAR\AppData\Roaming\Mozilla\FireFox\Profiles\zpzlq1zm.default --
    Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)
    Prefs.js - browser.startup.homepage, hxxp://gmx.fr/logout.html
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

    ========================================

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
    HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll)
    HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\windows\system32\TSWbPrxy.exe (x)
    HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
    HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Send To Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} - "Facetheme" (C:\Program Files (x86)\Object\bho_project.dll)
    BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 39 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 18/06/2011 22:34:10 (4860 Octet(s))

    Fin à: 22:35:04, 18/06/2011

    ============== E.O.F ==============
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    relance ADR, clique sur désinstaller,

    redemarre ton pc si ce n'est pas déjà fait,

    * Télécharge ZHPDiag sur ton bureau :

    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    ou
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    ou
    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
    http://dl.free.fr
    ou :
    http://www.cijoint.fr/
    ou :
    http://ww38.toofiles.com/fr/documents-upload.html
    ou :
    https://www.terafiles.net/

    tuto zhpdiag :

    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    0
  6. CLAUDIUS52
     
    Voici le rapport de ZHDiag:

    Rapport de ZHPDiag v1.27.232 par Nicolas Coolman, Update du 18/06/2011
    Run by ICHGAR at 19/06/2011 09:33:39
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v8.0.7600.16385
    MFIE: Mozilla Firefox 4.0.1 v (Defaut)

    ---\\ System Information
    Windows 7 Home Premium Edition, 64-bit (Build 7600)
    Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
    Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1788 MB (53% free)
    System Restore: Activé (Enable)
    System drive C: has 178 GB (82%) free of 216 GB

    ---\\ Logged in mode
    Computer Name: ICHGAR-HP
    User Name: ICHGAR
    All Users Names: ICHGAR, Administrateur,
    Unselected Option: O45,O61,O62,O65,O66,O82
    Logged in as Administrator

    ---\\ Environnement Variables
    %AppData%=C:\Users\ICHGAR\AppData\Roaming
    %LocalAppData%=C:\Users\ICHGAR\AppData\Local
    %StartMenu%=C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 216 Go)
    F:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
    G:\ CD-ROM drive (Not Inserted)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

    ---\\ Recherche particulière de fichiers génériques
    [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\windows\Explorer.exe [2870272]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\windows\system32\Wininit.exe [96256]
    [MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/04/2011 20:31:50.) -- C:\windows\system32\wininet.dll [981504]

    ---\\ Processus lancés
    [MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
    [MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992]
    [MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008]
    [MD5.9EB504E566BA99D7477BF923276FDA30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [659968]

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:\Users\ICHGAR\AppData\Roaming\Mozilla\Firefox\Profiles\zpzlq1zm.default\prefs.js
    M0 - MFSP: prefs.js [ICHGAR - zpzlq1zm.default] http://gmx.fr/logout.html
    M2 - MFEP: prefs.js [ICHGAR - zpzlq1zm.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.4 (.Dave Garrett.)

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com
    R0 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 1, 0, 3) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dl
    R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Symantec NCO BHO [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention [64Bits] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: BHO Project [64Bits] - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
    O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    ---\\ ---\\ Applications démarrées par registre & par dossier (O4)
    O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
    O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
    O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
    O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)

    ---\\ ---\\ Autres liens utilisateurs (O4)
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll
    O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
    O23 - Service: C:\windows\system32\Alg.exe (AMD External Events Utility) - Clé orpheline
    O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: (HP Wireless Assistant Service) . (.Hewlett-Packard - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: (hpHotkeyMonitor) . (.Hewlett-Packard Company - hpHotkeyMonitor Service.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    O23 - Service: (hpqwmiex) . (.Hewlett-Packard Company - hpqwmiex Module.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    O23 - Service: (pdfcDispatcher) . (.PDF Complete Inc - Dispatcher.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
    O23 - Service: (stllssvr) . (.MicroVision Development, Inc. - SureThing Labelflash Disc Printer Service M.) - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe

    ---\\ Enumération Active Desktop & MHTML Editor (O24)
    O24 - Default MHTML Editor: Last - .(...) - (.not file.)

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\windows\Tasks\HPCeeScheduleForICHGAR.job
    [MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForICHGAR] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    [MD5.34652E72A4AABE339E88490E48E12076] [APT] [InternetServiceOffers] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
    [MD5.34652E72A4AABE339E88490E48E12076] [APT] [Registration] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
    [MD5.986154FBD7AB1EB10AF2DAC0BC2D2E3E] [APT] [First Boot] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
    [MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Analyzer 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    [MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Processor 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
    O41 - Driver: (BHDrvx64) . (.Symantec Corporation - BASH Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
    O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
    O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\System32\DRIVERS\cdrom.sys
    O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\windows\System32\Drivers\dfsc.sys
    O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\windows\System32\drivers\discache.sys
    O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    O41 - Driver: (IDSVia64) . (.Symantec Corporation - IDS Core Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys
    O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
    O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\System32\DRIVERS\netbios.sys
    O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\System32\DRIVERS\netbt.sys
    O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\windows\System32\drivers\nsiproxy.sys
    O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\windows\System32\DRIVERS\pacer.sys
    O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\windows\System32\DRIVERS\rdbss.sys
    O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\System32\DRIVERS\RDPCDD.sys
    O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\windows\System32\drivers\rdpencdd.sys
    O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\windows\System32\drivers\rdprefmp.sys
    O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.sys
    O41 - Driver: (SymIRON) . (.Symantec Corporation - Iron Driver.) - C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.sys
    O41 - Driver: (SymNetS) . (.Symantec Corporation - Network Security Driver.) - C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.sys
    O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\windows\System32\DRIVERS\tdx.sys
    O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
    O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
    O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\windows\System32\DRIVERS\vwififlt.sys
    O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\windows\System32\DRIVERS\wanarp.sys
    O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\windows\System32\DRIVERS\wfplwf.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {560932B5-8702-7FB8-01AE-265EA44FAEEB}
    O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {254C37AA-6B72-4300-84F6-98A82419187E}
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
    O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {08234a0d-cf39-4dca-99f0-0c5cb496da81}
    O42 - Logiciel: Bing Bar Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {54B29835-EF99-41D2-9104-F159DE62F165}
    O42 - Logiciel: Bing Rewards Client Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
    O42 - Logiciel: Broadcom 2070 Bluetooth 3.0 - (.Broadcom Corporation.) [HKLM] -- {436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
    O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
    O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
    O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {16CA9DAC-6A40-4204-A826-33C4D52A266C}
    O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
    O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- _{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {E684A226-D7B1-4B14-9778-44AD48A654F0}
    O42 - Logiciel: Corel Home Office - CS Templates - (.????.) [HKLM][64Bits] -- {1A1E33D2-9824-454A-B8CB-50072118635A}
    O42 - Logiciel: Corel Home Office - CT Templates - (.??????.) [HKLM][64Bits] -- {26D19512-874B-4EDA-B7F1-779850B2AD5A}
    O42 - Logiciel: Corel Home Office - IPM - (.Corel Corporation.) [HKLM][64Bits] -- {0B2187A6-8ACC-4012-9817-9221211EF407}
    O42 - Logiciel: Corel Home Office - JP Templates - (.???.) [HKLM][64Bits] -- {1D11E96F-0405-4B99-8356-5750B1D9FAE9}
    O42 - Logiciel: Corel Home Office - KR Templates - (.???.) [HKLM][64Bits] -- {5746E4F9-77C6-47E8-A737-A5975A57B4AA}
    O42 - Logiciel: Corel Home Office - Launcher - (.Corel Corporation.) [HKLM][64Bits] -- {E74EA3B1-7192-489D-9A57-0AE918FEC001}
    O42 - Logiciel: Corel Home Office - Templates RU - (.???????? ???????????.) [HKLM][64Bits] -- {F45048A1-12C4-4B08-A3EB-32D88033368A}
    O42 - Logiciel: Corel Home Office - Templates1 - (.Your Company Name.) [HKLM][64Bits] -- {5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}
    O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
    O42 - Logiciel: Energy Star Digital Logo - (.Hewlett-Packard.) [HKLM][64Bits] -- {BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
    O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme
    O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
    O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
    O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {F097D8DF-B207-4EA1-91A4-A21B8425F9B4}
    O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {D9989A13-B173-4048-B8A5-93C204DCB1B3}
    O42 - Logiciel: HP HotKey Support - (.Hewlett-Packard Company.) [HKLM] -- {4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
    O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}
    O42 - Logiciel: HP SoftPaq Download Manager - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {2DA697D7-FED3-4DE2-A174-92A2A12F9688}
    O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {9CD3BB19-993E-469D-9E1F-B57A175C1411}
    O42 - Logiciel: HP Software Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {04801E42-B1A6-4C52-9F3D-CADB5A050433}
    O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E92D47A1-D27D-430A-8368-0BAFD956507D}
    O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
    O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM][64Bits] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
    O42 - Logiciel: HP Webcam Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}
    O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
    O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
    O42 - Logiciel: IDT Audio - (.IDT.) [HKLM][64Bits] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
    O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
    O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM][64Bits] -- {6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
    O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
    O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
    O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
    O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
    O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {06E6E30D-B498-442F-A943-07DE41D7F785}
    O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 4.0.1 (x86 fr)
    O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM][64Bits] -- NIS
    O42 - Logiciel: Norton Online Backup - (.Symantec.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
    O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto Avast_is1
    O42 - Logiciel: PDF Complete Special Edition - (.PDF Complete, Inc.) [HKLM][64Bits] -- PDF Complete
    O42 - Logiciel: PcTuto 1.1 - (.Agence-Exclusive.) [HKLM][64Bits] -- PcTuto_is1
    O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}
    O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM][64Bits] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
    O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM][64Bits] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
    O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM][64Bits] -- {537BF16E-7412-448C-95D8-846E85A1D817}
    O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM][64Bits] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
    O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM][64Bits] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
    O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM][64Bits] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
    O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM][64Bits] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
    O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM][64Bits] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
    O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15}
    O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
    O42 - Logiciel: Tuto Emule1.0.0.0 - (.PCTuto.) [HKLM][64Bits] -- Tuto Emule_is1
    O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1
    O42 - Logiciel: WinZip 14.5 - (.WinZip Computing, S.L. .) [HKLM][64Bits] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
    O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {5BF8E079-D6E2-4323-B794-75152371122A}
    O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
    O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
    O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
    O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
    O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
    O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
    O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
    O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
    O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
    O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
    O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
    O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
    O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
    O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
    O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}
    O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
    O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
    O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
    O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
    O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
    O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
    O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
    O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
    O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
    O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
    O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {05E379CC-F626-4E7D-8354-463865B303BF}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
    O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
    O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM][64Bits] -- eMule

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\ATI]
    [HKCU\Software\Ability 5.0]
    [HKCU\Software\Agence-Exclusive]
    [HKCU\Software\AppDataLow\Software\Microsoft]
    [HKCU\Software\AppDataLow\Software]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Classes]
    [HKCU\Software\Clients]
    [HKCU\Software\Hewlett-Packard]
    [HKCU\Software\IDT]
    [HKCU\Software\LightScribe]
    [HKCU\Software\Macromedia]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\Nico Mak Computing]
    [HKCU\Software\Norton]
    [HKCU\Software\PCTuto]
    [HKCU\Software\PDFComplete]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\SweetIM]
    [HKCU\Software\Synaptics]
    [HKCU\Software\Trolltech]
    [HKCU\Software\Widcomm]
    [HKCU\Software\WinZip Computing]
    [HKCU\Software\Wow6432Node]
    [HKCU\Software\eMule]
    [HKLM\Software\AMD]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\ATI]
    [HKLM\Software\Ability 5.0]
    [HKLM\Software\Agence-Exclusive]
    [HKLM\Software\BcmSetup]
    [HKLM\Software\CDDB]
    [HKLM\Software\Caphyon]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Corel Calculate]
    [HKLM\Software\Corel Show]
    [HKLM\Software\Corel Write]
    [HKLM\Software\Corel]
    [HKLM\Software\Google]
    [HKLM\Software\HPQ]
    [HKLM\Software\HP]
    [HKLM\Software\Hewlett-Packard Company]
    [HKLM\Software\Hewlett-Packard]
    [HKLM\Software\IDT]
    [HKLM\Software\InstalledOptions]
    [HKLM\Software\Intel]
    [HKLM\Software\Licenses]
    [HKLM\Software\LightScribe]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Malwarebytes' Anti-Malware]
    [HKLM\Software\MicroVision]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\Nico Mak Computing]
    [HKLM\Software\Norton]
    [HKLM\Software\ODBC]
    [HKLM\Software\PCTuto]
    [HKLM\Software\PDFComplete]
    [HKLM\Software\Piriform]
    [HKLM\Software\Policies]
    [HKLM\Software\RTLSetup]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\Roxio]
    [HKLM\Software\Skype]
    [HKLM\Software\Sonic]
    [HKLM\Software\SweetIM]
    [HKLM\Software\Symantec]
    [HKLM\Software\Synaptics]
    [HKLM\Software\Widcomm]
    [HKLM\Software\Wow6432Node]
    [HKLM\Software\mozilla.org]

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 23/03/2011 - 16:01:24 - [23278207] ----D- C:\Program Files\ATI
    O43 - CFD: 23/03/2011 - 16:09:12 - [12605859] ----D- C:\Program Files\Broadcom
    O43 - CFD: 17/06/2011 - 16:58:10 - [7422296] ----D- C:\Program Files\CCleaner
    O43 - CFD: 23/03/2011 - 16:11:56 - [105737151] ----D- C:\Program Files\Common Files
    O43 - CFD: 09/12/2010 - 00:53:44 - [90566676] ----D- C:\Program Files\DVD Maker
    O43 - CFD: 23/03/2011 - 16:17:00 - [12339231] ----D- C:\Program Files\Hewlett-Packard
    O43 - CFD: 23/03/2011 - 16:12:50 - [38085244] ----D- C:\Program Files\IDT
    O43 - CFD: 17/06/2011 - 15:57:04 - [5447692] ----D- C:\Program Files\Internet Explorer
    O43 - CFD: 27/07/2009 - 16:27:32 - [151776306] ----D- C:\Program Files\Microsoft Games
    O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
    O43 - CFD: 14/07/2009 - 07:32:40 - [42549417] ----D- C:\Program Files\Reference Assemblies
    O43 - CFD: 16/06/2011 - 22:09:18 - [0] ----D- C:\Program Files\Symantec
    O43 - CFD: 09/12/2010 - 01:12:50 - [31755783] ----D- C:\Program Files\Synaptics
    O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
    O43 - CFD: 23/03/2011 - 16:06:58 - [184921240] ----D- C:\Program Files\WIDCOMM
    O43 - CFD: 09/12/2010 - 00:53:44 - [4476928] ----D- C:\Program Files\Windows Defender
    O43 - CFD: 09/12/2010 - 00:53:44 - [9688696] ----D- C:\Program Files\Windows Journal
    O43 - CFD: 16/06/2011 - 11:54:24 - [7987385] ----D- C:\Program Files\Windows Live
    O43 - CFD: 17/06/2011 - 15:57:02 - [8903168] ----D- C:\Program Files\Windows Mail
    O43 - CFD: 17/06/2011 - 15:56:50 - [8274861] ----D- C:\Program Files\Windows Media Player
    O43 - CFD: 14/07/2009 - 07:32:40 - [13158580] ----D- C:\Program Files\Windows NT
    O43 - CFD: 09/12/2010 - 00:53:44 - [5739288] ----D- C:\Program Files\Windows Photo Viewer
    O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
    O43 - CFD: 16/06/2011 - 09:32:10 - [11112863] ----D- C:\Program Files\Windows Sidebar
    O43 - CFD: 16/06/2011 - 11:53:44 - [90878326] ----D- C:\Program Files\Common Files\Microsoft Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
    O43 - CFD: 14/07/2009 - 05:20:10 - [619008] ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD: 23/03/2011 - 16:11:58 - [1029064] ----D- C:\Program Files\Common Files\Symantec Shared
    O43 - CFD: 09/12/2010 - 00:53:44 - [13208051] ----D- C:\Program Files\Common Files\System
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
    O43 - CFD: 16/06/2011 - 09:48:18 - [187] ----D- C:\ProgramData\ATI
    O43 - CFD: 09/12/2010 - 01:01:02 - [17156089] ----D- C:\ProgramData\Corel
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
    O43 - CFD: 16/06/2011 - 15:09:12 - [0] ----D- C:\ProgramData\eMule
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
    O43 - CFD: 17/06/2011 - 15:53:52 - [1325137] ----D- C:\ProgramData\Hewlett-Packard
    O43 - CFD: 17/06/2011 - 15:24:16 - [710] ----D- C:\ProgramData\LightScribe
    O43 - CFD: 18/06/2011 - 19:40:44 - [6833566] ----D- C:\ProgramData\Malwarebytes
    O43 - CFD: 17/06/2011 - 16:49:08 - [4156867516] -S--D- C:\ProgramData\Microsoft
    O43 - CFD: 16/06/2011 - 21:47:46 - [233284198] ----D- C:\ProgramData\Norton
    O43 - CFD: 23/03/2011 - 16:10:52 - [561847] ----D- C:\ProgramData\NortonInstaller
    O43 - CFD: 16/06/2011 - 10:32:30 - [0] ----D- C:\ProgramData\PDFC
    O43 - CFD: 23/03/2011 - 16:17:14 - [20524458] ----D- C:\ProgramData\Skype
    O43 - CFD: 09/12/2010 - 01:12:04 - [951] ----D- C:\ProgramData\Sonic
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
    O43 - CFD: 16/06/2011 - 10:18:42 - [104700] ----D- C:\ProgramData\SweetIM
    O43 - CFD: 16/06/2011 - 09:32:04 - [913] ----D- C:\ProgramData\Symantec
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
    O43 - CFD: 23/03/2011 - 16:17:02 - [11417628] ----D- C:\ProgramData\Uninstall
    O43 - CFD: 16/06/2011 - 09:30:08 - [28] ----D- C:\ProgramData\WinZip
    O43 - CFD: 09/12/2010 - 01:01:44 - [35356150] ----D- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
    O43 - CFD: 17/06/2011 - 16:21:20 - [36484086] ----D- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
    O43 - CFD: 16/06/2011 - 09:54:30 - [156463] ----D- C:\Users\ICHGAR\AppData\Roaming\Adobe
    O43 - CFD: 16/06/2011 - 09:48:18 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\ATI
    O43 - CFD: 17/06/2011 - 17:14:50 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\CorelHomeOffice
    O43 - CFD: 17/06/2011 - 15:54:36 - [53005] ----D- C:\Users\ICHGAR\AppData\Roaming\Hewlett-Packard
    O43 - CFD: 16/06/2011 - 13:55:40 - [44709] ----D- C:\Users\ICHGAR\AppData\Roaming\hpqLog
    O43 - CFD: 16/06/2011 - 09:46:48 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\Identities
    O43 - CFD: 16/06/2011 - 09:54:34 - [776] ----D- C:\Users\ICHGAR\AppData\Roaming\Macromedia
    O43 - CFD: 18/06/2011 - 19:40:52 - [236071] ----D- C:\Users\ICHGAR\AppData\Roaming\Malwarebytes
    O43 - CFD: 18/06/2011 - 09:09:48 - [1632659] -S--D- C:\Users\ICHGAR\AppData\Roaming\Microsoft
    O43 - CFD: 16/06/2011 - 12:18:22 - [23736560] ----D- C:\Users\ICHGAR\AppData\Roaming\Mozilla
    O43 - CFD: 16/06/2011 - 15:01:00 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Agence-Exclusive
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Application Data
    O43 - CFD: 16/06/2011 - 09:48:18 - [72286] ----D- C:\Users\ICHGAR\Appdata\Local\ATI
    O43 - CFD: 16/06/2011 - 09:47:22 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Broadcom
    O43 - CFD: 16/06/2011 - 11:34:10 - [1991204] ----D- C:\Users\ICHGAR\Appdata\Local\CrashDumps
    O43 - CFD: 16/06/2011 - 10:43:44 - [320431] ----D- C:\Users\ICHGAR\Appdata\Local\ElevatedDiagnostics
    O43 - CFD: 16/06/2011 - 15:28:44 - [75573] ----D- C:\Users\ICHGAR\Appdata\Local\eMule
    O43 - CFD: 16/06/2011 - 09:46:12 - [722869] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard
    O43 - CFD: 16/06/2011 - 09:32:08 - [1764] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard_Company
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Historique
    O43 - CFD: 17/06/2011 - 16:49:08 - [34708576] ----D- C:\Users\ICHGAR\Appdata\Local\Microsoft
    O43 - CFD: 16/06/2011 - 12:18:08 - [109837242] ----D- C:\Users\ICHGAR\Appdata\Local\Mozilla
    O43 - CFD: 16/06/2011 - 09:47:12 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\PDFC
    O43 - CFD: 16/06/2011 - 09:46:08 - [373] ----D- C:\Users\ICHGAR\Appdata\Local\RemEngine
    O43 - CFD: 16/06/2011 - 10:23:24 - [2693] ----D- C:\Users\ICHGAR\Appdata\Local\Roxio
    O43 - CFD: 19/06/2011 - 09:32:36 - [408292] ----D- C:\Users\ICHGAR\Appdata\Local\Temp
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Temporary Internet Files
    O43 - CFD: 16/06/2011 - 09:46:28 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\VirtualStore
    O43 - CFD: 16/06/2011 - 12:08:10 - [8192] ----D- C:\Users\ICHGAR\Appdata\Local\Windows Live
    O43 - CFD: 14/07/2009 - 06:54:34 - [14669] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    O43 - CFD: 16/06/2011 - 09:47:02 - [174] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    O43 - CFD: 14/07/2009 - 06:49:40 - [580] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    O43 - CFD: 19/06/2011 - 09:33:24 - [0] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    O43 - CFD: 23/03/2011 - 16:02:40 - [79659861] ----D- C:\Program Files (x86)\ATI Technologies
    O43 - CFD: 09/12/2010 - 01:14:16 - [999384] ----D- C:\Program Files (x86)\Bing Bar Installer
    O43 - CFD: 16/06/2011 - 12:40:46 - [519904485] ----D- C:\Program Files (x86)\Common Files
    O43 - CFD: 09/12/2010 - 01:00:18 - [409860640] ----D- C:\Program Files (x86)\Corel
    O43 - CFD: 17/06/2011 - 16:22:54 - [1053756251] ----D- C:\Program Files (x86)\Hewlett-Packard
    O43 - CFD: 17/06/2011 - 16:33:48 - [18111996] --H-D- C:\Program Files (x86)\InstallShield Installation Information
    O43 - CFD: 17/06/2011 - 15:57:04 - [4750352] ----D- C:\Program Files (x86)\Internet Explorer
    O43 - CFD: 18/06/2011 - 19:40:48 - [7580101] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    O43 - CFD: 09/12/2010 - 01:14:10 - [4167645] ----D- C:\Program Files (x86)\Microsoft
    O43 - CFD: 09/12/2010 - 01:06:12 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
    O43 - CFD: 09/12/2010 - 01:13:46 - [38271979] ----D- C:\Program Files (x86)\Microsoft Silverlight
    O43 - CFD: 16/06/2011 - 11:57:26 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    O43 - CFD: 16/06/2011 - 12:17:54 - [32640745] ----D- C:\Program Files (x86)\Mozilla Firefox
    O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
    O43 - CFD: 09/12/2010 - 01:14:10 - [5416080] ----D- C:\Program Files (x86)\MSN Toolbar
    O43 - CFD: 23/03/2011 - 16:11:28 - [206168849] ----D- C:\Program Files (x86)\Norton Internet Security
    O43 - CFD: 23/03/2011 - 16:10:52 - [27119443] ----D- C:\Program Files (x86)\NortonInstaller
    O43 - CFD: 16/06/2011 - 10:16:50 - [161491] ----D- C:\Program Files (x86)\Object
    O43 - CFD: 16/06/2011 - 09:32:22 - [1237] R---D- C:\Program Files (x86)\Online Services
    O43 - CFD: 09/12/2010 - 00:59:36 - [38012713] ----D- C:\Program Files (x86)\PDF Complete
    O43 - CFD: 23/03/2011 - 16:15:14 - [3265869] ----D- C:\Program Files (x86)\Realtek
    O43 - CFD: 14/07/2009 - 07:32:40 - [44892929] ----D- C:\Program Files (x86)\Reference Assemblies
    O43 - CFD: 09/12/2010 - 01:12:24 - [49381754] ----D- C:\Program Files (x86)\Roxio
    O43 - CFD: 23/03/2011 - 16:17:14 - [30309653] R---D- C:\Program Files (x86)\Skype
    O43 - CFD: 16/06/2011 - 10:18:58 - [8851323] ----D- C:\Program Files (x86)\SweetIM
    O43 - CFD: 16/06/2011 - 09:32:04 - [3473496] ----D- C:\Program Files (x86)\Symantec
    O43 - CFD: 23/03/2011 - 16:12:08 - [665968] ----D- C:\Program Files (x86)\SymSilent
    O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
    O43 - CFD: 09/12/2010 - 00:53:44 - [754176] ----D- C:\Program Files (x86)\Windows Defender
    O43 - CFD: 16/06/2011 - 11:59:32 - [185366642] ----D- C:\Program Files (x86)\Windows Live
    O43 - CFD: 17/06/2011 - 15:57:02 - [8416768] ----D- C:\Program Files (x86)\Windows Mail
    O43 - CFD: 17/06/2011 - 15:56:50 - [5417233] ----D- C:\Program Files (x86)\Windows Media Player
    O43 - CFD: 14/07/2009 - 07:32:40 - [12729012] ----D- C:\Program Files (x86)\Windows NT
    O43 - CFD: 09/12/2010 - 00:53:44 - [4640520] ----D- C:\Program Files (x86)\Windows Photo Viewer
    O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
    O43 - CFD: 16/06/2011 - 09:32:10 - [9725514] ----D- C:\Program Files (x86)\Windows Sidebar
    O43 - CFD: 16/06/2011 - 09:30:06 - [20673124] ----D- C:\Program Files (x86)\WinZip
    O43 - CFD: 19/06/2011 - 09:33:54 - [3907336] ----D- C:\Program Files (x86)\ZHPDiag
    O43 - CFD: 09/12/2010 - 00:58:58 - [2075653] ----D- C:\Program Files (x86)\Common Files\InstallShield
    O43 - CFD: 09/12/2010 - 01:35:32 - [36024838] ----D- C:\Program Files (x86)\Common Files\LightScribe
    O43 - CFD: 16/06/2011 - 11:52:30 - [20950138] ----D- C:\Program Files (x86)\Common Files\microsoft shared
    O43 - CFD: 09/12/2010 - 01:01:02 - [1653312] ----D- C:\Program Files (x86)\Common Files\Protexis
    O43 - CFD: 09/12/2010 - 01:11:58 - [4546384] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
    O43 - CFD: 09/12/2010 - 01:12:26 - [112878078] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
    O43 - CFD: 23/03/2011 - 16:17:14 - [2135336] ----D- C:\Program Files (x86)\Common Files\Skype
    O43 - CFD: 09/12/2010 - 01:12:00 - [1461415] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [41114023] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
    O43 - CFD: 09/12/2010 - 01:12:18 - [732768] ----D- C:\Program Files (x86)\Common Files\SureThing Shared
    O43 - CFD: 16/06/2011 - 12:40:46 - [618784] ----D- C:\Program Files (x86)\Common Files\Symantec Shared
    O43 - CFD: 09/12/2010 - 00:53:44 - [11336691] ----D- C:\Program Files (x86)\Common Files\System
    O43 - CFD: 16/06/2011 - 11:41:56 - [284374363] ----D- C:\Program Files (x86)\Common Files\Windows Live

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.8CEE1800FEFFFFFF57494E444F577E31] - 19/06/2011 - 08:21:12 ---A- . (...) -- C:\windows\WindowsUpdate.log [1321681]
    O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19760]
    O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19760]
    O44 - LFC:[MD5.63DFDF42EC36AE5C69B091D4A8DD1BC7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\PerfStringBackup.INI [3894956]
    O44 - LFC:[MD5.461CAA83AF49500E1ED6088AAB897A1A] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc007.dat [125928]
    O44 - LFC:[MD5.C6F145E3793460A56028E54B6A084431] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc009.dat [103568]
    O44 - LFC:[MD5.0D4607DA081946EDD91C2D0431E232BD] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc00C.dat [127684]
    O44 - LFC:[MD5.B8D7469CF54913A7D19F638E9D1A675C] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc010.dat [124006]
    O44 - LFC:[MD5.3D34624AA7A7E32E57756ABF10BE78D1] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc013.dat [129608]
    O44 - LFC:[MD5.AF93E375869701AC67C048154BEA3EDA] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh007.dat [633536]
    O44 - LFC:[MD5.08CE9D1E38ABB5E24C9B53ABFE5D454F] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh009.dat [607190]
    O44 - LFC:[MD5.8062FB9A9A3B257B1DA8122828C5823E] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh00C.dat [695004]
    O44 - LFC:[MD5.C8DEADCFC5C1E395671A76C79C97D944] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh010.dat [680010]
    O44 - LFC:[MD5.ABBDB6F2D30D8C6C402E50F2DED019A7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh013.dat [681356]
    O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 19/06/2011 - 07:28:51 ---A- . (...) -- C:\windows\setupact.log [168]
    O44 - LFC:[MD5.AFCE08BA276A319F4E353EE76AAF1777] - 19/06/2011 - 07:28:49 -S-A- . (...) -- C:\windows\bootstat.dat [67584]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/06/2011 - 18:51:59 ---A- . (...) -- C:\windows\setuperr.log [0]
    O44 - LFC:[MD5.7D782C3CAB62F19C39A1B3870C5D3DFE] - 17/06/2011 - 15:00:11 ---A- . (...) -- C:\windows\SysNative\FNTCACHE.DAT [276216]
    O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\SysNative\atmlib.dll [46080]
    O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\System32\atmlib.dll [34304]
    O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\SysNative\atmfd.dll [367104]
    O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\System32\atmfd.dll [294912]
    O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\SysNative\license.rtf [53560]
    O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\System32\license.rtf [53560]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/06/2011 - 08:29:47 RSHA- . (...) -- C:\windows\System32\drivers\103C_HP_bNB_625_Y5336AN_0U_Q5CG1120NX2_EPO647283-B2A_4A_I1475_SHP_V72.0E_68DVA F.06_T101207_WU3-0_L40C_M1789_J250_7AMD_8F63_92.40_#10120

    ---\\ Contrôle du Safe Boot (CSB) (O49)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\Drivers\ipnat.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\windows\System32\Drivers\nsiproxy.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\windows\System32\Drivers\rdpencdd.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)

    ---\\ Trojan Driver Search Data (HKLM) (O52)
    O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
    O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

    ---\\ ShareTools MSconfig StartupReg (O53)
    O53 - SMSR:HKLM\...\startupreg\PDF Complete [Key] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe

    ---\\ Microsoft Control Security Providers (O54)
    O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
    O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll

    ---\\ Microsoft Windows Policies System (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
    O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

    ---\\ Microsoft Windows Policies Explorer (O56)
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
    O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

    ---\\ Liste des Drivers Système (O58)
    O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [491088]
    O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [339536]
    O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\windows\system32\drivers\adpu320.sys [182864]
    O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [15440]
    O58 - SDL:[MD5.AB3166C09438A161FBDE13099A72E0AF] - 12/05/2010 - 09:37:32 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [107912]
    O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\windows\system32\drivers\amdsbs.sys [194128]
    O58 - SDL:[MD5.5118DCD2065D8C8D752AD5E
    0
  7. CLAUDIUS52
     
    voici le rapport:

    Rapport de ZHPDiag v1.27.232 par Nicolas Coolman, Update du 18/06/2011
    Run by ICHGAR at 19/06/2011 09:33:39
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v8.0.7600.16385
    MFIE: Mozilla Firefox 4.0.1 v (Defaut)

    ---\\ System Information
    Windows 7 Home Premium Edition, 64-bit (Build 7600)
    Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
    Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1788 MB (53% free)
    System Restore: Activé (Enable)
    System drive C: has 178 GB (82%) free of 216 GB

    ---\\ Logged in mode
    Computer Name: ICHGAR-HP
    User Name: ICHGAR
    All Users Names: ICHGAR, Administrateur,
    Unselected Option: O45,O61,O62,O65,O66,O82
    Logged in as Administrator

    ---\\ Environnement Variables
    %AppData%=C:\Users\ICHGAR\AppData\Roaming
    %LocalAppData%=C:\Users\ICHGAR\AppData\Local
    %StartMenu%=C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 216 Go)
    F:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
    G:\ CD-ROM drive (Not Inserted)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

    ---\\ Recherche particulière de fichiers génériques
    [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\windows\Explorer.exe [2870272]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\windows\system32\Wininit.exe [96256]
    [MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/04/2011 20:31:50.) -- C:\windows\system32\wininet.dll [981504]

    ---\\ Processus lancés
    [MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
    [MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992]
    [MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008]
    [MD5.9EB504E566BA99D7477BF923276FDA30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [659968]

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:\Users\ICHGAR\AppData\Roaming\Mozilla\Firefox\Profiles\zpzlq1zm.default\prefs.js
    M0 - MFSP: prefs.js [ICHGAR - zpzlq1zm.default] http://gmx.fr/logout.html
    M2 - MFEP: prefs.js [ICHGAR - zpzlq1zm.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.4 (.Dave Garrett.)

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com
    R0 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 1, 0, 3) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dl
    R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Symantec NCO BHO [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention [64Bits] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: BHO Project [64Bits] - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
    O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    ---\\ ---\\ Applications démarrées par registre & par dossier (O4)
    O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
    O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
    O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
    O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)

    ---\\ ---\\ Autres liens utilisateurs (O4)
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll
    O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
    O23 - Service: C:\windows\system32\Alg.exe (AMD External Events Utility) - Clé orpheline
    O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: (HP Wireless Assistant Service) . (.Hewlett-Packard - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: (hpHotkeyMonitor) . (.Hewlett-Packard Company - hpHotkeyMonitor Service.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    O23 - Service: (hpqwmiex) . (.Hewlett-Packard Company - hpqwmiex Module.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    O23 - Service: (pdfcDispatcher) . (.PDF Complete Inc - Dispatcher.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
    O23 - Service: (stllssvr) . (.MicroVision Development, Inc. - SureThing Labelflash Disc Printer Service M.) - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe

    ---\\ Enumération Active Desktop & MHTML Editor (O24)
    O24 - Default MHTML Editor: Last - .(...) - (.not file.)

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\windows\Tasks\HPCeeScheduleForICHGAR.job
    [MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForICHGAR] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    [MD5.34652E72A4AABE339E88490E48E12076] [APT] [InternetServiceOffers] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
    [MD5.34652E72A4AABE339E88490E48E12076] [APT] [Registration] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
    [MD5.986154FBD7AB1EB10AF2DAC0BC2D2E3E] [APT] [First Boot] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
    [MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Analyzer 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    [MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Processor 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
    O41 - Driver: (BHDrvx64) . (.Symantec Corporation - BASH Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
    O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
    O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\System32\DRIVERS\cdrom.sys
    O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\windows\System32\Drivers\dfsc.sys
    O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\windows\System32\drivers\discache.sys
    O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    O41 - Driver: (IDSVia64) . (.Symantec Corporation - IDS Core Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys
    O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
    O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\System32\DRIVERS\netbios.sys
    O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\System32\DRIVERS\netbt.sys
    O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\windows\System32\drivers\nsiproxy.sys
    O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\windows\System32\DRIVERS\pacer.sys
    O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\windows\System32\DRIVERS\rdbss.sys
    O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\System32\DRIVERS\RDPCDD.sys
    O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\windows\System32\drivers\rdpencdd.sys
    O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\windows\System32\drivers\rdprefmp.sys
    O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.sys
    O41 - Driver: (SymIRON) . (.Symantec Corporation - Iron Driver.) - C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.sys
    O41 - Driver: (SymNetS) . (.Symantec Corporation - Network Security Driver.) - C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.sys
    O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\windows\System32\DRIVERS\tdx.sys
    O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
    O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
    O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\windows\System32\DRIVERS\vwififlt.sys
    O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\windows\System32\DRIVERS\wanarp.sys
    O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\windows\System32\DRIVERS\wfplwf.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {560932B5-8702-7FB8-01AE-265EA44FAEEB}
    O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {254C37AA-6B72-4300-84F6-98A82419187E}
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
    O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {08234a0d-cf39-4dca-99f0-0c5cb496da81}
    O42 - Logiciel: Bing Bar Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {54B29835-EF99-41D2-9104-F159DE62F165}
    O42 - Logiciel: Bing Rewards Client Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
    O42 - Logiciel: Broadcom 2070 Bluetooth 3.0 - (.Broadcom Corporation.) [HKLM] -- {436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
    O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
    O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
    O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {16CA9DAC-6A40-4204-A826-33C4D52A266C}
    O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
    O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- _{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
    O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {E684A226-D7B1-4B14-9778-44AD48A654F0}
    O42 - Logiciel: Corel Home Office - CS Templates - (.????.) [HKLM][64Bits] -- {1A1E33D2-9824-454A-B8CB-50072118635A}
    O42 - Logiciel: Corel Home Office - CT Templates - (.??????.) [HKLM][64Bits] -- {26D19512-874B-4EDA-B7F1-779850B2AD5A}
    O42 - Logiciel: Corel Home Office - IPM - (.Corel Corporation.) [HKLM][64Bits] -- {0B2187A6-8ACC-4012-9817-9221211EF407}
    O42 - Logiciel: Corel Home Office - JP Templates - (.???.) [HKLM][64Bits] -- {1D11E96F-0405-4B99-8356-5750B1D9FAE9}
    O42 - Logiciel: Corel Home Office - KR Templates - (.???.) [HKLM][64Bits] -- {5746E4F9-77C6-47E8-A737-A5975A57B4AA}
    O42 - Logiciel: Corel Home Office - Launcher - (.Corel Corporation.) [HKLM][64Bits] -- {E74EA3B1-7192-489D-9A57-0AE918FEC001}
    O42 - Logiciel: Corel Home Office - Templates RU - (.???????? ???????????.) [HKLM][64Bits] -- {F45048A1-12C4-4B08-A3EB-32D88033368A}
    O42 - Logiciel: Corel Home Office - Templates1 - (.Your Company Name.) [HKLM][64Bits] -- {5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}
    O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
    O42 - Logiciel: Energy Star Digital Logo - (.Hewlett-Packard.) [HKLM][64Bits] -- {BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
    O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme
    O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
    O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
    O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {F097D8DF-B207-4EA1-91A4-A21B8425F9B4}
    O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {D9989A13-B173-4048-B8A5-93C204DCB1B3}
    O42 - Logiciel: HP HotKey Support - (.Hewlett-Packard Company.) [HKLM] -- {4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
    O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}
    O42 - Logiciel: HP SoftPaq Download Manager - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {2DA697D7-FED3-4DE2-A174-92A2A12F9688}
    O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {9CD3BB19-993E-469D-9E1F-B57A175C1411}
    O42 - Logiciel: HP Software Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {04801E42-B1A6-4C52-9F3D-CADB5A050433}
    O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E92D47A1-D27D-430A-8368-0BAFD956507D}
    O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
    O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM][64Bits] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
    O42 - Logiciel: HP Webcam Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}
    O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
    O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
    O42 - Logiciel: IDT Audio - (.IDT.) [HKLM][64Bits] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
    O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
    O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM][64Bits] -- {6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
    O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
    O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
    O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
    O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
    O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {06E6E30D-B498-442F-A943-07DE41D7F785}
    O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 4.0.1 (x86 fr)
    O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM][64Bits] -- NIS
    O42 - Logiciel: Norton Online Backup - (.Symantec.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
    O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto Avast_is1
    O42 - Logiciel: PDF Complete Special Edition - (.PDF Complete, Inc.) [HKLM][64Bits] -- PDF Complete
    O42 - Logiciel: PcTuto 1.1 - (.Agence-Exclusive.) [HKLM][64Bits] -- PcTuto_is1
    O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}
    O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM][64Bits] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
    O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM][64Bits] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
    O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM][64Bits] -- {537BF16E-7412-448C-95D8-846E85A1D817}
    O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM][64Bits] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
    O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM][64Bits] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
    O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM][64Bits] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
    O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM][64Bits] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
    O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM][64Bits] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
    O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15}
    O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
    O42 - Logiciel: Tuto Emule1.0.0.0 - (.PCTuto.) [HKLM][64Bits] -- Tuto Emule_is1
    O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1
    O42 - Logiciel: WinZip 14.5 - (.WinZip Computing, S.L. .) [HKLM][64Bits] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
    O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {5BF8E079-D6E2-4323-B794-75152371122A}
    O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
    O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
    O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
    O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
    O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
    O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
    O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
    O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
    O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
    O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
    O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
    O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
    O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
    O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
    O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}
    O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
    O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
    O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
    O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
    O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
    O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
    O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
    O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
    O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
    O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
    O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {05E379CC-F626-4E7D-8354-463865B303BF}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
    O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
    O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM][64Bits] -- eMule

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\ATI]
    [HKCU\Software\Ability 5.0]
    [HKCU\Software\Agence-Exclusive]
    [HKCU\Software\AppDataLow\Software\Microsoft]
    [HKCU\Software\AppDataLow\Software]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Classes]
    [HKCU\Software\Clients]
    [HKCU\Software\Hewlett-Packard]
    [HKCU\Software\IDT]
    [HKCU\Software\LightScribe]
    [HKCU\Software\Macromedia]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\Nico Mak Computing]
    [HKCU\Software\Norton]
    [HKCU\Software\PCTuto]
    [HKCU\Software\PDFComplete]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\SweetIM]
    [HKCU\Software\Synaptics]
    [HKCU\Software\Trolltech]
    [HKCU\Software\Widcomm]
    [HKCU\Software\WinZip Computing]
    [HKCU\Software\Wow6432Node]
    [HKCU\Software\eMule]
    [HKLM\Software\AMD]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\ATI]
    [HKLM\Software\Ability 5.0]
    [HKLM\Software\Agence-Exclusive]
    [HKLM\Software\BcmSetup]
    [HKLM\Software\CDDB]
    [HKLM\Software\Caphyon]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Corel Calculate]
    [HKLM\Software\Corel Show]
    [HKLM\Software\Corel Write]
    [HKLM\Software\Corel]
    [HKLM\Software\Google]
    [HKLM\Software\HPQ]
    [HKLM\Software\HP]
    [HKLM\Software\Hewlett-Packard Company]
    [HKLM\Software\Hewlett-Packard]
    [HKLM\Software\IDT]
    [HKLM\Software\InstalledOptions]
    [HKLM\Software\Intel]
    [HKLM\Software\Licenses]
    [HKLM\Software\LightScribe]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Malwarebytes' Anti-Malware]
    [HKLM\Software\MicroVision]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\Nico Mak Computing]
    [HKLM\Software\Norton]
    [HKLM\Software\ODBC]
    [HKLM\Software\PCTuto]
    [HKLM\Software\PDFComplete]
    [HKLM\Software\Piriform]
    [HKLM\Software\Policies]
    [HKLM\Software\RTLSetup]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\Roxio]
    [HKLM\Software\Skype]
    [HKLM\Software\Sonic]
    [HKLM\Software\SweetIM]
    [HKLM\Software\Symantec]
    [HKLM\Software\Synaptics]
    [HKLM\Software\Widcomm]
    [HKLM\Software\Wow6432Node]
    [HKLM\Software\mozilla.org]

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 23/03/2011 - 16:01:24 - [23278207] ----D- C:\Program Files\ATI
    O43 - CFD: 23/03/2011 - 16:09:12 - [12605859] ----D- C:\Program Files\Broadcom
    O43 - CFD: 17/06/2011 - 16:58:10 - [7422296] ----D- C:\Program Files\CCleaner
    O43 - CFD: 23/03/2011 - 16:11:56 - [105737151] ----D- C:\Program Files\Common Files
    O43 - CFD: 09/12/2010 - 00:53:44 - [90566676] ----D- C:\Program Files\DVD Maker
    O43 - CFD: 23/03/2011 - 16:17:00 - [12339231] ----D- C:\Program Files\Hewlett-Packard
    O43 - CFD: 23/03/2011 - 16:12:50 - [38085244] ----D- C:\Program Files\IDT
    O43 - CFD: 17/06/2011 - 15:57:04 - [5447692] ----D- C:\Program Files\Internet Explorer
    O43 - CFD: 27/07/2009 - 16:27:32 - [151776306] ----D- C:\Program Files\Microsoft Games
    O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
    O43 - CFD: 14/07/2009 - 07:32:40 - [42549417] ----D- C:\Program Files\Reference Assemblies
    O43 - CFD: 16/06/2011 - 22:09:18 - [0] ----D- C:\Program Files\Symantec
    O43 - CFD: 09/12/2010 - 01:12:50 - [31755783] ----D- C:\Program Files\Synaptics
    O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
    O43 - CFD: 23/03/2011 - 16:06:58 - [184921240] ----D- C:\Program Files\WIDCOMM
    O43 - CFD: 09/12/2010 - 00:53:44 - [4476928] ----D- C:\Program Files\Windows Defender
    O43 - CFD: 09/12/2010 - 00:53:44 - [9688696] ----D- C:\Program Files\Windows Journal
    O43 - CFD: 16/06/2011 - 11:54:24 - [7987385] ----D- C:\Program Files\Windows Live
    O43 - CFD: 17/06/2011 - 15:57:02 - [8903168] ----D- C:\Program Files\Windows Mail
    O43 - CFD: 17/06/2011 - 15:56:50 - [8274861] ----D- C:\Program Files\Windows Media Player
    O43 - CFD: 14/07/2009 - 07:32:40 - [13158580] ----D- C:\Program Files\Windows NT
    O43 - CFD: 09/12/2010 - 00:53:44 - [5739288] ----D- C:\Program Files\Windows Photo Viewer
    O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
    O43 - CFD: 16/06/2011 - 09:32:10 - [11112863] ----D- C:\Program Files\Windows Sidebar
    O43 - CFD: 16/06/2011 - 11:53:44 - [90878326] ----D- C:\Program Files\Common Files\Microsoft Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
    O43 - CFD: 14/07/2009 - 05:20:10 - [619008] ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD: 23/03/2011 - 16:11:58 - [1029064] ----D- C:\Program Files\Common Files\Symantec Shared
    O43 - CFD: 09/12/2010 - 00:53:44 - [13208051] ----D- C:\Program Files\Common Files\System
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
    O43 - CFD: 16/06/2011 - 09:48:18 - [187] ----D- C:\ProgramData\ATI
    O43 - CFD: 09/12/2010 - 01:01:02 - [17156089] ----D- C:\ProgramData\Corel
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
    O43 - CFD: 16/06/2011 - 15:09:12 - [0] ----D- C:\ProgramData\eMule
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
    O43 - CFD: 17/06/2011 - 15:53:52 - [1325137] ----D- C:\ProgramData\Hewlett-Packard
    O43 - CFD: 17/06/2011 - 15:24:16 - [710] ----D- C:\ProgramData\LightScribe
    O43 - CFD: 18/06/2011 - 19:40:44 - [6833566] ----D- C:\ProgramData\Malwarebytes
    O43 - CFD: 17/06/2011 - 16:49:08 - [4156867516] -S--D- C:\ProgramData\Microsoft
    O43 - CFD: 16/06/2011 - 21:47:46 - [233284198] ----D- C:\ProgramData\Norton
    O43 - CFD: 23/03/2011 - 16:10:52 - [561847] ----D- C:\ProgramData\NortonInstaller
    O43 - CFD: 16/06/2011 - 10:32:30 - [0] ----D- C:\ProgramData\PDFC
    O43 - CFD: 23/03/2011 - 16:17:14 - [20524458] ----D- C:\ProgramData\Skype
    O43 - CFD: 09/12/2010 - 01:12:04 - [951] ----D- C:\ProgramData\Sonic
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
    O43 - CFD: 16/06/2011 - 10:18:42 - [104700] ----D- C:\ProgramData\SweetIM
    O43 - CFD: 16/06/2011 - 09:32:04 - [913] ----D- C:\ProgramData\Symantec
    O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
    O43 - CFD: 23/03/2011 - 16:17:02 - [11417628] ----D- C:\ProgramData\Uninstall
    O43 - CFD: 16/06/2011 - 09:30:08 - [28] ----D- C:\ProgramData\WinZip
    O43 - CFD: 09/12/2010 - 01:01:44 - [35356150] ----D- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
    O43 - CFD: 17/06/2011 - 16:21:20 - [36484086] ----D- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
    O43 - CFD: 16/06/2011 - 09:54:30 - [156463] ----D- C:\Users\ICHGAR\AppData\Roaming\Adobe
    O43 - CFD: 16/06/2011 - 09:48:18 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\ATI
    O43 - CFD: 17/06/2011 - 17:14:50 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\CorelHomeOffice
    O43 - CFD: 17/06/2011 - 15:54:36 - [53005] ----D- C:\Users\ICHGAR\AppData\Roaming\Hewlett-Packard
    O43 - CFD: 16/06/2011 - 13:55:40 - [44709] ----D- C:\Users\ICHGAR\AppData\Roaming\hpqLog
    O43 - CFD: 16/06/2011 - 09:46:48 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\Identities
    O43 - CFD: 16/06/2011 - 09:54:34 - [776] ----D- C:\Users\ICHGAR\AppData\Roaming\Macromedia
    O43 - CFD: 18/06/2011 - 19:40:52 - [236071] ----D- C:\Users\ICHGAR\AppData\Roaming\Malwarebytes
    O43 - CFD: 18/06/2011 - 09:09:48 - [1632659] -S--D- C:\Users\ICHGAR\AppData\Roaming\Microsoft
    O43 - CFD: 16/06/2011 - 12:18:22 - [23736560] ----D- C:\Users\ICHGAR\AppData\Roaming\Mozilla
    O43 - CFD: 16/06/2011 - 15:01:00 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Agence-Exclusive
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Application Data
    O43 - CFD: 16/06/2011 - 09:48:18 - [72286] ----D- C:\Users\ICHGAR\Appdata\Local\ATI
    O43 - CFD: 16/06/2011 - 09:47:22 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Broadcom
    O43 - CFD: 16/06/2011 - 11:34:10 - [1991204] ----D- C:\Users\ICHGAR\Appdata\Local\CrashDumps
    O43 - CFD: 16/06/2011 - 10:43:44 - [320431] ----D- C:\Users\ICHGAR\Appdata\Local\ElevatedDiagnostics
    O43 - CFD: 16/06/2011 - 15:28:44 - [75573] ----D- C:\Users\ICHGAR\Appdata\Local\eMule
    O43 - CFD: 16/06/2011 - 09:46:12 - [722869] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard
    O43 - CFD: 16/06/2011 - 09:32:08 - [1764] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard_Company
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Historique
    O43 - CFD: 17/06/2011 - 16:49:08 - [34708576] ----D- C:\Users\ICHGAR\Appdata\Local\Microsoft
    O43 - CFD: 16/06/2011 - 12:18:08 - [109837242] ----D- C:\Users\ICHGAR\Appdata\Local\Mozilla
    O43 - CFD: 16/06/2011 - 09:47:12 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\PDFC
    O43 - CFD: 16/06/2011 - 09:46:08 - [373] ----D- C:\Users\ICHGAR\Appdata\Local\RemEngine
    O43 - CFD: 16/06/2011 - 10:23:24 - [2693] ----D- C:\Users\ICHGAR\Appdata\Local\Roxio
    O43 - CFD: 19/06/2011 - 09:32:36 - [408292] ----D- C:\Users\ICHGAR\Appdata\Local\Temp
    O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Temporary Internet Files
    O43 - CFD: 16/06/2011 - 09:46:28 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\VirtualStore
    O43 - CFD: 16/06/2011 - 12:08:10 - [8192] ----D- C:\Users\ICHGAR\Appdata\Local\Windows Live
    O43 - CFD: 14/07/2009 - 06:54:34 - [14669] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    O43 - CFD: 16/06/2011 - 09:47:02 - [174] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    O43 - CFD: 14/07/2009 - 06:49:40 - [580] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    O43 - CFD: 19/06/2011 - 09:33:24 - [0] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    O43 - CFD: 23/03/2011 - 16:02:40 - [79659861] ----D- C:\Program Files (x86)\ATI Technologies
    O43 - CFD: 09/12/2010 - 01:14:16 - [999384] ----D- C:\Program Files (x86)\Bing Bar Installer
    O43 - CFD: 16/06/2011 - 12:40:46 - [519904485] ----D- C:\Program Files (x86)\Common Files
    O43 - CFD: 09/12/2010 - 01:00:18 - [409860640] ----D- C:\Program Files (x86)\Corel
    O43 - CFD: 17/06/2011 - 16:22:54 - [1053756251] ----D- C:\Program Files (x86)\Hewlett-Packard
    O43 - CFD: 17/06/2011 - 16:33:48 - [18111996] --H-D- C:\Program Files (x86)\InstallShield Installation Information
    O43 - CFD: 17/06/2011 - 15:57:04 - [4750352] ----D- C:\Program Files (x86)\Internet Explorer
    O43 - CFD: 18/06/2011 - 19:40:48 - [7580101] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    O43 - CFD: 09/12/2010 - 01:14:10 - [4167645] ----D- C:\Program Files (x86)\Microsoft
    O43 - CFD: 09/12/2010 - 01:06:12 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
    O43 - CFD: 09/12/2010 - 01:13:46 - [38271979] ----D- C:\Program Files (x86)\Microsoft Silverlight
    O43 - CFD: 16/06/2011 - 11:57:26 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    O43 - CFD: 16/06/2011 - 12:17:54 - [32640745] ----D- C:\Program Files (x86)\Mozilla Firefox
    O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
    O43 - CFD: 09/12/2010 - 01:14:10 - [5416080] ----D- C:\Program Files (x86)\MSN Toolbar
    O43 - CFD: 23/03/2011 - 16:11:28 - [206168849] ----D- C:\Program Files (x86)\Norton Internet Security
    O43 - CFD: 23/03/2011 - 16:10:52 - [27119443] ----D- C:\Program Files (x86)\NortonInstaller
    O43 - CFD: 16/06/2011 - 10:16:50 - [161491] ----D- C:\Program Files (x86)\Object
    O43 - CFD: 16/06/2011 - 09:32:22 - [1237] R---D- C:\Program Files (x86)\Online Services
    O43 - CFD: 09/12/2010 - 00:59:36 - [38012713] ----D- C:\Program Files (x86)\PDF Complete
    O43 - CFD: 23/03/2011 - 16:15:14 - [3265869] ----D- C:\Program Files (x86)\Realtek
    O43 - CFD: 14/07/2009 - 07:32:40 - [44892929] ----D- C:\Program Files (x86)\Reference Assemblies
    O43 - CFD: 09/12/2010 - 01:12:24 - [49381754] ----D- C:\Program Files (x86)\Roxio
    O43 - CFD: 23/03/2011 - 16:17:14 - [30309653] R---D- C:\Program Files (x86)\Skype
    O43 - CFD: 16/06/2011 - 10:18:58 - [8851323] ----D- C:\Program Files (x86)\SweetIM
    O43 - CFD: 16/06/2011 - 09:32:04 - [3473496] ----D- C:\Program Files (x86)\Symantec
    O43 - CFD: 23/03/2011 - 16:12:08 - [665968] ----D- C:\Program Files (x86)\SymSilent
    O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
    O43 - CFD: 09/12/2010 - 00:53:44 - [754176] ----D- C:\Program Files (x86)\Windows Defender
    O43 - CFD: 16/06/2011 - 11:59:32 - [185366642] ----D- C:\Program Files (x86)\Windows Live
    O43 - CFD: 17/06/2011 - 15:57:02 - [8416768] ----D- C:\Program Files (x86)\Windows Mail
    O43 - CFD: 17/06/2011 - 15:56:50 - [5417233] ----D- C:\Program Files (x86)\Windows Media Player
    O43 - CFD: 14/07/2009 - 07:32:40 - [12729012] ----D- C:\Program Files (x86)\Windows NT
    O43 - CFD: 09/12/2010 - 00:53:44 - [4640520] ----D- C:\Program Files (x86)\Windows Photo Viewer
    O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
    O43 - CFD: 16/06/2011 - 09:32:10 - [9725514] ----D- C:\Program Files (x86)\Windows Sidebar
    O43 - CFD: 16/06/2011 - 09:30:06 - [20673124] ----D- C:\Program Files (x86)\WinZip
    O43 - CFD: 19/06/2011 - 09:33:54 - [3907336] ----D- C:\Program Files (x86)\ZHPDiag
    O43 - CFD: 09/12/2010 - 00:58:58 - [2075653] ----D- C:\Program Files (x86)\Common Files\InstallShield
    O43 - CFD: 09/12/2010 - 01:35:32 - [36024838] ----D- C:\Program Files (x86)\Common Files\LightScribe
    O43 - CFD: 16/06/2011 - 11:52:30 - [20950138] ----D- C:\Program Files (x86)\Common Files\microsoft shared
    O43 - CFD: 09/12/2010 - 01:01:02 - [1653312] ----D- C:\Program Files (x86)\Common Files\Protexis
    O43 - CFD: 09/12/2010 - 01:11:58 - [4546384] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
    O43 - CFD: 09/12/2010 - 01:12:26 - [112878078] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
    O43 - CFD: 23/03/2011 - 16:17:14 - [2135336] ----D- C:\Program Files (x86)\Common Files\Skype
    O43 - CFD: 09/12/2010 - 01:12:00 - [1461415] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
    O43 - CFD: 14/07/2009 - 05:20:10 - [41114023] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
    O43 - CFD: 09/12/2010 - 01:12:18 - [732768] ----D- C:\Program Files (x86)\Common Files\SureThing Shared
    O43 - CFD: 16/06/2011 - 12:40:46 - [618784] ----D- C:\Program Files (x86)\Common Files\Symantec Shared
    O43 - CFD: 09/12/2010 - 00:53:44 - [11336691] ----D- C:\Program Files (x86)\Common Files\System
    O43 - CFD: 16/06/2011 - 11:41:56 - [284374363] ----D- C:\Program Files (x86)\Common Files\Windows Live

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.8CEE1800FEFFFFFF57494E444F577E31] - 19/06/2011 - 08:21:12 ---A- . (...) -- C:\windows\WindowsUpdate.log [1321681]
    O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19760]
    O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19760]
    O44 - LFC:[MD5.63DFDF42EC36AE5C69B091D4A8DD1BC7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\PerfStringBackup.INI [3894956]
    O44 - LFC:[MD5.461CAA83AF49500E1ED6088AAB897A1A] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc007.dat [125928]
    O44 - LFC:[MD5.C6F145E3793460A56028E54B6A084431] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc009.dat [103568]
    O44 - LFC:[MD5.0D4607DA081946EDD91C2D0431E232BD] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc00C.dat [127684]
    O44 - LFC:[MD5.B8D7469CF54913A7D19F638E9D1A675C] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc010.dat [124006]
    O44 - LFC:[MD5.3D34624AA7A7E32E57756ABF10BE78D1] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc013.dat [129608]
    O44 - LFC:[MD5.AF93E375869701AC67C048154BEA3EDA] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh007.dat [633536]
    O44 - LFC:[MD5.08CE9D1E38ABB5E24C9B53ABFE5D454F] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh009.dat [607190]
    O44 - LFC:[MD5.8062FB9A9A3B257B1DA8122828C5823E] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh00C.dat [695004]
    O44 - LFC:[MD5.C8DEADCFC5C1E395671A76C79C97D944] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh010.dat [680010]
    O44 - LFC:[MD5.ABBDB6F2D30D8C6C402E50F2DED019A7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh013.dat [681356]
    O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 19/06/2011 - 07:28:51 ---A- . (...) -- C:\windows\setupact.log [168]
    O44 - LFC:[MD5.AFCE08BA276A319F4E353EE76AAF1777] - 19/06/2011 - 07:28:49 -S-A- . (...) -- C:\windows\bootstat.dat [67584]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/06/2011 - 18:51:59 ---A- . (...) -- C:\windows\setuperr.log [0]
    O44 - LFC:[MD5.7D782C3CAB62F19C39A1B3870C5D3DFE] - 17/06/2011 - 15:00:11 ---A- . (...) -- C:\windows\SysNative\FNTCACHE.DAT [276216]
    O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\SysNative\atmlib.dll [46080]
    O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\System32\atmlib.dll [34304]
    O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\SysNative\atmfd.dll [367104]
    O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\System32\atmfd.dll [294912]
    O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\SysNative\license.rtf [53560]
    O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\System32\license.rtf [53560]
    O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/06/2011 - 08:29:47 RSHA- . (...) -- C:\windows\System32\drivers\103C_HP_bNB_625_Y5336AN_0U_Q5CG1120NX2_EPO647283-B2A_4A_I1475_SHP_V72.0E_68DVA F.06_T101207_WU3-0_L40C_M1789_J250_7AMD_8F63_92.40_#10120

    ---\\ Contrôle du Safe Boot (CSB) (O49)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\Drivers\ipnat.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\windows\System32\Drivers\nsiproxy.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\windows\System32\Drivers\rdpencdd.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)

    ---\\ Trojan Driver Search Data (HKLM) (O52)
    O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
    O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

    ---\\ ShareTools MSconfig StartupReg (O53)
    O53 - SMSR:HKLM\...\startupreg\PDF Complete [Key] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe

    ---\\ Microsoft Control Security Providers (O54)
    O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
    O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll

    ---\\ Microsoft Windows Policies System (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
    O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
    O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
    O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

    ---\\ Microsoft Windows Policies Explorer (O56)
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
    O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

    ---\\ Liste des Drivers Système (O58)
    O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [491088]
    O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [339536]
    O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\windows\system32\drivers\adpu320.sys [182864]
    O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [15440]
    O58 - SDL:[MD5.AB3166C09438A161FBDE13099A72E0AF] - 12/05/2010 - 09:37:32 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [107912]
    O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\windows\system32\drivers\amdsbs.sys [194128]
    O58 - SDL:[MD5.5118DCD2065D8C8D752AD5EC0B2D6AA6]
    0
  8. CLAUDIUS52
     
    voici le lien:

    http://www.cijoint.fr/cjlink.php?file=cj201106/cijE4GPBZm.txt
    0
  9. Utilisateur anonyme
     
    est ce que tu connais ce domaine ?

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
    O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net


    télécharge et enregistre ce fichier sur ton bureau ;
    http://www.cijoint.fr/cjlink.php?file=cj201106/cijuLkl5AH.txt

    * Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)

    fais un glisser/ Déposer du fichier dans la fenêtre de zhpfix.

    - Clique sur le bouton « GO » pour lancer le nettoyage,
    - Copie/colle la totalité du rapport dans ta prochaine réponse
    Tuto :

    http://www.premiumorange.com/zeb-help-process/zhpfix.html
    0
  10. CLAUDIUS52
     
    Bjr

    j'ai eu un problème,avec mon ordinateur portable, n'avez plus de connexion,je ne sait pas ce qui sait passé,il a valut que je restaure a une date ultérieur,car je n'arrivais plus a me connecte, l'adaptateur sans fil était désactivé,je ne sais pas si ses suite a une mauvaise manoeuvre.
    0
  11. CLAUDIUS52
     
    Bsr

    faut il que je refasse un scan avec Malwarebyte
    0
  12. Utilisateur anonyme
     
    non, passse d'abord un log de zhpdiag, on verra ce qui est revenu !

    0
  13. CLAUDIUS52
     
    voici le scan ZHPDiag:

    http://www.cijoint.fr/cjlink.php?file=cj201106/cij5MbP0M5.txt
    0
  14. Utilisateur anonyme
     
    toutes les infections sont de retours !!

    * Télécharge de AD-Remover sur ton Bureau. (Merci à l'équipe TeamXscript)
    http://www.teamxscript.org/adremoverTelechargement.html
    ( Lien officiel )

    https://www.androidworld.fr/
    ( Miroir )
    /!\ Ferme toutes applications en cours /!\

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « Nettoyer »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    0
  15. CLAUDIUS52 Messages postés 22 Statut Membre
     
    Bjr
    voici le rapport du scan de AD-R:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:57:03 le 21/06/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
    ICHGAR@ICHGAR-HP (Hewlett-Packard HP 625)

    ============== ACTION(S) ==============

    Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\PCtuto
    Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\Agence-Exclusive
    Dossier supprimé: C:\Users\ICHGAR\AppData\Local\Agence-Exclusive
    Dossier supprimé: C:\Program Files (x86)\Agence-Exclusive
    Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
    Dossier supprimé: C:\Program Files (x86)\PCTuto

    (!) -- Fichiers temporaires supprimés.

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
    HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
    HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

    -- C:\Users\ICHGAR\AppData\Roaming\Mozilla\FireFox\Profiles\zpzlq1zm.default --
    Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)
    Prefs.js - browser.startup.homepage, hxxp://gmx.fr/logout.html
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

    ========================================

    **** Internet Explorer Version [8.0.7601.17514] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
    HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll)
    HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\windows\system32\TSWbPrxy.exe (x)
    HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
    HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Send To Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} - "Facetheme" (C:\Program Files (x86)\Object\bho_project.dll)
    BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 22 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 21/06/2011 08:58:08 (4808 Octet(s))

    Fin à: 08:59:02, 21/06/2011

    ============== E.O.F ==============
    0
  16. CLAUDIUS52 Messages postés 22 Statut Membre
     
    pourquoi j'ai le message(titre non renseigné en rouge)
    0
  17. Utilisateur anonyme
     
    ignore le message en rouge :-)

    relance ADR, clique sur désinstaller,

    Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ou ici :
    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

    /!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Une fois la mise à jour terminé
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . Tu cliques droit dans le cadre de la réponse et coller
    . À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  • 1
  • 2