Trojean.Eorezo

Résolu
boulba -  
 Utilisateur anonyme -
Bonjour,



<co
nfig>Windows 7 / Firefox 4.0.1</config>

Bsr

je suis infecté,par un trojean Eorezo,j'ai fait un scan avec Malwarebytes,vous envoie le resultas du scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6888

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/06/2011 19:45:35
mbam-log-2011-06-18 (19-45-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 158729
Temps écoulé: 2 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files (x86)\agence-exclusive\pctutobho.dll (Trojan.Eorezo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6888

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/06/2011 19:45:35
mbam-log-2011-06-18 (19-45-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 158729
Temps écoulé: 2 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files (x86)\agence-exclusive\pctutobho.dll (Trojan.Eorezo) -> Quarantined and deleted successfully.

40 réponses

  • 1
  • 2
Réponse 1 / 40
Utilisateur anonyme
 
bonsoir,

relance MBAM, vide sa quarantaine,

* Télécharge de AD-Remover sur ton Bureau. (Merci à l'équipe TeamXscript)
http://www.teamxscript.org/adremoverTelechargement.html
( Lien officiel )

https://www.androidworld.fr/
( Miroir )
/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

0
Réponse 2 / 40
boulba
 
voici le scan de AD-R

; Fichier de configuration des langues d'Ad-Remover (C_XX)
; Ne pas éditer ce fichier sous peine d'entrainer un dysfonctionnement d'Ad-Remover.

; GUI

[FR]

_MenuHelp=?
_MenuHelpAbout=À propos
_MenuHelpWebSite=Visiter le site web
_MenuTools=Outils
_MenuToolsQua=Gestion de la quarantaine
_MenuToolsCtb=Gérer les barres d'outils

Gui_ActionScan=Option: Scan
Gui_ActionClean=Option: Nettoyage
Gui_Button1_txt=Scanner
Gui_Button2_txt=Nettoyer
Gui_Button3_txt=Désinstaller
Gui_Button4_txt=Quitter
Gui_ButtonG_txt=Choix
Gui_TimeSpendTxt=Temps écoulé:

; Boites de dialogue

_BeginCleaning=Ad-Remover va commencer le nettoyage, laissez-le procèder. Veuillez noter qu'à la fin du nettoyage, certains de vos paramètres d'Internet Explorer seront réinitialisés. @CRLF@ @CRLF@ Cliquez sur OK pour amorcer la phase de nettoyage
_BeginCleaning_Title=REDEMARRAGE
_MissingComponents=ERREUR !--Un ou plusieurs composant(s) est/sont manquant(s) ! @CRLF@ @CRLF@ La réinstallation du programme peut corriger le problème. @CRLF@ @CRLF@ Composant(s) manquant(s):
_MsgBoxConfirm=Confirmez-vous votre action?
_NonRecognizedOS=Votre système d'exploitation n'a pas été reconnu par Ad-Remover. @CRLF@ @CRLF@ Voulez-vous cependant continuer ? ( Cela n'est pas sans risques ! )
_NonRecognizedOS_Title=... Système d'exploitation non reconnu !!!
_OptionalReboot=Il serait préférable de redémarrer la machine pour finaliser le nettoyage. @CRLF@Voulez-vous redémarrer ? ( Recommandé ) @CRLF@ @CRLF@Le rapport est situé ici:
_OptionalReboot_Title=Redémarrage optionnel
_ProcessesInformation=Ad-Remover va fermer tous les programmes afin de faciliter le nettoyage

; Entête rapport

_Header1=RAPPORT D'$_NAME$ $_VER$ | UNIQUEMENT XP/VISTA/7
_Header2=Mis à jour par $_AUTHOR$ le $_UPDATE_DATE$
_Header3=Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
_Header4=Site web: http://www.teamxscript.org
_Header5=Lancé à @HOUR@:@MIN@:@SEC@ le @MDAY@/@MON@/@YEAR@
_NormalBootMode=Mode normal
_ProfileName=Nom du profil:
_SafeBootMode=Mode sans echec

; Descriptions éléments

ServiceFound=Présent
ServiceDeleted=Stoppé et supprimé
ServiceNotDeleted=Erreur de suppression
FileFound=Fichier trouvé:
FileDeleted=Fichier supprimé:
FileNotDeleted=Erreur suppression fichier:
FolderFound=Dossier trouvé:
FolderDeleted=Dossier supprimé:
FolderNotDeleted=Erreur suppression dossier:
RegKeyFound=Clé trouvée:
RegKeyDeleted=Clé supprimée:
RegKeyNotDeleted=Erreur suppression clé:
RegValueFound=Valeur trouvée:
RegValueDeleted=Valeur supprimée:
RegValueNotDeleted=Erreur suppression valeur:

; Divers

_Actions=Action(s)
_Byte=Octet(s)
_CannotCleanJsFile=/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
_CannotGetVersion=Impossible d'obtenir la version
_Enabled=Activé
_EndAt=Fin à:
_ExtraScan=Scan additionnel
_File=Fichier(s)
_FileOpened=Fichier ouvert
_FileClosed=Fichier Fermé
_Folder=Dossier(s)
_FFLineFound=Ligne trouvée
_FFLineDeleted=Ligne supprimée
_Research=Recherche
_TempFileDeleted=Fichiers temporaires supprimés.
0
Réponse 3 / 40
Utilisateur anonyme
 
bonjour,
ceci ne ressemble pas du tout au rapport d'ADR !

regarde le tuto ici :

http://www.teamxscript.org/adremoverNettoyage.html
0
Réponse 4 / 40
CLAUDIUS52 Messages postés 22 Statut Membre
 
Bjr

jme suis trompé sur l'envoi du scan AD_R voici le bon:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:32:04 le 18/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
ICHGAR@ICHGAR-HP (Hewlett-Packard HP 625)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\PCtuto
Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\Agence-Exclusive
Erreur suppression dossier: C:\Users\ICHGAR\AppData\Local\Agence-Exclusive
Dossier supprimé: C:\Program Files (x86)\Agence-Exclusive
Dossier supprimé: C:\Users\ICHGAR\AppData\Local\PCTuto
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Dossier supprimé: C:\Program Files (x86)\PCTuto

(!) -- Fichiers temporaires supprimés.



Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

-- C:\Users\ICHGAR\AppData\Roaming\Mozilla\FireFox\Profiles\zpzlq1zm.default --
Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)
Prefs.js - browser.startup.homepage, hxxp://gmx.fr/logout.html
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Send To Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} - "Facetheme" (C:\Program Files (x86)\Object\bho_project.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 39 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 18/06/2011 22:34:10 (4860 Octet(s))

Fin à: 22:35:04, 18/06/2011

============== E.O.F ==============
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
Utilisateur anonyme
 
relance ADR, clique sur désinstaller,


redemarre ton pc si ce n'est pas déjà fait,


* Télécharge ZHPDiag sur ton bureau :


https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://dl.free.fr
ou :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.terafiles.net/


tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
0
Réponse 6 / 40
CLAUDIUS52
 
Voici le rapport de ZHDiag:

Rapport de ZHPDiag v1.27.232 par Nicolas Coolman, Update du 18/06/2011
Run by ICHGAR at 19/06/2011 09:33:39
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 4.0.1 v (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 178 GB (82%) free of 216 GB

---\\ Logged in mode
Computer Name: ICHGAR-HP
User Name: ICHGAR
All Users Names: ICHGAR, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\ICHGAR\AppData\Roaming
%LocalAppData%=C:\Users\ICHGAR\AppData\Local
%StartMenu%=C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 216 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\windows\system32\Wininit.exe [96256]
[MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/04/2011 20:31:50.) -- C:\windows\system32\wininet.dll [981504]



---\\ Processus lancés
[MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
[MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992]
[MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008]
[MD5.9EB504E566BA99D7477BF923276FDA30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [659968]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\ICHGAR\AppData\Roaming\Mozilla\Firefox\Profiles\zpzlq1zm.default\prefs.js
M0 - MFSP: prefs.js [ICHGAR - zpzlq1zm.default] http://gmx.fr/logout.html
M2 - MFEP: prefs.js [ICHGAR - zpzlq1zm.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.4 (.Dave Garrett.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com
R0 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 1, 0, 3) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dl
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Symantec NCO BHO [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention [64Bits] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BHO Project [64Bits] - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: C:\windows\system32\Alg.exe (AMD External Events Utility) - Clé orpheline
O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (HP Wireless Assistant Service) . (.Hewlett-Packard - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: (hpHotkeyMonitor) . (.Hewlett-Packard Company - hpHotkeyMonitor Service.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: (hpqwmiex) . (.Hewlett-Packard Company - hpqwmiex Module.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: (pdfcDispatcher) . (.PDF Complete Inc - Dispatcher.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: (stllssvr) . (.MicroVision Development, Inc. - SureThing Labelflash Disc Printer Service M.) - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\windows\Tasks\HPCeeScheduleForICHGAR.job
[MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForICHGAR] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
[MD5.34652E72A4AABE339E88490E48E12076] [APT] [InternetServiceOffers] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.34652E72A4AABE339E88490E48E12076] [APT] [Registration] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.986154FBD7AB1EB10AF2DAC0BC2D2E3E] [APT] [First Boot] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Analyzer 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Processor 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: (BHDrvx64) . (.Symantec Corporation - BASH Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\windows\System32\drivers\discache.sys
O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
O41 - Driver: (IDSVia64) . (.Symantec Corporation - IDS Core Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\windows\System32\drivers\rdprefmp.sys
O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.sys
O41 - Driver: (SymIRON) . (.Symantec Corporation - Iron Driver.) - C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.sys
O41 - Driver: (SymNetS) . (.Symantec Corporation - Network Security Driver.) - C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\windows\System32\DRIVERS\wfplwf.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {560932B5-8702-7FB8-01AE-265EA44FAEEB}
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {08234a0d-cf39-4dca-99f0-0c5cb496da81}
O42 - Logiciel: Bing Bar Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {54B29835-EF99-41D2-9104-F159DE62F165}
O42 - Logiciel: Bing Rewards Client Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
O42 - Logiciel: Broadcom 2070 Bluetooth 3.0 - (.Broadcom Corporation.) [HKLM] -- {436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {16CA9DAC-6A40-4204-A826-33C4D52A266C}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- _{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {E684A226-D7B1-4B14-9778-44AD48A654F0}
O42 - Logiciel: Corel Home Office - CS Templates - (.????.) [HKLM][64Bits] -- {1A1E33D2-9824-454A-B8CB-50072118635A}
O42 - Logiciel: Corel Home Office - CT Templates - (.??????.) [HKLM][64Bits] -- {26D19512-874B-4EDA-B7F1-779850B2AD5A}
O42 - Logiciel: Corel Home Office - IPM - (.Corel Corporation.) [HKLM][64Bits] -- {0B2187A6-8ACC-4012-9817-9221211EF407}
O42 - Logiciel: Corel Home Office - JP Templates - (.???.) [HKLM][64Bits] -- {1D11E96F-0405-4B99-8356-5750B1D9FAE9}
O42 - Logiciel: Corel Home Office - KR Templates - (.???.) [HKLM][64Bits] -- {5746E4F9-77C6-47E8-A737-A5975A57B4AA}
O42 - Logiciel: Corel Home Office - Launcher - (.Corel Corporation.) [HKLM][64Bits] -- {E74EA3B1-7192-489D-9A57-0AE918FEC001}
O42 - Logiciel: Corel Home Office - Templates RU - (.???????? ???????????.) [HKLM][64Bits] -- {F45048A1-12C4-4B08-A3EB-32D88033368A}
O42 - Logiciel: Corel Home Office - Templates1 - (.Your Company Name.) [HKLM][64Bits] -- {5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Energy Star Digital Logo - (.Hewlett-Packard.) [HKLM][64Bits] -- {BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {F097D8DF-B207-4EA1-91A4-A21B8425F9B4}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {D9989A13-B173-4048-B8A5-93C204DCB1B3}
O42 - Logiciel: HP HotKey Support - (.Hewlett-Packard Company.) [HKLM] -- {4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}
O42 - Logiciel: HP SoftPaq Download Manager - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {2DA697D7-FED3-4DE2-A174-92A2A12F9688}
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {9CD3BB19-993E-469D-9E1F-B57A175C1411}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {04801E42-B1A6-4C52-9F3D-CADB5A050433}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E92D47A1-D27D-430A-8368-0BAFD956507D}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM][64Bits] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM][64Bits] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM][64Bits] -- {6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {06E6E30D-B498-442F-A943-07DE41D7F785}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM][64Bits] -- NIS
O42 - Logiciel: Norton Online Backup - (.Symantec.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto Avast_is1
O42 - Logiciel: PDF Complete Special Edition - (.PDF Complete, Inc.) [HKLM][64Bits] -- PDF Complete
O42 - Logiciel: PcTuto 1.1 - (.Agence-Exclusive.) [HKLM][64Bits] -- PcTuto_is1
O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM][64Bits] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM][64Bits] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM][64Bits] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM][64Bits] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM][64Bits] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM][64Bits] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM][64Bits] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM][64Bits] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Tuto Emule1.0.0.0 - (.PCTuto.) [HKLM][64Bits] -- Tuto Emule_is1
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1
O42 - Logiciel: WinZip 14.5 - (.WinZip Computing, S.L. .) [HKLM][64Bits] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {5BF8E079-D6E2-4323-B794-75152371122A}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {05E379CC-F626-4E7D-8354-463865B303BF}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM][64Bits] -- eMule

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\Ability 5.0]
[HKCU\Software\Agence-Exclusive]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IDT]
[HKCU\Software\LightScribe]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\Norton]
[HKCU\Software\PCTuto]
[HKCU\Software\PDFComplete]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SweetIM]
[HKCU\Software\Synaptics]
[HKCU\Software\Trolltech]
[HKCU\Software\Widcomm]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Wow6432Node]
[HKCU\Software\eMule]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Ability 5.0]
[HKLM\Software\Agence-Exclusive]
[HKLM\Software\BcmSetup]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Corel Calculate]
[HKLM\Software\Corel Show]
[HKLM\Software\Corel Write]
[HKLM\Software\Corel]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard Company]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\PCTuto]
[HKLM\Software\PDFComplete]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\SweetIM]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/03/2011 - 16:01:24 - [23278207] ----D- C:\Program Files\ATI
O43 - CFD: 23/03/2011 - 16:09:12 - [12605859] ----D- C:\Program Files\Broadcom
O43 - CFD: 17/06/2011 - 16:58:10 - [7422296] ----D- C:\Program Files\CCleaner
O43 - CFD: 23/03/2011 - 16:11:56 - [105737151] ----D- C:\Program Files\Common Files
O43 - CFD: 09/12/2010 - 00:53:44 - [90566676] ----D- C:\Program Files\DVD Maker
O43 - CFD: 23/03/2011 - 16:17:00 - [12339231] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 23/03/2011 - 16:12:50 - [38085244] ----D- C:\Program Files\IDT
O43 - CFD: 17/06/2011 - 15:57:04 - [5447692] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 27/07/2009 - 16:27:32 - [151776306] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 07:32:40 - [42549417] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 16/06/2011 - 22:09:18 - [0] ----D- C:\Program Files\Symantec
O43 - CFD: 09/12/2010 - 01:12:50 - [31755783] ----D- C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 23/03/2011 - 16:06:58 - [184921240] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 09/12/2010 - 00:53:44 - [4476928] ----D- C:\Program Files\Windows Defender
O43 - CFD: 09/12/2010 - 00:53:44 - [9688696] ----D- C:\Program Files\Windows Journal
O43 - CFD: 16/06/2011 - 11:54:24 - [7987385] ----D- C:\Program Files\Windows Live
O43 - CFD: 17/06/2011 - 15:57:02 - [8903168] ----D- C:\Program Files\Windows Mail
O43 - CFD: 17/06/2011 - 15:56:50 - [8274861] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [13158580] ----D- C:\Program Files\Windows NT
O43 - CFD: 09/12/2010 - 00:53:44 - [5739288] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 16/06/2011 - 09:32:10 - [11112863] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 16/06/2011 - 11:53:44 - [90878326] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [619008] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/03/2011 - 16:11:58 - [1029064] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 09/12/2010 - 00:53:44 - [13208051] ----D- C:\Program Files\Common Files\System
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 16/06/2011 - 09:48:18 - [187] ----D- C:\ProgramData\ATI
O43 - CFD: 09/12/2010 - 01:01:02 - [17156089] ----D- C:\ProgramData\Corel
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 16/06/2011 - 15:09:12 - [0] ----D- C:\ProgramData\eMule
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 17/06/2011 - 15:53:52 - [1325137] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 17/06/2011 - 15:24:16 - [710] ----D- C:\ProgramData\LightScribe
O43 - CFD: 18/06/2011 - 19:40:44 - [6833566] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 17/06/2011 - 16:49:08 - [4156867516] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 16/06/2011 - 21:47:46 - [233284198] ----D- C:\ProgramData\Norton
O43 - CFD: 23/03/2011 - 16:10:52 - [561847] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 16/06/2011 - 10:32:30 - [0] ----D- C:\ProgramData\PDFC
O43 - CFD: 23/03/2011 - 16:17:14 - [20524458] ----D- C:\ProgramData\Skype
O43 - CFD: 09/12/2010 - 01:12:04 - [951] ----D- C:\ProgramData\Sonic
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 16/06/2011 - 10:18:42 - [104700] ----D- C:\ProgramData\SweetIM
O43 - CFD: 16/06/2011 - 09:32:04 - [913] ----D- C:\ProgramData\Symantec
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 23/03/2011 - 16:17:02 - [11417628] ----D- C:\ProgramData\Uninstall
O43 - CFD: 16/06/2011 - 09:30:08 - [28] ----D- C:\ProgramData\WinZip
O43 - CFD: 09/12/2010 - 01:01:44 - [35356150] ----D- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
O43 - CFD: 17/06/2011 - 16:21:20 - [36484086] ----D- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
O43 - CFD: 16/06/2011 - 09:54:30 - [156463] ----D- C:\Users\ICHGAR\AppData\Roaming\Adobe
O43 - CFD: 16/06/2011 - 09:48:18 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\ATI
O43 - CFD: 17/06/2011 - 17:14:50 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\CorelHomeOffice
O43 - CFD: 17/06/2011 - 15:54:36 - [53005] ----D- C:\Users\ICHGAR\AppData\Roaming\Hewlett-Packard
O43 - CFD: 16/06/2011 - 13:55:40 - [44709] ----D- C:\Users\ICHGAR\AppData\Roaming\hpqLog
O43 - CFD: 16/06/2011 - 09:46:48 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\Identities
O43 - CFD: 16/06/2011 - 09:54:34 - [776] ----D- C:\Users\ICHGAR\AppData\Roaming\Macromedia
O43 - CFD: 18/06/2011 - 19:40:52 - [236071] ----D- C:\Users\ICHGAR\AppData\Roaming\Malwarebytes
O43 - CFD: 18/06/2011 - 09:09:48 - [1632659] -S--D- C:\Users\ICHGAR\AppData\Roaming\Microsoft
O43 - CFD: 16/06/2011 - 12:18:22 - [23736560] ----D- C:\Users\ICHGAR\AppData\Roaming\Mozilla
O43 - CFD: 16/06/2011 - 15:01:00 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Agence-Exclusive
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Application Data
O43 - CFD: 16/06/2011 - 09:48:18 - [72286] ----D- C:\Users\ICHGAR\Appdata\Local\ATI
O43 - CFD: 16/06/2011 - 09:47:22 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Broadcom
O43 - CFD: 16/06/2011 - 11:34:10 - [1991204] ----D- C:\Users\ICHGAR\Appdata\Local\CrashDumps
O43 - CFD: 16/06/2011 - 10:43:44 - [320431] ----D- C:\Users\ICHGAR\Appdata\Local\ElevatedDiagnostics
O43 - CFD: 16/06/2011 - 15:28:44 - [75573] ----D- C:\Users\ICHGAR\Appdata\Local\eMule
O43 - CFD: 16/06/2011 - 09:46:12 - [722869] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard
O43 - CFD: 16/06/2011 - 09:32:08 - [1764] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard_Company
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Historique
O43 - CFD: 17/06/2011 - 16:49:08 - [34708576] ----D- C:\Users\ICHGAR\Appdata\Local\Microsoft
O43 - CFD: 16/06/2011 - 12:18:08 - [109837242] ----D- C:\Users\ICHGAR\Appdata\Local\Mozilla
O43 - CFD: 16/06/2011 - 09:47:12 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\PDFC
O43 - CFD: 16/06/2011 - 09:46:08 - [373] ----D- C:\Users\ICHGAR\Appdata\Local\RemEngine
O43 - CFD: 16/06/2011 - 10:23:24 - [2693] ----D- C:\Users\ICHGAR\Appdata\Local\Roxio
O43 - CFD: 19/06/2011 - 09:32:36 - [408292] ----D- C:\Users\ICHGAR\Appdata\Local\Temp
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Temporary Internet Files
O43 - CFD: 16/06/2011 - 09:46:28 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\VirtualStore
O43 - CFD: 16/06/2011 - 12:08:10 - [8192] ----D- C:\Users\ICHGAR\Appdata\Local\Windows Live
O43 - CFD: 14/07/2009 - 06:54:34 - [14669] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 16/06/2011 - 09:47:02 - [174] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/07/2009 - 06:49:40 - [580] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 19/06/2011 - 09:33:24 - [0] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 23/03/2011 - 16:02:40 - [79659861] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 09/12/2010 - 01:14:16 - [999384] ----D- C:\Program Files (x86)\Bing Bar Installer
O43 - CFD: 16/06/2011 - 12:40:46 - [519904485] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 09/12/2010 - 01:00:18 - [409860640] ----D- C:\Program Files (x86)\Corel
O43 - CFD: 17/06/2011 - 16:22:54 - [1053756251] ----D- C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 17/06/2011 - 16:33:48 - [18111996] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 17/06/2011 - 15:57:04 - [4750352] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 18/06/2011 - 19:40:48 - [7580101] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 09/12/2010 - 01:14:10 - [4167645] ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 09/12/2010 - 01:06:12 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 09/12/2010 - 01:13:46 - [38271979] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 16/06/2011 - 11:57:26 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 16/06/2011 - 12:17:54 - [32640745] ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 09/12/2010 - 01:14:10 - [5416080] ----D- C:\Program Files (x86)\MSN Toolbar
O43 - CFD: 23/03/2011 - 16:11:28 - [206168849] ----D- C:\Program Files (x86)\Norton Internet Security
O43 - CFD: 23/03/2011 - 16:10:52 - [27119443] ----D- C:\Program Files (x86)\NortonInstaller
O43 - CFD: 16/06/2011 - 10:16:50 - [161491] ----D- C:\Program Files (x86)\Object
O43 - CFD: 16/06/2011 - 09:32:22 - [1237] R---D- C:\Program Files (x86)\Online Services
O43 - CFD: 09/12/2010 - 00:59:36 - [38012713] ----D- C:\Program Files (x86)\PDF Complete
O43 - CFD: 23/03/2011 - 16:15:14 - [3265869] ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [44892929] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 09/12/2010 - 01:12:24 - [49381754] ----D- C:\Program Files (x86)\Roxio
O43 - CFD: 23/03/2011 - 16:17:14 - [30309653] R---D- C:\Program Files (x86)\Skype
O43 - CFD: 16/06/2011 - 10:18:58 - [8851323] ----D- C:\Program Files (x86)\SweetIM
O43 - CFD: 16/06/2011 - 09:32:04 - [3473496] ----D- C:\Program Files (x86)\Symantec
O43 - CFD: 23/03/2011 - 16:12:08 - [665968] ----D- C:\Program Files (x86)\SymSilent
O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 09/12/2010 - 00:53:44 - [754176] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 16/06/2011 - 11:59:32 - [185366642] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 17/06/2011 - 15:57:02 - [8416768] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 17/06/2011 - 15:56:50 - [5417233] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [12729012] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 09/12/2010 - 00:53:44 - [4640520] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 16/06/2011 - 09:32:10 - [9725514] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 16/06/2011 - 09:30:06 - [20673124] ----D- C:\Program Files (x86)\WinZip
O43 - CFD: 19/06/2011 - 09:33:54 - [3907336] ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 09/12/2010 - 00:58:58 - [2075653] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 09/12/2010 - 01:35:32 - [36024838] ----D- C:\Program Files (x86)\Common Files\LightScribe
O43 - CFD: 16/06/2011 - 11:52:30 - [20950138] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 09/12/2010 - 01:01:02 - [1653312] ----D- C:\Program Files (x86)\Common Files\Protexis
O43 - CFD: 09/12/2010 - 01:11:58 - [4546384] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 09/12/2010 - 01:12:26 - [112878078] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 23/03/2011 - 16:17:14 - [2135336] ----D- C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 09/12/2010 - 01:12:00 - [1461415] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [41114023] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 09/12/2010 - 01:12:18 - [732768] ----D- C:\Program Files (x86)\Common Files\SureThing Shared
O43 - CFD: 16/06/2011 - 12:40:46 - [618784] ----D- C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 09/12/2010 - 00:53:44 - [11336691] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 16/06/2011 - 11:41:56 - [284374363] ----D- C:\Program Files (x86)\Common Files\Windows Live



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8CEE1800FEFFFFFF57494E444F577E31] - 19/06/2011 - 08:21:12 ---A- . (...) -- C:\windows\WindowsUpdate.log [1321681]
O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19760]
O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19760]
O44 - LFC:[MD5.63DFDF42EC36AE5C69B091D4A8DD1BC7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\PerfStringBackup.INI [3894956]
O44 - LFC:[MD5.461CAA83AF49500E1ED6088AAB897A1A] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc007.dat [125928]
O44 - LFC:[MD5.C6F145E3793460A56028E54B6A084431] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc009.dat [103568]
O44 - LFC:[MD5.0D4607DA081946EDD91C2D0431E232BD] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc00C.dat [127684]
O44 - LFC:[MD5.B8D7469CF54913A7D19F638E9D1A675C] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc010.dat [124006]
O44 - LFC:[MD5.3D34624AA7A7E32E57756ABF10BE78D1] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc013.dat [129608]
O44 - LFC:[MD5.AF93E375869701AC67C048154BEA3EDA] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh007.dat [633536]
O44 - LFC:[MD5.08CE9D1E38ABB5E24C9B53ABFE5D454F] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh009.dat [607190]
O44 - LFC:[MD5.8062FB9A9A3B257B1DA8122828C5823E] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh00C.dat [695004]
O44 - LFC:[MD5.C8DEADCFC5C1E395671A76C79C97D944] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh010.dat [680010]
O44 - LFC:[MD5.ABBDB6F2D30D8C6C402E50F2DED019A7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh013.dat [681356]
O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 19/06/2011 - 07:28:51 ---A- . (...) -- C:\windows\setupact.log [168]
O44 - LFC:[MD5.AFCE08BA276A319F4E353EE76AAF1777] - 19/06/2011 - 07:28:49 -S-A- . (...) -- C:\windows\bootstat.dat [67584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/06/2011 - 18:51:59 ---A- . (...) -- C:\windows\setuperr.log [0]
O44 - LFC:[MD5.7D782C3CAB62F19C39A1B3870C5D3DFE] - 17/06/2011 - 15:00:11 ---A- . (...) -- C:\windows\SysNative\FNTCACHE.DAT [276216]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\SysNative\atmfd.dll [367104]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\System32\atmfd.dll [294912]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\SysNative\license.rtf [53560]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\System32\license.rtf [53560]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/06/2011 - 08:29:47 RSHA- . (...) -- C:\windows\System32\drivers\103C_HP_bNB_625_Y5336AN_0U_Q5CG1120NX2_EPO647283-B2A_4A_I1475_SHP_V72.0E_68DVA F.06_T101207_WU3-0_L40C_M1789_J250_7AMD_8F63_92.40_#10120



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\Drivers\ipnat.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\windows\System32\Drivers\nsiproxy.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\PDF Complete [Key] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.AB3166C09438A161FBDE13099A72E0AF] - 12/05/2010 - 09:37:32 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [107912]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.5118DCD2065D8C8D752AD5E
0
Réponse 7 / 40
Utilisateur anonyme
 
le rapport est incomplet !

* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://dl.free.fr
ou :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.terafiles.net/


0
Réponse 8 / 40
CLAUDIUS52
 
voici le rapport:

Rapport de ZHPDiag v1.27.232 par Nicolas Coolman, Update du 18/06/2011
Run by ICHGAR at 19/06/2011 09:33:39
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 4.0.1 v (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 178 GB (82%) free of 216 GB

---\\ Logged in mode
Computer Name: ICHGAR-HP
User Name: ICHGAR
All Users Names: ICHGAR, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\ICHGAR\AppData\Roaming
%LocalAppData%=C:\Users\ICHGAR\AppData\Local
%StartMenu%=C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 216 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\windows\system32\Wininit.exe [96256]
[MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/04/2011 20:31:50.) -- C:\windows\system32\wininet.dll [981504]



---\\ Processus lancés
[MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
[MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992]
[MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008]
[MD5.9EB504E566BA99D7477BF923276FDA30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [659968]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\ICHGAR\AppData\Roaming\Mozilla\Firefox\Profiles\zpzlq1zm.default\prefs.js
M0 - MFSP: prefs.js [ICHGAR - zpzlq1zm.default] http://gmx.fr/logout.html
M2 - MFEP: prefs.js [ICHGAR - zpzlq1zm.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.4 (.Dave Garrett.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com
R0 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 1, 0, 3) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dl
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Symantec NCO BHO [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention [64Bits] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BHO Project [64Bits] - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-1327132095-2719659109-4206250097-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\ICHGAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{00863BF6-C90E-4B8C-B383-BFCDF20073A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: C:\windows\system32\Alg.exe (AMD External Events Utility) - Clé orpheline
O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (HP Wireless Assistant Service) . (.Hewlett-Packard - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: (hpHotkeyMonitor) . (.Hewlett-Packard Company - hpHotkeyMonitor Service.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: (hpqwmiex) . (.Hewlett-Packard Company - hpqwmiex Module.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: (pdfcDispatcher) . (.PDF Complete Inc - Dispatcher.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: (stllssvr) . (.MicroVision Development, Inc. - SureThing Labelflash Disc Printer Service M.) - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\windows\Tasks\HPCeeScheduleForICHGAR.job
[MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForICHGAR] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
[MD5.34652E72A4AABE339E88490E48E12076] [APT] [InternetServiceOffers] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.34652E72A4AABE339E88490E48E12076] [APT] [Registration] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.986154FBD7AB1EB10AF2DAC0BC2D2E3E] [APT] [First Boot] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Analyzer 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Processor 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: (BHDrvx64) . (.Symantec Corporation - BASH Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\windows\System32\drivers\discache.sys
O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
O41 - Driver: (IDSVia64) . (.Symantec Corporation - IDS Core Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\windows\System32\drivers\rdprefmp.sys
O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.sys
O41 - Driver: (SymIRON) . (.Symantec Corporation - Iron Driver.) - C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.sys
O41 - Driver: (SymNetS) . (.Symantec Corporation - Network Security Driver.) - C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\windows\System32\DRIVERS\wfplwf.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {560932B5-8702-7FB8-01AE-265EA44FAEEB}
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {08234a0d-cf39-4dca-99f0-0c5cb496da81}
O42 - Logiciel: Bing Bar Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {54B29835-EF99-41D2-9104-F159DE62F165}
O42 - Logiciel: Bing Rewards Client Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
O42 - Logiciel: Broadcom 2070 Bluetooth 3.0 - (.Broadcom Corporation.) [HKLM] -- {436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {16CA9DAC-6A40-4204-A826-33C4D52A266C}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- _{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}
O42 - Logiciel: Corel Home Office - (.Corel Corporation.) [HKLM][64Bits] -- {E684A226-D7B1-4B14-9778-44AD48A654F0}
O42 - Logiciel: Corel Home Office - CS Templates - (.????.) [HKLM][64Bits] -- {1A1E33D2-9824-454A-B8CB-50072118635A}
O42 - Logiciel: Corel Home Office - CT Templates - (.??????.) [HKLM][64Bits] -- {26D19512-874B-4EDA-B7F1-779850B2AD5A}
O42 - Logiciel: Corel Home Office - IPM - (.Corel Corporation.) [HKLM][64Bits] -- {0B2187A6-8ACC-4012-9817-9221211EF407}
O42 - Logiciel: Corel Home Office - JP Templates - (.???.) [HKLM][64Bits] -- {1D11E96F-0405-4B99-8356-5750B1D9FAE9}
O42 - Logiciel: Corel Home Office - KR Templates - (.???.) [HKLM][64Bits] -- {5746E4F9-77C6-47E8-A737-A5975A57B4AA}
O42 - Logiciel: Corel Home Office - Launcher - (.Corel Corporation.) [HKLM][64Bits] -- {E74EA3B1-7192-489D-9A57-0AE918FEC001}
O42 - Logiciel: Corel Home Office - Templates RU - (.???????? ???????????.) [HKLM][64Bits] -- {F45048A1-12C4-4B08-A3EB-32D88033368A}
O42 - Logiciel: Corel Home Office - Templates1 - (.Your Company Name.) [HKLM][64Bits] -- {5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Energy Star Digital Logo - (.Hewlett-Packard.) [HKLM][64Bits] -- {BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {F097D8DF-B207-4EA1-91A4-A21B8425F9B4}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {D9989A13-B173-4048-B8A5-93C204DCB1B3}
O42 - Logiciel: HP HotKey Support - (.Hewlett-Packard Company.) [HKLM] -- {4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}
O42 - Logiciel: HP SoftPaq Download Manager - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {2DA697D7-FED3-4DE2-A174-92A2A12F9688}
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {9CD3BB19-993E-469D-9E1F-B57A175C1411}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {04801E42-B1A6-4C52-9F3D-CADB5A050433}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {E92D47A1-D27D-430A-8368-0BAFD956507D}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM][64Bits] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM][64Bits] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM][64Bits] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM][64Bits] -- {6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {06E6E30D-B498-442F-A943-07DE41D7F785}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM][64Bits] -- NIS
O42 - Logiciel: Norton Online Backup - (.Symantec.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto Avast_is1
O42 - Logiciel: PDF Complete Special Edition - (.PDF Complete, Inc.) [HKLM][64Bits] -- PDF Complete
O42 - Logiciel: PcTuto 1.1 - (.Agence-Exclusive.) [HKLM][64Bits] -- PcTuto_is1
O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM][64Bits] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM][64Bits] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM][64Bits] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM][64Bits] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM][64Bits] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM][64Bits] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM][64Bits] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM][64Bits] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Tuto Emule1.0.0.0 - (.PCTuto.) [HKLM][64Bits] -- Tuto Emule_is1
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1
O42 - Logiciel: WinZip 14.5 - (.WinZip Computing, S.L. .) [HKLM][64Bits] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {5BF8E079-D6E2-4323-B794-75152371122A}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {05E379CC-F626-4E7D-8354-463865B303BF}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM][64Bits] -- eMule

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\Ability 5.0]
[HKCU\Software\Agence-Exclusive]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IDT]
[HKCU\Software\LightScribe]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\Norton]
[HKCU\Software\PCTuto]
[HKCU\Software\PDFComplete]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SweetIM]
[HKCU\Software\Synaptics]
[HKCU\Software\Trolltech]
[HKCU\Software\Widcomm]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Wow6432Node]
[HKCU\Software\eMule]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Ability 5.0]
[HKLM\Software\Agence-Exclusive]
[HKLM\Software\BcmSetup]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Corel Calculate]
[HKLM\Software\Corel Show]
[HKLM\Software\Corel Write]
[HKLM\Software\Corel]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard Company]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\PCTuto]
[HKLM\Software\PDFComplete]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\SweetIM]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/03/2011 - 16:01:24 - [23278207] ----D- C:\Program Files\ATI
O43 - CFD: 23/03/2011 - 16:09:12 - [12605859] ----D- C:\Program Files\Broadcom
O43 - CFD: 17/06/2011 - 16:58:10 - [7422296] ----D- C:\Program Files\CCleaner
O43 - CFD: 23/03/2011 - 16:11:56 - [105737151] ----D- C:\Program Files\Common Files
O43 - CFD: 09/12/2010 - 00:53:44 - [90566676] ----D- C:\Program Files\DVD Maker
O43 - CFD: 23/03/2011 - 16:17:00 - [12339231] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 23/03/2011 - 16:12:50 - [38085244] ----D- C:\Program Files\IDT
O43 - CFD: 17/06/2011 - 15:57:04 - [5447692] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 27/07/2009 - 16:27:32 - [151776306] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 07:32:40 - [42549417] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 16/06/2011 - 22:09:18 - [0] ----D- C:\Program Files\Symantec
O43 - CFD: 09/12/2010 - 01:12:50 - [31755783] ----D- C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 23/03/2011 - 16:06:58 - [184921240] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 09/12/2010 - 00:53:44 - [4476928] ----D- C:\Program Files\Windows Defender
O43 - CFD: 09/12/2010 - 00:53:44 - [9688696] ----D- C:\Program Files\Windows Journal
O43 - CFD: 16/06/2011 - 11:54:24 - [7987385] ----D- C:\Program Files\Windows Live
O43 - CFD: 17/06/2011 - 15:57:02 - [8903168] ----D- C:\Program Files\Windows Mail
O43 - CFD: 17/06/2011 - 15:56:50 - [8274861] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [13158580] ----D- C:\Program Files\Windows NT
O43 - CFD: 09/12/2010 - 00:53:44 - [5739288] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 16/06/2011 - 09:32:10 - [11112863] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 16/06/2011 - 11:53:44 - [90878326] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [619008] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/03/2011 - 16:11:58 - [1029064] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 09/12/2010 - 00:53:44 - [13208051] ----D- C:\Program Files\Common Files\System
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 16/06/2011 - 09:48:18 - [187] ----D- C:\ProgramData\ATI
O43 - CFD: 09/12/2010 - 01:01:02 - [17156089] ----D- C:\ProgramData\Corel
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 16/06/2011 - 15:09:12 - [0] ----D- C:\ProgramData\eMule
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 17/06/2011 - 15:53:52 - [1325137] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 17/06/2011 - 15:24:16 - [710] ----D- C:\ProgramData\LightScribe
O43 - CFD: 18/06/2011 - 19:40:44 - [6833566] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 17/06/2011 - 16:49:08 - [4156867516] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 16/06/2011 - 21:47:46 - [233284198] ----D- C:\ProgramData\Norton
O43 - CFD: 23/03/2011 - 16:10:52 - [561847] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 16/06/2011 - 10:32:30 - [0] ----D- C:\ProgramData\PDFC
O43 - CFD: 23/03/2011 - 16:17:14 - [20524458] ----D- C:\ProgramData\Skype
O43 - CFD: 09/12/2010 - 01:12:04 - [951] ----D- C:\ProgramData\Sonic
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 16/06/2011 - 10:18:42 - [104700] ----D- C:\ProgramData\SweetIM
O43 - CFD: 16/06/2011 - 09:32:04 - [913] ----D- C:\ProgramData\Symantec
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 23/03/2011 - 16:17:02 - [11417628] ----D- C:\ProgramData\Uninstall
O43 - CFD: 16/06/2011 - 09:30:08 - [28] ----D- C:\ProgramData\WinZip
O43 - CFD: 09/12/2010 - 01:01:44 - [35356150] ----D- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
O43 - CFD: 17/06/2011 - 16:21:20 - [36484086] ----D- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
O43 - CFD: 16/06/2011 - 09:54:30 - [156463] ----D- C:\Users\ICHGAR\AppData\Roaming\Adobe
O43 - CFD: 16/06/2011 - 09:48:18 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\ATI
O43 - CFD: 17/06/2011 - 17:14:50 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\CorelHomeOffice
O43 - CFD: 17/06/2011 - 15:54:36 - [53005] ----D- C:\Users\ICHGAR\AppData\Roaming\Hewlett-Packard
O43 - CFD: 16/06/2011 - 13:55:40 - [44709] ----D- C:\Users\ICHGAR\AppData\Roaming\hpqLog
O43 - CFD: 16/06/2011 - 09:46:48 - [0] ----D- C:\Users\ICHGAR\AppData\Roaming\Identities
O43 - CFD: 16/06/2011 - 09:54:34 - [776] ----D- C:\Users\ICHGAR\AppData\Roaming\Macromedia
O43 - CFD: 18/06/2011 - 19:40:52 - [236071] ----D- C:\Users\ICHGAR\AppData\Roaming\Malwarebytes
O43 - CFD: 18/06/2011 - 09:09:48 - [1632659] -S--D- C:\Users\ICHGAR\AppData\Roaming\Microsoft
O43 - CFD: 16/06/2011 - 12:18:22 - [23736560] ----D- C:\Users\ICHGAR\AppData\Roaming\Mozilla
O43 - CFD: 16/06/2011 - 15:01:00 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Agence-Exclusive
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Application Data
O43 - CFD: 16/06/2011 - 09:48:18 - [72286] ----D- C:\Users\ICHGAR\Appdata\Local\ATI
O43 - CFD: 16/06/2011 - 09:47:22 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\Broadcom
O43 - CFD: 16/06/2011 - 11:34:10 - [1991204] ----D- C:\Users\ICHGAR\Appdata\Local\CrashDumps
O43 - CFD: 16/06/2011 - 10:43:44 - [320431] ----D- C:\Users\ICHGAR\Appdata\Local\ElevatedDiagnostics
O43 - CFD: 16/06/2011 - 15:28:44 - [75573] ----D- C:\Users\ICHGAR\Appdata\Local\eMule
O43 - CFD: 16/06/2011 - 09:46:12 - [722869] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard
O43 - CFD: 16/06/2011 - 09:32:08 - [1764] ----D- C:\Users\ICHGAR\Appdata\Local\Hewlett-Packard_Company
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Historique
O43 - CFD: 17/06/2011 - 16:49:08 - [34708576] ----D- C:\Users\ICHGAR\Appdata\Local\Microsoft
O43 - CFD: 16/06/2011 - 12:18:08 - [109837242] ----D- C:\Users\ICHGAR\Appdata\Local\Mozilla
O43 - CFD: 16/06/2011 - 09:47:12 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\PDFC
O43 - CFD: 16/06/2011 - 09:46:08 - [373] ----D- C:\Users\ICHGAR\Appdata\Local\RemEngine
O43 - CFD: 16/06/2011 - 10:23:24 - [2693] ----D- C:\Users\ICHGAR\Appdata\Local\Roxio
O43 - CFD: 19/06/2011 - 09:32:36 - [408292] ----D- C:\Users\ICHGAR\Appdata\Local\Temp
O43 - CFD: 16/06/2011 - 09:29:30 - [0] -SH-D- C:\Users\ICHGAR\Appdata\Local\Temporary Internet Files
O43 - CFD: 16/06/2011 - 09:46:28 - [0] ----D- C:\Users\ICHGAR\Appdata\Local\VirtualStore
O43 - CFD: 16/06/2011 - 12:08:10 - [8192] ----D- C:\Users\ICHGAR\Appdata\Local\Windows Live
O43 - CFD: 14/07/2009 - 06:54:34 - [14669] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 16/06/2011 - 09:47:02 - [174] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/07/2009 - 06:49:40 - [580] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 19/06/2011 - 09:33:24 - [0] R---D- C:\Users\ICHGAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 23/03/2011 - 16:02:40 - [79659861] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 09/12/2010 - 01:14:16 - [999384] ----D- C:\Program Files (x86)\Bing Bar Installer
O43 - CFD: 16/06/2011 - 12:40:46 - [519904485] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 09/12/2010 - 01:00:18 - [409860640] ----D- C:\Program Files (x86)\Corel
O43 - CFD: 17/06/2011 - 16:22:54 - [1053756251] ----D- C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 17/06/2011 - 16:33:48 - [18111996] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 17/06/2011 - 15:57:04 - [4750352] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 18/06/2011 - 19:40:48 - [7580101] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 09/12/2010 - 01:14:10 - [4167645] ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 09/12/2010 - 01:06:12 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 09/12/2010 - 01:13:46 - [38271979] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 16/06/2011 - 11:57:26 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 16/06/2011 - 12:17:54 - [32640745] ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 09/12/2010 - 01:14:10 - [5416080] ----D- C:\Program Files (x86)\MSN Toolbar
O43 - CFD: 23/03/2011 - 16:11:28 - [206168849] ----D- C:\Program Files (x86)\Norton Internet Security
O43 - CFD: 23/03/2011 - 16:10:52 - [27119443] ----D- C:\Program Files (x86)\NortonInstaller
O43 - CFD: 16/06/2011 - 10:16:50 - [161491] ----D- C:\Program Files (x86)\Object
O43 - CFD: 16/06/2011 - 09:32:22 - [1237] R---D- C:\Program Files (x86)\Online Services
O43 - CFD: 09/12/2010 - 00:59:36 - [38012713] ----D- C:\Program Files (x86)\PDF Complete
O43 - CFD: 23/03/2011 - 16:15:14 - [3265869] ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [44892929] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 09/12/2010 - 01:12:24 - [49381754] ----D- C:\Program Files (x86)\Roxio
O43 - CFD: 23/03/2011 - 16:17:14 - [30309653] R---D- C:\Program Files (x86)\Skype
O43 - CFD: 16/06/2011 - 10:18:58 - [8851323] ----D- C:\Program Files (x86)\SweetIM
O43 - CFD: 16/06/2011 - 09:32:04 - [3473496] ----D- C:\Program Files (x86)\Symantec
O43 - CFD: 23/03/2011 - 16:12:08 - [665968] ----D- C:\Program Files (x86)\SymSilent
O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 09/12/2010 - 00:53:44 - [754176] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 16/06/2011 - 11:59:32 - [185366642] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 17/06/2011 - 15:57:02 - [8416768] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 17/06/2011 - 15:56:50 - [5417233] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [12729012] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 09/12/2010 - 00:53:44 - [4640520] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 16/06/2011 - 09:32:10 - [9725514] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 16/06/2011 - 09:30:06 - [20673124] ----D- C:\Program Files (x86)\WinZip
O43 - CFD: 19/06/2011 - 09:33:54 - [3907336] ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 09/12/2010 - 00:58:58 - [2075653] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 09/12/2010 - 01:35:32 - [36024838] ----D- C:\Program Files (x86)\Common Files\LightScribe
O43 - CFD: 16/06/2011 - 11:52:30 - [20950138] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 09/12/2010 - 01:01:02 - [1653312] ----D- C:\Program Files (x86)\Common Files\Protexis
O43 - CFD: 09/12/2010 - 01:11:58 - [4546384] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 09/12/2010 - 01:12:26 - [112878078] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 23/03/2011 - 16:17:14 - [2135336] ----D- C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 09/12/2010 - 01:12:00 - [1461415] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [41114023] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 09/12/2010 - 01:12:18 - [732768] ----D- C:\Program Files (x86)\Common Files\SureThing Shared
O43 - CFD: 16/06/2011 - 12:40:46 - [618784] ----D- C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 09/12/2010 - 00:53:44 - [11336691] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 16/06/2011 - 11:41:56 - [284374363] ----D- C:\Program Files (x86)\Common Files\Windows Live



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8CEE1800FEFFFFFF57494E444F577E31] - 19/06/2011 - 08:21:12 ---A- . (...) -- C:\windows\WindowsUpdate.log [1321681]
O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19760]
O44 - LFC:[MD5.324DA82FA2E80B5E93CA9D0F035EDA8F] - 19/06/2011 - 07:36:51 --HA- . (...) -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19760]
O44 - LFC:[MD5.63DFDF42EC36AE5C69B091D4A8DD1BC7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\PerfStringBackup.INI [3894956]
O44 - LFC:[MD5.461CAA83AF49500E1ED6088AAB897A1A] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc007.dat [125928]
O44 - LFC:[MD5.C6F145E3793460A56028E54B6A084431] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc009.dat [103568]
O44 - LFC:[MD5.0D4607DA081946EDD91C2D0431E232BD] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc00C.dat [127684]
O44 - LFC:[MD5.B8D7469CF54913A7D19F638E9D1A675C] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc010.dat [124006]
O44 - LFC:[MD5.3D34624AA7A7E32E57756ABF10BE78D1] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfc013.dat [129608]
O44 - LFC:[MD5.AF93E375869701AC67C048154BEA3EDA] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh007.dat [633536]
O44 - LFC:[MD5.08CE9D1E38ABB5E24C9B53ABFE5D454F] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh009.dat [607190]
O44 - LFC:[MD5.8062FB9A9A3B257B1DA8122828C5823E] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh00C.dat [695004]
O44 - LFC:[MD5.C8DEADCFC5C1E395671A76C79C97D944] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh010.dat [680010]
O44 - LFC:[MD5.ABBDB6F2D30D8C6C402E50F2DED019A7] - 19/06/2011 - 07:35:03 ---A- . (...) -- C:\windows\SysNative\perfh013.dat [681356]
O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 19/06/2011 - 07:28:51 ---A- . (...) -- C:\windows\setupact.log [168]
O44 - LFC:[MD5.AFCE08BA276A319F4E353EE76AAF1777] - 19/06/2011 - 07:28:49 -S-A- . (...) -- C:\windows\bootstat.dat [67584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/06/2011 - 18:51:59 ---A- . (...) -- C:\windows\setuperr.log [0]
O44 - LFC:[MD5.7D782C3CAB62F19C39A1B3870C5D3DFE] - 17/06/2011 - 15:00:11 ---A- . (...) -- C:\windows\SysNative\FNTCACHE.DAT [276216]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\SysNative\atmfd.dll [367104]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 17/06/2011 - 07:36:38 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\System32\atmfd.dll [294912]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\SysNative\license.rtf [53560]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 16/06/2011 - 14:18:37 ---A- . (...) -- C:\windows\System32\license.rtf [53560]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/06/2011 - 08:29:47 RSHA- . (...) -- C:\windows\System32\drivers\103C_HP_bNB_625_Y5336AN_0U_Q5CG1120NX2_EPO647283-B2A_4A_I1475_SHP_V72.0E_68DVA F.06_T101207_WU3-0_L40C_M1789_J250_7AMD_8F63_92.40_#10120



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\Drivers\ipnat.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\windows\System32\Drivers\nsiproxy.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\windows\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\System32\Drivers\vga.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\System32\Drivers\volmgr.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\windows\System32\Drivers\volmgrx.sys (.not file.)



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\PDF Complete [Key] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.AB3166C09438A161FBDE13099A72E0AF] - 12/05/2010 - 09:37:32 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [107912]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.5118DCD2065D8C8D752AD5EC0B2D6AA6]
0
Réponse 9 / 40
Utilisateur anonyme
 
lit bien mon message si tu souhaites de l'aide !

le rapport est trop long et incomplet !

je te propose cette solution dés le départ :

https://forums.commentcamarche.net/forum/affich-22402407-trojean-eorezo#7
0
Réponse 10 / 40
CLAUDIUS52
 
voici le lien:

http://www.cijoint.fr/cjlink.php?file=cj201106/cijE4GPBZm.txt
0
Réponse 11 / 40
Utilisateur anonyme
 
est ce que tu connais ce domaine ?

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpDomain = sgt.cpqcorp.net




télécharge et enregistre ce fichier sur ton bureau ;
http://www.cijoint.fr/cjlink.php?file=cj201106/cijuLkl5AH.txt

* Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)

fais un glisser/ Déposer du fichier dans la fenêtre de zhpfix.



- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
Tuto :

http://www.premiumorange.com/zeb-help-process/zhpfix.html
0
Réponse 12 / 40
CLAUDIUS52
 
Bjr

j'ai eu un problème,avec mon ordinateur portable, n'avez plus de connexion,je ne sait pas ce qui sait passé,il a valut que je restaure a une date ultérieur,car je n'arrivais plus a me connecte, l'adaptateur sans fil était désactivé,je ne sais pas si ses suite a une mauvaise manoeuvre.
0
Réponse 13 / 40
Utilisateur anonyme
 
bonjour,

et rebelotte !

on repart à zéro !

aide toi de ce poste pour me faire parvenir un log de zhpdiag :

https://forums.commentcamarche.net/forum/affich-22402407-trojean-eorezo#5

0
Réponse 14 / 40
CLAUDIUS52
 
Bsr

faut il que je refasse un scan avec Malwarebyte
0
Réponse 15 / 40
Utilisateur anonyme
 
non, passse d'abord un log de zhpdiag, on verra ce qui est revenu !

0
Réponse 16 / 40
CLAUDIUS52
 
voici le scan ZHPDiag:

http://www.cijoint.fr/cjlink.php?file=cj201106/cij5MbP0M5.txt
0
Réponse 17 / 40
Utilisateur anonyme
 
toutes les infections sont de retours !!


* Télécharge de AD-Remover sur ton Bureau. (Merci à l'équipe TeamXscript)
http://www.teamxscript.org/adremoverTelechargement.html
( Lien officiel )

https://www.androidworld.fr/
( Miroir )
/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)









0
Réponse 18 / 40
CLAUDIUS52 Messages postés 22 Statut Membre
 
Bjr
voici le rapport du scan de AD-R:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:57:03 le 21/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
ICHGAR@ICHGAR-HP (Hewlett-Packard HP 625)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\PCtuto
Dossier supprimé: C:\Users\ICHGAR\AppData\Roaming\Agence-Exclusive
Dossier supprimé: C:\Users\ICHGAR\AppData\Local\Agence-Exclusive
Dossier supprimé: C:\Program Files (x86)\Agence-Exclusive
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Dossier supprimé: C:\Program Files (x86)\PCTuto

(!) -- Fichiers temporaires supprimés.



Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

-- C:\Users\ICHGAR\AppData\Roaming\Mozilla\FireFox\Profiles\zpzlq1zm.default --
Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)
Prefs.js - browser.startup.homepage, hxxp://gmx.fr/logout.html
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

========================================

**** Internet Explorer Version [8.0.7601.17514] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Send To Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} - "Facetheme" (C:\Program Files (x86)\Object\bho_project.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 22 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 21/06/2011 08:58:08 (4808 Octet(s))

Fin à: 08:59:02, 21/06/2011

============== E.O.F ==============
0
Réponse 19 / 40
CLAUDIUS52 Messages postés 22 Statut Membre
 
pourquoi j'ai le message(titre non renseigné en rouge)
0
Réponse 20 / 40
Utilisateur anonyme
 
ignore le message en rouge :-)

relance ADR, clique sur désinstaller,


Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

ou ici :
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/


/!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. Tu cliques droit dans le cadre de la réponse et coller
. À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!

Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0