Analyse SVP! [RESOLU]

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Analyse SVP! [RESOLU]

Messagepar margoya » 16 Sep 2011 16:52

Bonjour, cela fait longtemps que je ne suis pas venue ici! je trouve mon ordinateur un peu lent ce moment, principalement quand je surf via Internet Explorer (le curseur a tendance à bloquer quand j'écris des mails, les pages sont longues à s'afficher). Je voulais donc savoir si je n'avais pas ubn p'tit virus quelque part ou des logiciels qui feraient double emploi (ou si cela vient seulement de ma connection). Voici mon HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:55, on 16/09/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sarah\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.fujifilmnet.com/ips-opdata/o ... jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resourc ... dfr-fr.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargem ... oader4.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://work.prosodie.com/dana-cached/s ... Client.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10145 bytes

Merci pour votre aide!
Dernière édition par margoya le 01 Oct 2011 17:33, édité 1 fois.
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar tomtom95 » 16 Sep 2011 19:37

Bonsoir margoya


Tu as des restes Barre d'outils uTorrentBar,et Conduit Engine,Elf 1 Toolbar
Des "barre d'outils communautaires"
elle modifie l'IE de recherche par défaut URL crochet.
ces barres d'outils sont réputés pour avoir une fonctionnalité
suivre la façon de te connecté sur le net.


  • Sur cette page AdwCleaner de Xplode
    Image
    clique sur Télécharger et enregistre le fichier sur ton Bureau
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7
    il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal
    clique sur Recherche et patiente le temps de l'analyse
  • A la fin du scan
    un rapport AdwCleaner[R].txt s'ouvre. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner[R].txt


Pour une analyse un peu plus détailler de ton ordinateur
applique cette procédure stp.

Télécharge ZHPDiag de Nicolas Coolman sur ton Bureau

  • Lance l'outil : double-clique sur ZHPDiag pour XP
    Pour Vista et seven
    fais un clique droit sur l'icône et exécute en tant qu'administrateur.

    Clique sur le Tournevis a droit en haut
    Image

    Coche toutes les cases .
  • Puis Clique sur la petite loupe Image en haut à gauche pour débuter l'analyse :
  • L'analyse peut durer une dizaine de minutes.
  • Le rapport généré par l'outil se nomme ZHPDiag.txt
  • Clique sur le bouton avec l'appareil photo pour copier le contenu intégral du rapport généré par l'outil dans le presse-papier :
  • Dans ta prochaine réponse
    clique sur les touches CTRL+V pour coller ce rapport.
  • Si tu rencontres un message d'erreur
    cela signifie que le rapport est trop long. Il faut donc l'éditer en plusieurs parties en veillant bien à ne rien oublier
  • Tu peux aussi héberger le fichier contenant ce rapport ici
    http://cjoint.com/
  • Indique ensuite dans ta prochaine réponse l'adresse d'hébergement de ce rapport pour que je puisse le télécharger et l'analyser.

A+
Avatar de l’utilisateur
tomtom95
Libellulien Junior
Libellulien Junior
 
Messages: 124
Inscription: 10 Sep 2011 23:37

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 09:57

Bonjour, je ne peux pas télécharger AdwCleaner, une fenêtre s'affiche et me dit " Ce programme n'est pas fréquemment téléchargé et risque d'endommager votre ordinateur" et je n'ai pas d'autres option que de supprimer. J'essaye le logiciel suivant que vous me conseillez
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:40

Rapport de ZHPDiag v1.28.1346 par Nicolas Coolman, Update du 29/08/2011
Run by Sarah at 18/09/2011 11:24:41
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 6.0.2 v6.0.2 (Defaut)
OBIE: Safari v5.33.18.5

---\\ Windows Product Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (21%) free of 328 GB

---\\ Logged in mode
~ Computer Name: PC-DE-SARAH
~ User Name: Sarah
~ All Users Names: Sarah, IUSR_NMPR, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Sarah\AppData\Roaming\
~ %Desktop% : C:\Users\Sarah\Desktop\
~ %Favorites% : C:\Users\Sarah\Favorites\
~ %LocalAppData% : C:\Users\Sarah\AppData\Local\
~ %StartMenu% : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 70 Go of 328 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 7 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.17/09/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.4B555106290BD117334E9A08761C035A] - (....) (.02/11/2006 - 10:45:37.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/03/2009 - 23:33:38.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/05/2011 - 17:23:32.) -- C:\Windows\system32\wininet.dll [1126912]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.17/09/2009 - 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.17/09/2009 - 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.17/09/2009 - 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]
[MD5.95F5FF73B076576C41740F1A842B9B57] - (....) (.26/03/2009 - 23:34:12.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 15/15653
~ Mes musiques (My Musics) : 6/644
~ Mes Videos (My Video) : 0/3
~ Mes Favoris (My Favorites) : 10/103
~ Mes Documents (My Documents) : 1/730
~ Mon Bureau (My Desktop) : 15/15707
~ Menu demarrer (Programs) : 7/37
~ Scan Hidden Files in 00mn 17s



---\\ Processus lancés
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.3528]
[MD5.B1361669BDC6ED612C35B7C67ADA2240] - (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784] [PID.3572]
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe [4669440] [PID.3688]
[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.3792]
[MD5.7C98599DC1B7C7103A52B2C0BF462C56] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [49152] [PID.3800]
[MD5.E2B4488830B9F047930BB5FE0E4FD71B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3722416] [PID.3864]
[MD5.0CFBE2D135A73CA98381FC8CC8BC5A03] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160] [PID.3896]
[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3920]
[MD5.AF83A58297334BF9E956FB89F682717E] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1783400] [PID.3932]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.3948]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.4064]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2228]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.3428]
[MD5.BE9A6C91999C1FB796F980C794E7DB9C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.2544]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3996]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5076]
[MD5.904E13BA41AF2E353A32CF351CA53639] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [748336] [PID.4220]
[MD5.BB646927C878EF8B966ED168D4C712AE] - (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe [243360] [PID.4316]
[MD5.7914370AAC5CDE8DCAE1C674A6C90229] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [669696] [PID.5380]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\prefs.js
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\user.js (.not file.)
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Sarah] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Sarah - eh3dtbf6.default] www.yahoo.fr
M2 - MFEP: prefs.js [Sarah - eh3dtbf6.default\engine@conduit.com] [] Conduit Engine v3.3.3.2 (.Conduit Ltd..)
M2 - MFEP: prefs.js [Sarah - eh3dtbf6.default\fr-classique@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique» v4.2.5 (.Olivier R..)
M2 - MFEP: prefs.js [Sarah - eh3dtbf6.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR Community Toolbar v3.6.0.10 (.Conduit Ltd..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe162102.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nosltd.com/getPlus+(R),version=1.6.2.102] - (.NOS Microsystems Ltd. - getplusplusadobe162102.) -- C:\Program Files\NOS\bin\np_gp.dll
P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=13] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Users\Sarah\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (.Yahoo! Inc. - Yahoo! activeX Plug-in Bridge.) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll
~ Scan Firefox Browser in 00mn 00s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:41

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} . (.Hewlett-Packard Co. - Leo (Framework) - add-on for Internet Explo.) -- C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) -- (.not file.)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} . (...) -- (.not file.)
O3 - Toolbar: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} . (...) -- (.not file.)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
O4 - HKLM\..\Run: [StartCCC] . (...) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jureg.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\Windows\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\windows sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\windows sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3301910120-441557304-1892818330-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk . (...) -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Audacity.lnk . (...) -- C:\Program Files\Audacity\audacity.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\Sarah\Documents
O4 - Global Startup: C:\Users\Sarah\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Soap Opera Dash(TM).lnk . (...) -- C:\Zylom Games\Soap Opera Dash(TM)\ZY-Soap Opera Dash.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\WhoCrashed.lnk . (...) -- C:\Program Files\WhoCrashed\whocrashed.exe
O4 - Global Startup: C:\Users\Sarah\Desktop\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk . (...) -- C:\Windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QUICKMEDIACONVERTER.lnk . (.Actecom.) -- C:\Program Files\QuickMediaConverter\QMC.exe
O4 - Global Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Envoyer à OneNote - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: &Envoyer à OneNote - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: &Envoyer à OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.fujifilmnet.com/ips-opdata/o ... jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resourc ... dfr-fr.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargem ... oader4.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://work.prosodie.com/dana-cached/s ... Client.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS3\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{964D3745-F1C8-4E7F-861E-978030E6B686}: DhcpDomain = numericable.fr
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:42

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DQLWinService (DQLWinService) . (.Pas de propriétaire - DQLWinSe Application.) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (.not file.)
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) . (.Intel(R) Corporation - Intel(R) Factory Mode Service.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Sarah.job
[MD5.00000000000000000000000000000000] [APT] [Google Software Updater] (...) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (.not file.)
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.2D141D455A3F1BDAC97A08006ACD7B4B] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.00000000000000000000000000000000] [APT] [JavaUpdateAdministrator] (...) -- C:\Windows\system32\jusched.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [Norton Internet Security - Analyse système complète - Sarah] (...) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-3301910120-441557304-1892818330-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-3301910120-441557304-1892818330-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [Secunia PSI Logon Task] (...) -- C:\Program Files\Secunia\PSI\psi.exe (.not file.)
[MD5.7D32D7A82B9C59717DED720B76C69A17] [APT] [{2376BFB8-0032-4743-911D-EF351DBFD527}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Avenue Flo Deluxe\GameInstlr.exe
[MD5.00000000000000000000000000000000] [APT] [{3B0C84F9-4EA6-413D-84B0-BE3C53D24D1A}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Build-a-lot 3 Deluxe\GameInstlr.exe (.not file.)
[MD5.F172C5586BC2665B9043B0BB511EB721] [APT] [{52D21E8C-10A4-4E07-BA10-3E111C24A906}] (.Electronic Arts Inc..) -- C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
[MD5.00000000000000000000000000000000] [APT] [{5E4C7D6A-DAB3-4C6A-8034-A9A2C6DE1060}] (...) -- C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe (.not file.)
[MD5.DDC30C754FE6B63F15E7E668C3C67355] [APT] [{87E72978-19C8-4E3C-98FB-7687911056C7}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Hearts Medicine - Season One Deluxe\GameInstlr.exe
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{88777124-D775-4001-B8D9-0336C7442596}] (...) -- C:\PROGRA~1\Elf_1\UNWISE.exe
[MD5.F77F776ACE8AC1B378F5CA66F4BC52F1] [APT] [{8B057799-571B-4AE5-9439-4B2C2FAE9875}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Party Planner Deluxe\GameInstlr.exe
[MD5.D4DB27D95BB39C12E1680702A6323947] [APT] [{ACD95C14-AA6E-4EC6-9DA2-933297881D70}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Amelie's Cafe Deluxe\GameInstlr.exe
[MD5.00000000000000000000000000000000] [APT] [{BACA823B-ADC9-49A9-94B6-9E7B15012280}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\SKIP-BO Castaway Caper(TM)\GameInstlr.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{CF8E8177-264F-4709-8188-D97476A24D2B}] (...) -- C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe (.not file.)
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{D0DD7B5A-4613-4711-9816-135C4193C1C4}] (...) -- C:\PROGRA~1\UTORRE~1\UNWISE.exe
[MD5.CC507636EF8028FC8F14F612B11AD9DB] [APT] [{DFB1A778-036D-4DCA-8F12-D631B4681E62}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Burger Bustle Deluxe\GameInstlr.exe
~ Scan Scheduled Task in 00mn 03s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\system32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\system32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\system32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Amelie's Cafe Deluxe - (.Zylom Games.) [HKCU] -- Amelie's Cafe Deluxe
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1
O42 - Logiciel: Avenue Flo Deluxe - (.Zylom Games.) [HKCU] -- Avenue Flo Deluxe
O42 - Logiciel: Avenue Flo(TM) - (.Pas de propriétaire.) [HKLM] -- 314c9bb4498e42efe503c453f4050db0
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Burger Bustle Deluxe - (.Zylom Games.) [HKCU] -- Burger Bustle Deluxe
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM] -- conduitEngine
O42 - Logiciel: Elf 1 Toolbar - (.Elf 1.) [HKLM] -- Elf_1 Toolbar
O42 - Logiciel: GIMP 2.6.11 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {AB5E289E-76BF-4251-9F3F-9B763F681AE0}
O42 - Logiciel: HP Customer Participation Program 9.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Easy Setup - Frontend - (.Hewlett-Packard.) [HKLM] -- {40F7AED3-0C7D-4582-99F6-484A515C73F2}
O42 - Logiciel: HP Imaging Device Functions 9.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP OCR Software 9.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: HP On-Screen Cap/Num/Scroll Lock Indicator - (.Hewlett-Packard.) [HKLM] -- OsdMaestro
O42 - Logiciel: HP Photosmart All-In-One Software 9.0 - (.HP.) [HKLM] -- {B46AC30C-22D2-4610-B041-1DA7BB29EB57}
O42 - Logiciel: HP Photosmart Essential 2.01 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: HP Solution Center 9.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: Hearts Medicine - Season One Deluxe - (.Zylom Games.) [HKCU] -- Hearts Medicine - Season One Deluxe
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Juniper Networks Setup Client - (.Juniper Networks.) [HKCU] -- Juniper_Setup_Client
O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35}
O42 - Logiciel: Les Sims™ 3 - (.Electronic Arts.) [HKLM] -- {C05D8CDB-417D-4335-A38C-A0659EDFD6B8}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Mozilla Firefox 6.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 6.0.2 (x86 fr)
O42 - Logiciel: OpenAL - (.Pas de propriétaire.) [HKLM] -- OpenAL
O42 - Logiciel: Outils de diagnostic du matériel - (.PC-Doctor, Inc..) [HKLM] -- PC-Doctor 5 for Windows
O42 - Logiciel: Party Planner Deluxe - (.Zylom Games.) [HKCU] -- Party Planner Deluxe
O42 - Logiciel: Player - (.Pas de propriétaire.) [HKCU] -- QUICKMEDIACONVERTER
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Sandlot Games Client Services 1.2.2 - (.Sandlot Games.) [HKLM] -- Sandlot Games Client Services 1.2.2_is1
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Soap Opera Dash(TM) - (.Pas de propriétaire.) [HKLM] -- a4dcfc4baeae49005f4fcf0cfa35f112
O42 - Logiciel: Solution de clavier multimédia amélioré - (.Hewlett-Packard.) [HKLM] -- KBD
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: WhoCrashed 3.01 - (.Resplendence Software Projects Sp..) [HKLM] -- WhoCrashed_is1
O42 - Logiciel: Winamp Toolbar for Internet Explorer - (.AOL LLC.) [HKLM] -- Winamp Toolbar
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] -- eMule
O42 - Logiciel: muvee autoProducer 6.0 - (.muvee Technologies.) [HKLM] -- {14AF024E-2E3B-49D0-A175-D1C1A06B155A}
O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM] -- uTorrentBar_FR Toolbar

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3Filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Actecom]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Elf_1]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKCU\Software\AppDataLow\Software\ShoppingReport]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software\conduitEngine]
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\BigTopGames]
[HKCU\Software\Binary Noise]
[HKCU\Software\Boolat Games]
[HKCU\Software\CDDB]
[HKCU\Software\CatDaddyGames]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ComodoGroup]
[HKCU\Software\ComputerAssociates]
[HKCU\Software\DivXNetworks]
[HKCU\Software\EasyBits]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Farm Mania 2]
[HKCU\Software\Fenomen Games]
[HKCU\Software\Freeze.com]
[HKCU\Software\Fugazo]
[HKCU\Software\Fujifilm]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\GOG]
[HKCU\Software\GameHouse]
[HKCU\Software\Gestalt Games]
[HKCU\Software\GibbHill]
[HKCU\Software\GoBit]
[HKCU\Software\Google]
[HKCU\Software\HP Guide]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HipSoft]
[HKCU\Software\HookNetwork]
[HKCU\Software\IGA]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Intenium]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\JollyBear]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Kazaa]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MainConcept (Muvee)]
[HKCU\Software\MainConcept (Sonic)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MimarSinan]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\Oberon Media]
[HKCU\Software\PC SOFT]
[HKCU\Software\Piriform]
[HKCU\Software\PlayfulAge]
[HKCU\Software\Policies]
[HKCU\Software\PopCap]
[HKCU\Software\PySoft]
[HKCU\Software\RSB]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Resplendence Sp]
[HKCU\Software\Roxio]
[HKCU\Software\Sandlot Games]
[HKCU\Software\Sarbakan]
[HKCU\Software\SecuROM]
[HKCU\Software\Secunia]
[HKCU\Software\Softthinks]
[HKCU\Software\Sonic]
[HKCU\Software\Speed-Downloading]
[HKCU\Software\SulusGames]
[HKCU\Software\Symantec]
[HKCU\Software\ToyBox]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\ValuSoft]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp Toolbar]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\ZjSoft]
[HKCU\Software\Zylom]
[HKCU\Software\eMule]
[HKCU\Software\ej-technologies]
[HKCU\Software\gamescafe.com]
[HKCU\Software\keyhole.com]
[HKCU\Software\muvee Technologies]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\Debug]
[HKLM\Software\EA GAMES]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Elf_1]
[HKLM\Software\Enlight Software]
[HKLM\Software\Freeze.com]
[HKLM\Software\Fujifilm]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\GEAR Software]
[HKLM\Software\GameInstaller]
[HKLM\Software\Google]
[HKLM\Software\Greyfirst]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaRa]
[HKLM\Software\JavaSoft]
[HKLM\Software\Jodix]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\LightScribe]
[HKLM\Software\Ligos Corporation]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MicroVision]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mindscape]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\Oberon Media]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Orb Networks]
[HKLM\Software\PC-Doctor]
[HKLM\Software\PlayFirst]
[HKLM\Software\Policies]
[HKLM\Software\RSB]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\ReflexiveArcade]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sandlot Games]
[HKLM\Software\Secunia]
[HKLM\Software\Sims]
[HKLM\Software\Singles]
[HKLM\Software\Sonic]
[HKLM\Software\Speed-Downloading]
[HKLM\Software\SymNRT]
[HKLM\Software\Symantec]
[HKLM\Software\Telltale Games]
[HKLM\Software\Trad-FR]
[HKLM\Software\TrendMicro]
[HKLM\Software\Trymedia Systems]
[HKLM\Software\Uniblue]
[HKLM\Software\VideoConverterApp]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\WholeSecurity]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\Windows]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\Yahoo]
[HKLM\Software\ZSMC]
[HKLM\Software\ej-technologies]
[HKLM\Software\greyfirst.ca]
[HKLM\Software\illiminable]
[HKLM\Software\knight]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\mozilla.org]
[HKLM\Software\muvee Technologies]
[HKLM\Software\optimidata]
[HKLM\Software\swearware]
[HKLM\Software\uTorrentBar_FR]
~ Scan Softwares in 00mn 00s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:43

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/09/2011 - 11:25:02 - [4014537] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 19/06/2011 - 21:28:02 - [216737581] ----D- C:\Program Files\Adobe
O43 - CFD: 06/09/2010 - 20:48:04 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 28/09/2010 - 21:27:28 - [2306366] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 01/09/2007 - 07:21:36 - [14396007] ----D- C:\Program Files\ATI
O43 - CFD: 01/09/2007 - 07:22:18 - [131797875] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 15/11/2010 - 21:46:02 - [8691122] ----D- C:\Program Files\Audacity
O43 - CFD: 25/02/2011 - 12:36:00 - [228831823] ----D- C:\Program Files\AVAST Software
O43 - CFD: 04/11/2009 - 20:44:30 - [4758747] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 09/11/2009 - 17:13:20 - [0] ----D- C:\Program Files\AVS4YOU
O43 - CFD: 24/09/2008 - 21:02:04 - [8815444] ----D- C:\Program Files\Azureus
O43 - CFD: 21/06/2011 - 02:43:10 - [152864] ----D- C:\Program Files\Bonjour
O43 - CFD: 01/02/2009 - 21:45:26 - [56] ----D- C:\Program Files\Bullfrog
O43 - CFD: 07/11/2009 - 12:55:32 - [2780336] ----D- C:\Program Files\CCleaner
O43 - CFD: 01/07/2011 - 11:42:42 - [1307923051] ----D- C:\Program Files\Common Files
O43 - CFD: 28/07/2008 - 16:34:50 - [278264] ----D- C:\Program Files\COMODO
O43 - CFD: 19/12/2010 - 13:59:00 - [532064] ----D- C:\Program Files\Conduit
O43 - CFD: 24/02/2011 - 17:15:28 - [76046] ----D- C:\Program Files\ConduitEngine
O43 - CFD: 06/07/2009 - 18:44:04 - [2941326299] ----D- C:\Program Files\EA GAMES
O43 - CFD: 01/09/2007 - 16:37:58 - [51506213] ----D- C:\Program Files\EasyBits
O43 - CFD: 30/09/2009 - 13:06:58 - [5912548191] ----D- C:\Program Files\Electronic Arts
O43 - CFD: 26/02/2011 - 18:21:34 - [216708] ----D- C:\Program Files\Elf_1
O43 - CFD: 04/11/2009 - 20:01:02 - [116968] ----D- C:\Program Files\eRightSoft
O43 - CFD: 10/01/2011 - 12:16:56 - [2400024] ----D- C:\Program Files\Feedback Tool
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 24/05/2008 - 14:00:42 - [0] ----D- C:\Program Files\Freeze.com
O43 - CFD: 07/11/2009 - 06:31:46 - [38896] ----D- C:\Program Files\Full Tilt Poker
O43 - CFD: 18/02/2011 - 19:57:22 - [113128427] ----D- C:\Program Files\GIMP-2.0
O43 - CFD: 29/01/2008 - 20:41:20 - [179947] ----D- C:\Program Files\GlobalStar Software
O43 - CFD: 21/06/2011 - 02:43:26 - [10845274] ----D- C:\Program Files\Google
O43 - CFD: 01/09/2007 - 07:41:36 - [137993781] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 21/01/2008 - 13:52:34 - [219397685] ----D- C:\Program Files\HP
O43 - CFD: 07/11/2009 - 06:31:48 - [79433320] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 01/09/2007 - 07:24:58 - [24800676] ----D- C:\Program Files\Intel
O43 - CFD: 21/06/2011 - 03:24:24 - [6664203] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 21/03/2011 - 00:25:48 - [1856627] ----D- C:\Program Files\iPod
O43 - CFD: 21/03/2011 - 00:26:42 - [127660511] ----D- C:\Program Files\iTunes
O43 - CFD: 01/07/2011 - 11:42:08 - [91719562] ----D- C:\Program Files\Java
O43 - CFD: 18/08/2008 - 18:34:42 - [548120] ----D- C:\Program Files\Kaspersky Lab
O43 - CFD: 10/07/2008 - 11:50:46 - [144] ----D- C:\Program Files\Legacy Interactive
O43 - CFD: 25/10/2009 - 12:22:22 - [4803590] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 05/06/2010 - 17:41:38 - [87033992] ----D- C:\Program Files\Maxis
O43 - CFD: 01/10/2009 - 16:55:38 - [226432] ----D- C:\Program Files\Microsoft
O43 - CFD: 04/08/2009 - 14:09:40 - [602902593] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 12/06/2009 - 07:36:30 - [360352086] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 19/07/2011 - 11:00:20 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 01/10/2009 - 16:56:30 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 02/11/2009 - 14:25:14 - [151889282] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 07/06/2009 - 18:41:50 - [979309] ----D- C:\Program Files\Microsoft WSE
O43 - CFD: 13/02/2008 - 11:36:30 - [8152064] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 15/08/2010 - 07:47:58 - [99342446] ----D- C:\Program Files\Movie Maker
O43 - CFD: 10/11/2009 - 07:12:00 - [1162520] ----D- C:\Program Files\Movies2iPhone
O43 - CFD: 17/09/2011 - 11:08:06 - [37881007] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 01/02/2009 - 21:16:18 - [869270] ----D- C:\Program Files\MSECACHE
O43 - CFD: 25/01/2008 - 19:49:06 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 01/09/2007 - 07:35:12 - [162365118] ----D- C:\Program Files\muvee Technologies
O43 - CFD: 23/05/2011 - 17:43:44 - [403536] ----D- C:\Program Files\NOS
O43 - CFD: 06/02/2011 - 21:38:44 - [809496] ----D- C:\Program Files\OpenAL
O43 - CFD: 28/09/2008 - 22:27:54 - [0] ----D- C:\Program Files\OpenOffice.org 2.4
O43 - CFD: 01/09/2007 - 07:55:56 - [128080855] ----D- C:\Program Files\PC-Doctor 5 for Windows
O43 - CFD: 12/05/2008 - 12:23:42 - [7864132] ----D- C:\Program Files\pese_courrier
O43 - CFD: 21/03/2008 - 18:19:40 - [0] ----D- C:\Program Files\Pogo FR
O43 - CFD: 09/11/2009 - 17:45:40 - [48019283] ----D- C:\Program Files\QuickMediaConverter
O43 - CFD: 25/01/2011 - 12:19:08 - [76322555] ----D- C:\Program Files\QuickTime
O43 - CFD: 04/01/2011 - 06:55:16 - [0] ----D- C:\Program Files\Real
O43 - CFD: 09/09/2011 - 16:12:08 - [3973236] ----D- C:\Program Files\RealArcade
O43 - CFD: 01/09/2007 - 07:24:06 - [15097781] ----D- C:\Program Files\Realtek
O43 - CFD: 04/11/2009 - 14:29:52 - [0] ----D- C:\Program Files\Red Kawa
O43 - CFD: 02/11/2006 - 14:37:36 - [37812993] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 31/05/2008 - 21:11:16 - [0] ----D- C:\Program Files\ReflexiveArcade
O43 - CFD: 01/09/2007 - 07:34:08 - [230883435] ----D- C:\Program Files\Roxio
O43 - CFD: 28/09/2010 - 21:19:28 - [42327064] ----D- C:\Program Files\Safari
O43 - CFD: 01/09/2007 - 07:43:40 - [36985858] ----D- C:\Program Files\Services en ligne
O43 - CFD: 31/05/2008 - 21:14:50 - [102] ----D- C:\Program Files\Slickball
O43 - CFD: 13/02/2009 - 19:13:30 - [814193] ----D- C:\Program Files\trend micro
O43 - CFD: 29/01/2008 - 20:45:26 - [34072] ----D- C:\Program Files\Trymedia
O43 - CFD: 20/03/2009 - 22:14:18 - [0] ----D- C:\Program Files\Ubisoft
O43 - CFD: 02/11/2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 24/02/2011 - 17:28:42 - [223469] ----D- C:\Program Files\uTorrentBar_FR
O43 - CFD: 18/01/2008 - 00:32:48 - [61988064] ----D- C:\Program Files\VideoLAN
O43 - CFD: 26/07/2011 - 17:16:34 - [5157774] ----D- C:\Program Files\WhoCrashed
O43 - CFD: 19/11/2009 - 14:24:28 - [1546752] ----D- C:\Program Files\WinAVI MP4 Converter
O43 - CFD: 05/10/2009 - 16:08:44 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 05/10/2009 - 16:08:44 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 05/10/2009 - 16:08:38 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 01/02/2009 - 21:16:38 - [142742] ----D- C:\Program Files\Windows Installer Clean Up
O43 - CFD: 05/10/2009 - 16:08:44 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/12/2010 - 18:04:14 - [131707753] ----D- C:\Program Files\Windows Live
O43 - CFD: 12/03/2009 - 13:34:48 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 14/04/2011 - 05:33:46 - [9116344] ----D- C:\Program Files\Windows Mail
O43 - CFD: 14/10/2010 - 06:01:50 - [4494025] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/01/2008 - 18:25:34 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 05/10/2009 - 16:08:44 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 24/02/2011 - 17:06:36 - [6674851] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 18/01/2008 - 18:46:10 - [3451643] ----D- C:\Program Files\WinRAR
O43 - CFD: 24/05/2008 - 13:59:56 - [383040] ----D- C:\Program Files\Yahoo!
O43 - CFD: 28/10/2009 - 20:32:14 - [11989] ----D- C:\Program Files\Zylom Games
O43 - CFD: 19/06/2011 - 21:28:26 - [3606170] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 30/05/2011 - 17:18:04 - [31116142] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 21/03/2011 - 00:25:48 - [103546037] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 09/11/2009 - 17:13:22 - [6304656] ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD: 13/02/2008 - 11:36:42 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 21/01/2008 - 13:49:40 - [457237] ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 01/09/2007 - 07:27:46 - [4999856] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 28/09/2008 - 22:23:22 - [10845069] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 01/09/2007 - 07:24:58 - [50795202] ----D- C:\Program Files\Common Files\Intel
O43 - CFD: 01/07/2011 - 11:42:42 - [1258951] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 01/09/2007 - 07:34:52 - [20334004] ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD: 04/01/2011 - 06:52:52 - [784432] ----D- C:\Program Files\Common Files\logishrd
O43 - CFD: 01/09/2007 - 07:34:38 - [69381] ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD: 02/11/2009 - 14:25:20 - [434579983] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 01/09/2007 - 07:35:16 - [38979509] ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 01/09/2007 - 07:34:10 - [968360] ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 01/09/2007 - 07:33:50 - [115125466] ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 21/03/2008 - 18:06:18 - [1353726] ----D- C:\Program Files\Common Files\Sandlot Shared
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 01/09/2007 - 07:33:50 - [4795128] ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 01/09/2007 - 07:28:42 - [730752] ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 23/07/2008 - 17:18:06 - [749732] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 05/10/2009 - 16:08:44 - [42750094] ----D- C:\Program Files\Common Files\System
O43 - CFD: 12/03/2009 - 13:31:16 - [373505885] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 16/01/2008 - 12:57:50 - [19069866] -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD: 19/06/2011 - 21:28:06 - [479] ----D- C:\ProgramData\Adobe
O43 - CFD: 16/04/2009 - 20:58:50 - [20959] ----D- C:\ProgramData\airportmania
O43 - CFD: 23/02/2011 - 22:31:04 - [0] ----D- C:\ProgramData\AlawarSouthpoint
O43 - CFD: 27/05/2009 - 14:57:34 - [3971] ----D- C:\ProgramData\Aliasworlds
O43 - CFD: 06/09/2010 - 20:48:04 - [63072025] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 03/11/2009 - 17:52:12 - [271913203] ----D- C:\ProgramData\Apple
O43 - CFD: 29/03/2009 - 21:36:08 - [179272593] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 02/05/2009 - 21:01:16 - [21052] ----D- C:\ProgramData\Arcade Lab
O43 - CFD: 27/06/2009 - 19:31:40 - [31958342] ----D- C:\ProgramData\Ashtons Family Resort
O43 - CFD: 01/09/2007 - 07:27:06 - [206] ----D- C:\ProgramData\ATI
O43 - CFD: 25/02/2011 - 12:36:00 - [111026954] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 04/11/2009 - 15:02:16 - [0] ----D- C:\ProgramData\AVS4YOU
O43 - CFD: 30/08/2008 - 12:07:44 - [20] ----D- C:\ProgramData\Azureus
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 12/02/2010 - 14:16:28 - [0] ----D- C:\ProgramData\CasualForge
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 30/09/2009 - 13:06:58 - [0] ----D- C:\ProgramData\Electronic Arts
O43 - CFD: 20/01/2009 - 19:56:50 - [0] ----D- C:\ProgramData\eMule
O43 - CFD: 07/03/2008 - 20:01:00 - [15058] ----D- C:\ProgramData\Farm Frenzy
O43 - CFD: 08/08/2009 - 14:13:26 - [26993] ----D- C:\ProgramData\FarmFrenzy-PizzaParty
O43 - CFD: 09/03/2009 - 15:44:14 - [268] ----D- C:\ProgramData\FarmFrenzy2
O43 - CFD: 16/01/2010 - 22:55:14 - [37954] ----D- C:\ProgramData\FarmFrenzy3
O43 - CFD: 09/06/2010 - 21:13:08 - [36892] ----D- C:\ProgramData\FarmFrenzy3_America
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 28/06/2010 - 20:50:30 - [128005] ----D- C:\ProgramData\Fenomen Games
O43 - CFD: 23/01/2009 - 21:51:58 - [612650] ----D- C:\ProgramData\FreshGames
O43 - CFD: 11/08/2011 - 17:15:56 - [64946584] ----D- C:\ProgramData\Fugazo
O43 - CFD: 02/03/2009 - 17:06:12 - [126151] ----D- C:\ProgramData\GameHouse
O43 - CFD: 15/02/2010 - 17:59:40 - [27147063] ----D- C:\ProgramData\GoBit Games
O43 - CFD: 18/08/2009 - 16:20:18 - [30320397] ----D- C:\ProgramData\Gogii
O43 - CFD: 21/06/2011 - 02:43:26 - [526512] ----D- C:\ProgramData\Google
O43 - CFD: 24/08/2009 - 16:21:12 - [14045] ----D- C:\ProgramData\Google Updater
O43 - CFD: 21/01/2008 - 13:44:36 - [1372299] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 20/03/2009 - 17:59:28 - [634908] ----D- C:\ProgramData\HipSoft
O43 - CFD: 21/01/2008 - 13:57:58 - [2578037] ----D- C:\ProgramData\HP
O43 - CFD: 06/06/2011 - 04:59:18 - [768] ----D- C:\ProgramData\HP Product Assistant
O43 - CFD: 21/01/2008 - 13:52:34 - [0] ----D- C:\ProgramData\HPSSUPPLY
O43 - CFD: 19/04/2010 - 13:00:56 - [633192] ----D- C:\ProgramData\incredible express
O43 - CFD: 01/09/2007 - 07:24:58 - [236] ----D- C:\ProgramData\Intel
O43 - CFD: 30/11/2009 - 19:49:06 - [668] ----D- C:\ProgramData\Intenium
O43 - CFD: 23/05/2009 - 21:50:10 - [0] ----D- C:\ProgramData\iWin
O43 - CFD: 02/03/2011 - 22:27:30 - [4673] ----D- C:\ProgramData\JollyBear
O43 - CFD: 18/08/2008 - 18:32:28 - [30426944] ----D- C:\ProgramData\Kaspersky Lab Setup Files
O43 - CFD: 04/01/2011 - 06:52:42 - [50] ----D- C:\ProgramData\Logishrd
O43 - CFD: 12/02/2009 - 22:03:00 - [7169917] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 15/09/2010 - 14:05:12 - [211140] ----D- C:\ProgramData\McAfee
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 05/06/2010 - 05:21:20 - [1484766608] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 12/11/2010 - 06:31:22 - [57028] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 14/01/2008 - 18:25:34 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 19/05/2009 - 17:52:52 - [7170] ----D- C:\ProgramData\MumboJumbo
O43 - CFD: 01/09/2007 - 07:35:10 - [0] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 02/03/2008 - 18:14:24 - [2916] ----D- C:\ProgramData\NannyMania
O43 - CFD: 19/02/2009 - 18:03:18 - [48847] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 23/05/2011 - 17:43:44 - [2260] ----D- C:\ProgramData\NOS
O43 - CFD: 01/09/2007 - 07:40:18 - [1235] ----D- C:\ProgramData\PC-Doctor
O43 - CFD: 05/12/2010 - 21:28:20 - [36159] ----D- C:\ProgramData\PlayFirst
O43 - CFD: 16/09/2009 - 21:19:56 - [7446745] ----D- C:\ProgramData\PlayfulAge
O43 - CFD: 04/01/2011 - 06:55:16 - [697] ----D- C:\ProgramData\Real
O43 - CFD: 01/09/2007 - 07:33:56 - [17110457] ----D- C:\ProgramData\Roxio
O43 - CFD: 17/06/2009 - 17:02:56 - [196] ----D- C:\ProgramData\Sandlot Games
O43 - CFD: 06/03/2008 - 21:00:28 - [1244] ----D- C:\ProgramData\Sonic
O43 - CFD: 26/08/2009 - 20:50:02 - [13894] ----D- C:\ProgramData\SugarGames
O43 - CFD: 30/03/2010 - 18:45:44 - [329] ----D- C:\ProgramData\Sun
O43 - CFD: 23/07/2008 - 17:14:54 - [0] ----D- C:\ProgramData\Symantec
O43 - CFD: 21/03/2008 - 18:15:02 - [0] ---AD- C:\ProgramData\TEMP
O43 - CFD: 02/07/2010 - 21:05:18 - [1618] ----D- C:\ProgramData\The Mirror Mysteries
O43 - CFD: 20/01/2011 - 23:20:08 - [7189686] ----D- C:\ProgramData\Trymedia
O43 - CFD: 28/01/2008 - 19:37:56 - [0] ----D- C:\ProgramData\Valusoft
O43 - CFD: 18/09/2009 - 22:05:40 - [1820] ----D- C:\ProgramData\VirtualFarm
O43 - CFD: 21/01/2008 - 14:00:30 - [240] ----D- C:\ProgramData\WEBREG
O43 - CFD: 23/03/2008 - 11:51:48 - [283918] ----D- C:\ProgramData\Winamp Toolbar
O43 - CFD: 16/01/2008 - 12:54:52 - [224988] ----D- C:\ProgramData\WLInstaller
O43 - CFD: 23/01/2009 - 19:32:54 - [20105102] ----D- C:\ProgramData\Zeal Deluxe
O43 - CFD: 17/02/2009 - 18:19:00 - [754295] ----D- C:\ProgramData\Zylom
O43 - CFD: 29/03/2009 - 21:36:14 - [3350] ----D- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
O43 - CFD: 24/05/2010 - 09:37:10 - [541235] ----D- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
O43 - CFD: 14/09/2009 - 13:26:10 - [1942] ----D- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
O43 - CFD: 28/04/2009 - 07:59:14 - [1942] ----D- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
O43 - CFD: 18/09/2011 - 11:24:36 - [26402624] -S--D- C:\Users\Sarah\AppData\Roaming\Microsoft
O43 - CFD: 30/05/2011 - 17:18:08 - [7594240] ----D- C:\Users\Sarah\AppData\Roaming\Adobe
O43 - CFD: 23/02/2011 - 22:31:04 - [64670] ----D- C:\Users\Sarah\AppData\Roaming\AlawarSouthpoint
O43 - CFD: 03/11/2009 - 18:05:18 - [262741364] ----D- C:\Users\Sarah\AppData\Roaming\Apple Computer
O43 - CFD: 27/06/2009 - 19:31:38 - [0] ----D- C:\Users\Sarah\AppData\Roaming\Ashtons Family Resort
O43 - CFD: 13/05/2008 - 21:18:24 - [0] ----D- C:\Users\Sarah\AppData\Roaming\Atari
O43 - CFD: 14/01/2008 - 18:34:10 - [0] ----D- C:\Users\Sarah\AppData\Roaming\ATI
O43 - CFD: 04/11/2009 - 15:02:16 - [0] ----D- C:\Users\Sarah\AppData\Roaming\AVS4YOU
O43 - CFD: 30/08/2008 - 21:53:26 - [4717000] ----D- C:\Users\Sarah\AppData\Roaming\Azureus
O43 - CFD: 21/05/2009 - 16:07:38 - [8990] ----D- C:\Users\Sarah\AppData\Roaming\BeachPartyCraze
O43 - CFD: 04/10/2010 - 21:43:04 - [12387] ----D- C:\Users\Sarah\AppData\Roaming\BlamGames
O43 - CFD: 04/01/2009 - 12:56:12 - [16841] ----D- C:\Users\Sarah\AppData\Roaming\BloodTies
O43 - CFD: 01/03/2011 - 22:17:28 - [22692] ----D- C:\Users\Sarah\AppData\Roaming\Boolat Games
O43 - CFD: 12/02/2010 - 14:16:28 - [3084] ----D- C:\Users\Sarah\AppData\Roaming\CasualForge
O43 - CFD: 28/07/2008 - 16:34:50 - [0] ----D- C:\Users\Sarah\AppData\Roaming\Comodo
O43 - CFD: 14/01/2008 - 19:40:22 - [8563467] ----D- C:\Users\Sarah\AppData\Roaming\Desperate Housewives
O43 - CFD: 17/09/2011 - 11:56:00 - [199] ----D- C:\Users\Sarah\AppData\Roaming\dvdcss
O43 - CFD: 30/04/2009 - 16:36:46 - [1665] ----D- C:\Users\Sarah\AppData\Roaming\EleFun Games
O43 - CFD: 12/04/2010 - 13:21:56 - [1711066] ----D- C:\Users\Sarah\AppData\Roaming\Farm Mania 2
O43 - CFD: 07/01/2009 - 17:16:36 - [316] ----D- C:\Users\Sarah\AppData\Roaming\funkitron
O43 - CFD: 24/05/2009 - 20:56:08 - [4250] ----D- C:\Users\Sarah\AppData\Roaming\Gaijin Ent
O43 - CFD: 13/08/2009 - 15:55:54 - [955] ----D- C:\Users\Sarah\AppData\Roaming\GameInvest
O43 - CFD: 27/02/2009 - 22:09:58 - [1090] ----D- C:\Users\Sarah\AppData\Roaming\Gamelab
O43 - CFD: 26/08/2010 - 22:06:38 - [12648] ----D- C:\Users\Sarah\AppData\Roaming\GamesCafe
O43 - CFD: 31/08/2009 - 16:31:48 - [7022] ----D- C:\Users\Sarah\AppData\Roaming\GOL_byHasbro
O43 - CFD: 16/01/2008 - 12:47:20 - [0] ----D- C:\Users\Sarah\AppData\Roaming\Google
O43 - CFD: 21/02/2011 - 17:53:24 - [169] ----D- C:\Users\Sarah\AppData\Roaming\gtk-2.0
O43 - CFD: 14/01/2008 - 18:34:30 - [1224768] ----D- C:\Users\Sarah\AppData\Roaming\Hewlett-Packard
O43 - CFD: 21/01/2008 - 14:14:44 - [190092] ----D- C:\Users\Sarah\AppData\Roaming\HP
O43 - CFD: 21/01/2008 - 13:52:26 - [65536] ----D- C:\Users\Sarah\AppData\Roaming\HPAppData
O43 - CFD: 06/02/2011 - 21:37:40 - [156731] ----D- C:\Users\Sarah\AppData\Roaming\Identities
O43 - CFD: 25/09/2008 - 14:05:20 - [0] ----D- C:\Users\Sarah\AppData\Roaming\InstallShield
O43 - CFD: 23/05/2009 - 21:50:10 - [9198] ----D- C:\Users\Sarah\AppData\Roaming\iWin
O43 - CFD: 20/01/2008 - 13:44:36 - [10327] ----D- C:\Users\Sarah\AppData\Roaming\Jane s Hotel
O43 - CFD: 01/02/2011 - 18:37:26 - [53332] ----D- C:\Users\Sarah\AppData\Roaming\Jane s Hotel 3
O43 - CFD: 15/07/2009 - 15:52:42 - [18774] ----D- C:\Users\Sarah\AppData\Roaming\Janes_Realty
O43 - CFD: 11/12/2010 - 23:11:00 - [2263491] ----D- C:\Users\Sarah\AppData\Roaming\Juniper Networks
O43 - CFD: 14/01/2008 - 18:31:58 - [196634] ----D- C:\Users\Sarah\AppData\Roaming\Macromedia
O43 - CFD: 12/02/2009 - 22:03:06 - [659335] ----D- C:\Users\Sarah\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 14:37:36 - [0] ----D- C:\Users\Sarah\AppData\Roaming\Media Center Programs
O43 - CFD: 30/11/2009 - 15:21:44 - [34575537] ----D- C:\Users\Sarah\AppData\Roaming\Mozilla
O43 - CFD: 18/01/2008 - 00:19:52 - [5632] ----D- C:\Users\Sarah\AppData\Roaming\muvee Technologies
O43 - CFD: 19/01/2009 - 20:17:48 - [6558] ----D- C:\Users\Sarah\AppData\Roaming\My Games
O43 - CFD: 17/12/2009 - 20:06:20 - [2593629] ----D- C:\Users\Sarah\AppData\Roaming\My Stitch
O43 - CFD: 28/10/2009 - 18:46:12 - [1169] ----D- C:\Users\Sarah\AppData\Roaming\MysteryStudio
O43 - CFD: 05/12/2010 - 21:28:20 - [5691278] ----D- C:\Users\Sarah\AppData\Roaming\PlayFirst
O43 - CFD: 04/01/2011 - 06:55:20 - [129190] ----D- C:\Users\Sarah\AppData\Roaming\Real
O43 - CFD: 22/03/2008 - 16:45:00 - [1057408] ----D- C:\Users\Sarah\AppData\Roaming\Roxio
O43 - CFD: 28/02/2008 - 19:09:24 - [15] ----D- C:\Users\Sarah\AppData\Roaming\Sandlot Games
O43 - CFD: 30/09/2009 - 16:25:42 - [5388098] ----D- C:\Users\Sarah\AppData\Roaming\Saved Games
O43 - CFD: 10/01/2009 - 12:59:28 - [2693] ----D- C:\Users\Sarah\AppData\Roaming\Skip-Bo
O43 - CFD: 29/11/2010 - 22:18:00 - [102425194] ----D- C:\Users\Sarah\AppData\Roaming\SulusGames
O43 - CFD: 16/01/2008 - 13:08:26 - [8704] ----D- C:\Users\Sarah\AppData\Roaming\Template
O43 - CFD: 25/02/2011 - 11:45:32 - [705795] ----D- C:\Users\Sarah\AppData\Roaming\Uniblue
O43 - CFD: 04/03/2009 - 17:26:46 - [3267] ----D- C:\Users\Sarah\AppData\Roaming\UNOUndercover
O43 - CFD: 28/01/2008 - 19:37:56 - [3294] ----D- C:\Users\Sarah\AppData\Roaming\Valusoft
O43 - CFD: 14/01/2009 - 17:49:58 - [12560] ----D- C:\Users\Sarah\AppData\Roaming\ViquaSoft
O43 - CFD: 21/07/2010 - 21:39:28 - [32608] ----D- C:\Users\Sarah\AppData\Roaming\Virtual City
O43 - CFD: 11/12/2010 - 18:04:18 - [447372] ----D- C:\Users\Sarah\AppData\Roaming\vlc
O43 - CFD: 30/05/2011 - 17:18:12 - [657944] ----D- C:\Users\Sarah\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 18/01/2008 - 18:47:02 - [0] ----D- C:\Users\Sarah\AppData\Roaming\WinRAR
O43 - CFD: 30/04/2010 - 19:02:52 - [63051] ----D- C:\Users\Sarah\AppData\Roaming\World-LooM
O43 - CFD: 20/01/2011 - 23:20:54 - [1622876] ----D- C:\Users\Sarah\AppData\Roaming\YoudaGames
O43 - CFD: 06/01/2009 - 22:12:44 - [3921] ----D- C:\Users\Sarah\AppData\Roaming\YTHE
O43 - CFD: 06/02/2011 - 21:37:38 - [268290] ----D- C:\Users\Sarah\AppData\Roaming\Zylom
O43 - CFD: 15/04/2009 - 21:04:56 - [1338] ----D- C:\Users\Sarah\AppData\Roaming\Zylom DressUpRush
O43 - CFD: 18/11/2009 - 18:46:24 - [8172] ----D- C:\Users\Sarah\AppData\Roaming\Zylom JanesZOO
O43 - CFD: 25/02/2011 - 12:32:24 - [12800854638] ----D- C:\Users\Sarah\AppData\Local\Microsoft
O43 - CFD: 02/09/2011 - 13:25:58 - [15539085] ----D- C:\Users\Sarah\AppData\Local\Adobe
O43 - CFD: 21/04/2009 - 07:47:06 - [0] ----D- C:\Users\Sarah\AppData\Local\Apple
O43 - CFD: 28/09/2010 - 21:17:52 - [130533672] ----D- C:\Users\Sarah\AppData\Local\Apple Computer
O43 - CFD: 14/01/2008 - 18:29:02 - [0] -SH-D- C:\Users\Sarah\AppData\Local\Application Data
O43 - CFD: 17/02/2010 - 17:15:20 - [2206130] ----D- C:\Users\Sarah\AppData\Local\Astar Games
O43 - CFD: 14/01/2008 - 18:34:10 - [37131] ----D- C:\Users\Sarah\AppData\Local\ATI
O43 - CFD: 16/01/2009 - 15:30:50 - [32774111] ----D- C:\Users\Sarah\AppData\Local\eMule
O43 - CFD: 06/05/2011 - 16:20:32 - [165017] ----D- C:\Users\Sarah\AppData\Local\FujiFilm
O43 - CFD: 20/09/2009 - 10:24:54 - [487420] ----D- C:\Users\Sarah\AppData\Local\FullTiltPoker
O43 - CFD: 04/11/2009 - 14:31:02 - [1610450] ----D- C:\Users\Sarah\AppData\Local\Geckofx
O43 - CFD: 21/06/2011 - 02:43:28 - [15039141] ----D- C:\Users\Sarah\AppData\Local\Google
O43 - CFD: 21/05/2009 - 20:50:52 - [0] ----D- C:\Users\Sarah\AppData\Local\Greyfirst
O43 - CFD: 14/01/2008 - 18:34:22 - [2481] ----D- C:\Users\Sarah\AppData\Local\Hewlett-Packard
O43 - CFD: 14/01/2008 - 18:29:02 - [0] -SH-D- C:\Users\Sarah\AppData\Local\Historique
O43 - CFD: 21/01/2008 - 14:16:44 - [61581337] ----D- C:\Users\Sarah\AppData\Local\HP
O43 - CFD: 02/03/2011 - 22:27:30 - [0] ----D- C:\Users\Sarah\AppData\Local\JollyBear
O43 - CFD: 17/10/2008 - 21:22:20 - [1362650] ----D- C:\Users\Sarah\AppData\Local\Microsoft Games
O43 - CFD: 13/02/2008 - 11:34:12 - [0] ----D- C:\Users\Sarah\AppData\Local\Microsoft Help
O43 - CFD: 25/07/2008 - 08:21:30 - [847624901] ----D- C:\Users\Sarah\AppData\Local\Mozilla
O43 - CFD: 04/11/2009 - 14:30:58 - [0] ----D- C:\Users\Sarah\AppData\Local\OpenCandy
O43 - CFD: 25/02/2011 - 11:45:06 - [0] ----D- C:\Users\Sarah\AppData\Local\PackageAware
O43 - CFD: 13/02/2008 - 11:37:44 - [285696] ----D- C:\Users\Sarah\AppData\Local\Seven Zip
O43 - CFD: 18/09/2011 - 11:24:18 - [7561150] ----D- C:\Users\Sarah\AppData\Local\Temp
O43 - CFD: 14/01/2008 - 18:29:02 - [0] -SH-D- C:\Users\Sarah\AppData\Local\Temporary Internet Files
O43 - CFD: 20/10/2009 - 18:31:56 - [9236] ----D- C:\Users\Sarah\AppData\Local\TimeParadox
O43 - CFD: 14/01/2008 - 21:29:16 - [316501865] ----D- C:\Users\Sarah\AppData\Local\VirtualStore
O43 - CFD: 23/03/2008 - 11:53:32 - [15966] ----D- C:\Users\Sarah\AppData\Local\Winamp Toolbar
O43 - CFD: 30/05/2008 - 23:43:12 - [2108120] ----D- C:\Users\Sarah\AppData\Local\Xenocode
O43 - CFD: 15/02/2011 - 13:30:20 - [406468876] ----D- C:\Users\Sarah\AppData\Local\Zylom Games
~ Scan Program Folder in 00mn 09s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D073967DC4E9664D39AFD13E50B30639] - 18/09/2011 - 03:51:48 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1533329]
O44 - LFC:[MD5.0844428856FA3D0FB53BDBD567ECC815] - 18/09/2011 - 03:47:22 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.2D64A0D98D626FFA7E5D646065EA843B] - 17/09/2011 - 19:28:25 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1470810]
O44 - LFC:[MD5.654A4D55A68BB2688209178A328BA52A] - 17/09/2011 - 19:28:25 ---A- . (...) -- C:\Windows\system32\perfc009.dat [101052]
O44 - LFC:[MD5.FB04FA52911D9D08898407DC6D7EFB87] - 17/09/2011 - 19:28:25 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123350]
O44 - LFC:[MD5.93480F09985F0CDA49D9EEF3DF182115] - 17/09/2011 - 19:28:25 ---A- . (...) -- C:\Windows\system32\perfh009.dat [586980]
O44 - LFC:[MD5.C0ECF3BA0E6EE5D402CB64E457373225] - 17/09/2011 - 19:28:25 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [669328]
O44 - LFC:[MD5.B412A5393E9BF796D97B12E0BDD1E12A] - 14/09/2011 - 07:29:58 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [404640]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 08/09/2011 - 16:53:24 ---A- . (...) -- C:\Windows\system32\config.nt [2577]
O44 - LFC:[MD5.701A5948B60452EF6CF06C2900C3B9EA] - 06/09/2011 - 21:45:29 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [41184]
O44 - LFC:[MD5.37CCBB62A3D8FE3903CD2CBFC711895C] - 06/09/2011 - 21:45:29 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\system32\aswBoot.exe [199304]
O44 - LFC:[MD5.CAA846E9C83836BDC3D2D700C678DB65] - 06/09/2011 - 21:38:05 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [442200]
O44 - LFC:[MD5.748AE7F2D7DA33ADB063FE05704A9969] - 06/09/2011 - 21:37:53 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [320856]
O44 - LFC:[MD5.36239E24470A3DD81FAE37510953CC6C] - 06/09/2011 - 21:36:38 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [34392]
O44 - LFC:[MD5.CA9925CE1DBD07FFE1EB357752CF5577] - 06/09/2011 - 21:36:36 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [52568]
O44 - LFC:[MD5.4804753A4EC7D67CC22D226BFFD1C1E3] - 06/09/2011 - 21:36:26 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\system32\drivers\aswMonFlt.sys [54616]
O44 - LFC:[MD5.C47623FFD181A1E7D63574DDE2A0A711] - 06/09/2011 - 21:36:12 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20568]
~ Scan Files in 00mn 07s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:44

Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.30D67354E04FFF3D6C36BBB7D04DBD3E] - 02/09/2011 - 04:47:08 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf
O45 - LFCP:[MD5.3D5EC6024550959AB786EF715BA5EC18] - 02/09/2011 - 04:47:09 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf
O45 - LFCP:[MD5.C0232AD44B7397497E5BFBB9622EB7E5] - 02/09/2011 - 10:24:29 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf
O45 - LFCP:[MD5.C8CCD1521EE51E55D0D3E418A21454B1] - 02/09/2011 - 19:26:52 ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
O45 - LFCP:[MD5.2A16A69D8C6A2408CDFE25A89803D2BF] - 02/09/2011 - 19:35:56 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf
O45 - LFCP:[MD5.0236CB7C82F16A0B4429842D19666EC7] - 04/05/2010 - 03:49:13 ---A- - C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-42767AE9.pf
O45 - LFCP:[MD5.5980F7FD2BB9337DD88614EB170C1FDE] - 05/01/2011 - 03:51:06 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf
O45 - LFCP:[MD5.C9797305A436CE7F1BD9739C255F3551] - 05/09/2011 - 09:38:42 ---A- - C:\Windows\Prefetch\EMULE.EXE-A2B3F731.pf
O45 - LFCP:[MD5.5747BC5AEB6D276BDDD4B7B268D7E071] - 06/02/2011 - 03:52:00 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf
O45 - LFCP:[MD5.0FD5661FD3242C0379AA508A480DADC0] - 09/02/2010 - 09:55:00 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf
O45 - LFCP:[MD5.19979C8953D155001513BBACDF4C267E] - 13/12/2009 - 09:58:06 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf
O45 - LFCP:[MD5.552DC2E70B5D9172E17C53339B40EB9F] - 14/01/2008 - 04:37:31 ---A- - C:\Windows\Prefetch\layout.ini
O45 - LFCP:[MD5.C2AF57B94F070E1EC9502F45CEA00EC9] - 15/09/2011 - 10:58:45 ---A- - C:\Windows\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-43313B7C.pf
O45 - LFCP:[MD5.0273CF6181F4E3F815498E587DBF5E34] - 16/04/2009 - 09:48:28 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.A06F31A02A291B0E684299FCA05283F9] - 16/04/2009 - 09:48:28 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.2724CFEDE45FD33AA48445BBFED7DE60] - 16/04/2009 - 09:48:28 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.011A2BF2B3FCA5E7F09A943A03CA90E6] - 16/04/2009 - 09:48:29 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.49DB69D9DAFF3486414595413A76D3B8] - 16/04/2009 - 19:36:12 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.80C339BAAF91EB7295A12F09C5A382A5] - 17/04/2009 - 03:48:28 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.FD56C1F4524886A4E3DD240FFB873491] - 17/04/2009 - 03:48:28 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf
O45 - LFCP:[MD5.DE30B356117F9F26E0E600EC175A0A96] - 17/04/2009 - 03:49:12 ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf
O45 - LFCP:[MD5.D35792FCAE71339F8A5CC52FB3D25BC9] - 17/04/2009 - 03:49:59 ---A- - C:\Windows\Prefetch\HPHC_SERVICE.EXE-B8B935C8.pf
O45 - LFCP:[MD5.2F1E2A798FD1B01755DC57FF7EEE4696] - 17/04/2009 - 03:50:54 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
O45 - LFCP:[MD5.7F234ADEBCB04A7644AFD62D71327D12] - 17/04/2009 - 03:51:46 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf
O45 - LFCP:[MD5.0E876009B46986EC56FAA35F9812A4C4] - 17/04/2009 - 03:51:54 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf
O45 - LFCP:[MD5.05F3B27C61E658C625BEB46D6A66FC5E] - 17/04/2009 - 04:00:48 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf
O45 - LFCP:[MD5.83695F0D180140D2521F68BD6F12EC33] - 17/04/2009 - 10:02:45 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf
O45 - LFCP:[MD5.7117721B03551464B346199FFB6486F5] - 17/04/2009 - 10:06:32 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-2DE769BF.pf
O45 - LFCP:[MD5.3EC306D9F297F7318BA9B23E98DC2D65] - 17/04/2009 - 10:21:35 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf
O45 - LFCP:[MD5.BF38517C60B7C2253677D0DE90DFE099] - 17/04/2009 - 10:22:54 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf
O45 - LFCP:[MD5.75FFC9B5193BB55F37B625419347C1B2] - 17/04/2009 - 10:24:34 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf
O45 - LFCP:[MD5.73620330E09BDB833D1C4D2805641C50] - 17/04/2009 - 10:25:07 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
O45 - LFCP:[MD5.625A7364B3B7AF0D6BE0BF79829B7DAF] - 17/09/2011 - 03:48:28 ---A- - C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf
O45 - LFCP:[MD5.66C41237A098267E7FA1DE006B55136B] - 17/09/2011 - 03:49:49 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-9F9006D5.pf
O45 - LFCP:[MD5.7E8BF609D558739578EF3432724A05C7] - 17/09/2011 - 03:52:12 ---A- - C:\Windows\Prefetch\FLASHUTIL10W_ACTIVEX.EXE-E45A09B4.pf
O45 - LFCP:[MD5.E9CC017441C7AFE799D267459751C636] - 17/09/2011 - 09:58:13 ---A- - C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf
O45 - LFCP:[MD5.ACEA5403F1DE3F5C2CA672AA2CA1A81D] - 17/09/2011 - 10:05:26 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf
O45 - LFCP:[MD5.80B23203C6D7487A7E77DC9D02690BB8] - 17/09/2011 - 12:00:32 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf
O45 - LFCP:[MD5.7477A08799B336F07FB99D21D4AB5ECC] - 17/09/2011 - 12:01:00 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf
O45 - LFCP:[MD5.2C2560F5B938A94D7115914B79DD5E4A] - 17/09/2011 - 17:11:18 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf
O45 - LFCP:[MD5.49B043BB57765AFECCC60BC965F2BCDB] - 17/09/2011 - 17:11:20 ---A- - C:\Windows\Prefetch\LAUNCHER.EXE-9A451F51.pf
O45 - LFCP:[MD5.1D9B4CAEC7F24056D00B8E68465669D3] - 17/09/2011 - 17:11:20 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-E33ED995.pf
O45 - LFCP:[MD5.56D962AFC47E16A31735283ABD052E8B] - 17/09/2011 - 17:11:21 ---A- - C:\Windows\Prefetch\REMIND.EXE-058BA002.pf
O45 - LFCP:[MD5.B7B4288253BFF463E629ACC4DFFC24F7] - 17/09/2011 - 17:11:28 ---A- - C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf
O45 - LFCP:[MD5.CE6DD05C1B30DE333928BEEB37F4A074] - 17/09/2011 - 17:11:28 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf
O45 - LFCP:[MD5.3835B0D2B3EC0C3148038F063A744DD8] - 17/09/2011 - 17:11:28 ---A- - C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf
O45 - LFCP:[MD5.A8F96BDCF72B71A920A8149EED4D3569] - 17/09/2011 - 19:36:11 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
O45 - LFCP:[MD5.AE4C119AA34B7DB94ED1F8EA31B20D5B] - 18/09/2011 - 03:48:28 ---A- - C:\Windows\Prefetch\WINCAL.EXE-468711D0.pf
O45 - LFCP:[MD5.9514FC4A09CD24E31CBD9A7FFCA90675] - 18/09/2011 - 03:48:42 ---A- - C:\Windows\Prefetch\CCC.EXE-ECD4BD27.pf
O45 - LFCP:[MD5.6F401C0933BF39A15129631C9B124919] - 18/09/2011 - 03:49:20 ---A- - C:\Windows\Prefetch\CONIME.EXE-B273009A.pf
O45 - LFCP:[MD5.30198BC2D8DD5C4C4B5A1FAF84934316] - 18/09/2011 - 04:47:08 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf
O45 - LFCP:[MD5.66D7CD11E17FB2DB8A86B7B1B7685C66] - 18/09/2011 - 04:47:23 ---A- - C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf
O45 - LFCP:[MD5.E7D5936A8870DA4115047BEA840B6869] - 18/09/2011 - 08:23:04 ---A- - C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf
O45 - LFCP:[MD5.F92BD1FE91660479AD9C082F3881009B] - 18/09/2011 - 08:23:04 ---A- - C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf
O45 - LFCP:[MD5.C96BD1F527E74D12DCD08B9C182642D0] - 18/09/2011 - 09:57:26 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
O45 - LFCP:[MD5.CB3502AB9C1DA3A4ADAEA4C0EA4B69AF] - 18/09/2011 - 09:59:35 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-4346C675.pf
O45 - LFCP:[MD5.FB030493FDEE2D4A1D824949695A3732] - 18/09/2011 - 09:59:38 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-80C0B68F.pf
O45 - LFCP:[MD5.B0B031CFA18323655E89ECDBD19D1BC7] - 18/09/2011 - 09:59:38 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-296E11D8.pf
O45 - LFCP:[MD5.890F919EBBB9EB4341366DD4FDDEE840] - 18/09/2011 - 10:05:47 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-9D0EE457.pf
O45 - LFCP:[MD5.82732AFA5A0C68BF50CC2DAE60A08277] - 18/09/2011 - 10:06:10 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-E4C98DEB.pf
O45 - LFCP:[MD5.27A70E3AB8B50BB264DCF6A2460A8820] - 18/09/2011 - 10:06:26 ---A- - C:\Windows\Prefetch\PV.EXE-8E63E86A.pf
O45 - LFCP:[MD5.EB06A86FD385D9543CD275B6DAF5EA9E] - 18/09/2011 - 10:07:36 ---A- - C:\Windows\Prefetch\LADS.EXE-4CE62B10.pf
O45 - LFCP:[MD5.E027D45596EEFA8F60947E534E30E31A] - 18/09/2011 - 10:07:37 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-AD2C3B41.pf
O45 - LFCP:[MD5.D56046CB5A527C44C76F527BE9ABD48C] - 18/09/2011 - 10:07:38 ---A- - C:\Windows\Prefetch\SETACL.EXE-9E2AE478.pf
O45 - LFCP:[MD5.9980677D55C761C904ACC2AA0FD1ABB1] - 18/09/2011 - 10:10:58 ---A- - C:\Windows\Prefetch\SIGCHECK.EXE-F64F11B9.pf
O45 - LFCP:[MD5.6E75DA5FA924B7B98DFFF17275268521] - 18/09/2011 - 10:13:01 ---A- - C:\Windows\Prefetch\NSLOOKUP.EXE-0E49F32A.pf
O45 - LFCP:[MD5.901508957A29C5021B151AB1DDAE0344] - 18/09/2011 - 10:13:03 ---A- - C:\Windows\Prefetch\MBR.EXE-0F291291.pf
O45 - LFCP:[MD5.2447C822A362E8564E895DFBBE9687CD] - 18/09/2011 - 10:13:06 ---A- - C:\Windows\Prefetch\CMD.EXE-89305D47.pf
O45 - LFCP:[MD5.BAA1AF0C4471F94F4C2851290E51C0F5] - 18/09/2011 - 10:13:06 ---A- - C:\Windows\Prefetch\MBRCHECK.EXE-2EC93C97.pf
O45 - LFCP:[MD5.A6503C25E22CE1BD6065D04F40061DAF] - 18/09/2011 - 10:19:48 ---A- - C:\Windows\Prefetch\WINWORD.EXE-6AC9169C.pf
O45 - LFCP:[MD5.F8139AD78DA094910C758502A5AA4BED] - 18/09/2011 - 10:24:35 ---A- - C:\Windows\Prefetch\SF.BIN-EB5CB2A0.pf
O45 - LFCP:[MD5.EB7B79628766A10BCD19C13586CB12F6] - 19/08/2011 - 19:27:44 ---A- - C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf
O45 - LFCP:[MD5.7901107E8BF549123943B9D1C54BDB50] - 24/05/2011 - 03:49:12 ---A- - C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf
O45 - LFCP:[MD5.1CA3346B3FB27E6A43F9021695C8385A] - 25/02/2011 - 07:49:16 ---A- - C:\Windows\Prefetch\AVAST.SETUP-626813C9.pf
O45 - LFCP:[MD5.5B9A6381FB96985120D9A515A922209D] - 25/04/2011 - 03:48:28 ---A- - C:\Windows\Prefetch\HPRBLOG.EXE-BCFB7141.pf
O45 - LFCP:[MD5.9E3A9D2F9ABF3CFD03C082D4DF7D8D7C] - 25/04/2011 - 03:49:58 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf
O45 - LFCP:[MD5.8C3980157D61693096BFC12E4085614E] - 28/02/2011 - 10:25:07 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
O45 - LFCP:[MD5.A35509B5B00C7F60BE7BFC1B8D0099B5] - 28/04/2009 - 08:56:14 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3301910120-441557304-1892818330-1001.db
O45 - LFCP:[MD5.08E2ABA4AB7A18C3C3F658215E58816B] - 28/04/2009 - 08:56:14 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3301910120-441557304-1892818330-1001.db
O45 - LFCP:[MD5.02ED728C7CCEEA8E77FC7F300DBBC449] - 29/06/2010 - 09:41:49 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf
~ Scan Prefetcher in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{2475e6aa-1b85-11de-845c-001d60727471}\AutoRun\command. (...) -- F:\WD_Windows_Tools\Setup.exe (.not file.)
O51 - MPSK:{262570f8-17b7-11e0-95b7-001d60727471}\AutoRun\command. (...) -- L:\PMBP_Win.exe (.not file.)
O51 - MPSK:{439b6a01-c058-11e0-9c73-001d60727471}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{5eb500b9-f45f-11de-b129-001d60727471}\AutoRun\command - Clé orpheline
O51 - MPSK:{95eb7ce3-831d-11df-8988-001d60727471}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"VIDC.I420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\Windows\system32\i420vfw.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.yv12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\system32\yv12vfw.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=255
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
~ Scan Keys in 00mn 00s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:45

---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 02/11/2006 - 10:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297576]
O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 02/11/2006 - 10:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [98408]
O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 02/11/2006 - 10:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [147048]
O58 - SDL:[MD5.90395B64600EBB4552E26E178C94B2E4] - 02/11/2006 - 10:49:20 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14952]
O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 02/11/2006 - 10:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [67688]
O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 02/11/2006 - 10:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [67688]
O58 - SDL:[MD5.C47623FFD181A1E7D63574DDE2A0A711] - 25/02/2011 - 21:36:12 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20568]
O58 - SDL:[MD5.4804753A4EC7D67CC22D226BFFD1C1E3] - 25/02/2011 - 21:36:26 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [54616]
O58 - SDL:[MD5.36239E24470A3DD81FAE37510953CC6C] - 25/02/2011 - 21:36:38 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [34392]
O58 - SDL:[MD5.CAA846E9C83836BDC3D2D700C678DB65] - 25/02/2011 - 21:38:05 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [442200]
O58 - SDL:[MD5.748AE7F2D7DA33ADB063FE05704A9969] - 25/02/2011 - 21:37:53 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [320856]
O58 - SDL:[MD5.CA9925CE1DBD07FFE1EB357752CF5577] - 25/02/2011 - 21:36:36 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [52568]
O58 - SDL:[MD5.0BC49A61E33053A8FF80E0D0469E055B] - 01/09/2007 - 01:35:38 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [2769408]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.BF79E659C506674C0497CC9C61F1A165] - 01/09/2007 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdr4_xp.sys [2432]
O58 - SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471] - 01/09/2007 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdralw2k.sys [2560]
O58 - SDL:[MD5.45201046C776FFDAF3FC8A0029C581C8] - 02/11/2006 - 10:49:28 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [16488]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.D00EEAE1CACD77A1A8396BBC19140BBA] - 26/03/2009 - 20:25:06 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159744]
O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 02/11/2006 - 08:30:54 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G60I32.sys [117760]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [316520]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 14/09/2009 - 13:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 02/11/2006 - 10:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [37480]
O58 - SDL:[MD5.707C1692214B1C290271067197F075F6] - 25/09/2008 - 16:44:44 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [324120]
O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 02/11/2006 - 10:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [232040]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 02/11/2006 - 10:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [65640]
O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [65640]
O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 02/11/2006 - 10:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [65640]
O58 - SDL:[MD5.0DA6C5E0C8DA6CEBE52DAACFE7AE9DE6] - 09/05/2007 - 20:47:00 ---A- . (.Logitech Inc. - Logitech QuickCam Driver.) -- C:\Windows\system32\drivers\LV302V32.SYS [1276832]
O58 - SDL:[MD5.9E9306063ECD8AA91B3FB76678D3CEE2] - 09/05/2007 - 20:51:34 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41888]
O58 - SDL:[MD5.C2B26AF5DA2E31FD3221D2B21FAE6249] - 26/03/2009 - 14:53:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [19160]
O58 - SDL:[MD5.00C4A0992D4EA5520AC12DB4FD11C3E3] - 25/10/2009 - 14:54:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 02/11/2006 - 10:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [28776]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.E69E946F80C1C31C53003BFBF50CBB7C] - 02/11/2006 - 10:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [88680]
O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 02/11/2006 - 10:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [40040]
O58 - SDL:[MD5.390C204CED3785609AB24E9C52054A84] - 01/09/2007 - 18:27:00 ---A- . (.Hewlett-Packard Company - PS2 SYS.) -- C:\Windows\system32\drivers\PS2.sys [19072]
O58 - SDL:[MD5.49452BFCEC22F36A7A9B9C2181BC3042] - 01/09/2007 - 02:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\Windows\system32\drivers\pxhelp20.sys [43872]
O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 02/11/2006 - 10:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [900712]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.2BC9A7DC40936CA9856E34948701233A] - 01/09/2007 - 11:21:00 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [1793880]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 02/11/2006 - 10:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [38504]
O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 02/11/2006 - 10:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [71784]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.D4FB6ECC60A428564BA8768B0E23C0FC] - 21/03/2011 - 16:36:58 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl.sys [41984]
O58 - SDL:[MD5.FD2E3175FCADA350C7AB4521DCA187EC] - 02/11/2006 - 10:49:30 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17512]
O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 02/11/2006 - 10:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\system32\drivers\vsmraid.sys [112232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC:Last File Created 01/02/2011 - 19:36:01 --HA- C:\Users\Sarah\AppData\Local\IconCache.db [4227718]
O61 - LFC:Last File Created 01/09/2007 - 05:50:08 --HA- C:\Users\IUSR_NMPR\ntuser.dat.LOG1 [262144]
O61 - LFC:Last File Created 05/08/2011 - 03:47:51 ---A- C:\Users\Sarah\AppData\Local\Temp\Sarah.bmp [31832]
O61 - LFC:Last File Created 05/08/2011 - 12:00:25 -SHA- C:\Users\Sarah\AppData\Local\Temp\Cookies\index.dat [16384]
O61 - LFC:Last File Created 05/08/2011 - 12:00:25 -SHA- C:\Users\Sarah\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat [32768]
O61 - LFC:Last File Created 05/08/2011 - 12:00:25 -SHA- C:\Users\Sarah\AppData\Local\Temp\History\History.IE5\index.dat [16384]
O61 - LFC:Last File Created 07/06/2009 - 17:46:45 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\Sims3Logs.xml [3848]
O61 - LFC:Last File Created 07/06/2009 - 17:46:45 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\Thumbnails\ObjectThumbnails.package [54212757]
O61 - LFC:Last File Created 07/06/2009 - 17:46:45 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\compositorCache.package [95726125]
O61 - LFC:Last File Created 07/06/2009 - 17:46:45 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\simCompositorCache.package [523715103]
O61 - LFC:Last File Created 11/12/2010 - 19:36:06 ---A- C:\Users\Sarah\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.ldb [64]
O61 - LFC:Last File Created 12/03/2009 - 03:51:50 ---A- C:\Users\Sarah\AppData\Roaming\Microsoft\IdentityCRL\Production\MetaConfig.xml [163]
O61 - LFC:Last File Created 13/02/2008 - 10:24:15 ---A- C:\Users\Sarah\AppData\Roaming\Microsoft\Office\Word12.pip [1696]
O61 - LFC:Last File Created 14/01/2008 - 03:48:52 ---A- C:\Users\Sarah\AppData\Local\ATI\ACE\Manifest.xml [12631]
O61 - LFC:Last File Created 14/01/2008 - 03:48:53 ---A- C:\Users\Sarah\AppData\Local\ATI\ACE\Manifest.Bin [13836]
O61 - LFC:Last File Created 14/01/2008 - 03:49:17 ---A- C:\Users\Sarah\AppData\Local\ATI\ACE\Profiles.xml [10664]
O61 - LFC:Last File Created 15/09/2011 - 13:41:08 ---A- C:\Users\Sarah\Music\Vidéos films\Films\La.Conquete.2011.FRENCH.DVDRIP.XVID-FwD.By.Cervolix.[emule-island.ru].avi [734301484]
O61 - LFC:Last File Created 15/09/2011 - 20:02:02 ---A- C:\Users\All Users\AVAST Software\Avast\log\AshWebSv.ws.ori [279]
O61 - LFC:Last File Created 16/09/2011 - 17:15:10 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\Saves\Géraldine.sims3.backup [26927333]
O61 - LFC:Last File Created 16/09/2011 - 17:46:30 ---A- C:\Users\Sarah\Documents\Electronic Arts\Les Sims 3\Saves\Géraldine.sims3 [26677404]
O61 - LFC:Last File Created 17/05/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\006.part.met.bak [1057]
O61 - LFC:Last File Created 17/05/2011 - 17:51:14 ---A- C:\Users\Sarah\Downloads\eMule\Temp\006.part [420265984]
O61 - LFC:Last File Created 17/09/2011 - 05:16:14 ---A- C:\Users\All Users\AVAST Software\Avast\log\AshWebSv.ws [0]
O61 - LFC:Last File Created 17/09/2011 - 05:50:08 -SHA- C:\Users\IUSR_NMPR\ntuser.dat [786432]
O61 - LFC:Last File Created 17/09/2011 - 06:11:25 ---A- C:\Users\Sarah\Downloads\eMule\downloads.bak [1386]
O61 - LFC:Last File Created 17/09/2011 - 11:16:02 ---A- C:\Users\All Users\AVAST Software\Avast\db1cb439f97a37888-f6d5a993.dat [24]
O61 - LFC:Last File Created 17/09/2011 - 12:01:25 ---A- C:\Users\Sarah\AppData\Roaming\Adobe\Acrobat\10.0\JSCache\GlobData [22]
O61 - LFC:Last File Created 17/09/2011 - 12:01:25 ---A- C:\Users\Sarah\AppData\Roaming\Adobe\Acrobat\10.0\JSCache\GlobSettings [24]
O61 - LFC:Last File Created 18/09/2011 - 03:51:45 ---A- C:\Users\Sarah\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog [0]
O61 - LFC:Last File Created 18/09/2011 - 09:38:34 ---A- C:\Users\Sarah\Downloads\eMule\downloads.txt [1386]
O61 - LFC:Last File Created 18/09/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\002.part.met [1185]
O61 - LFC:Last File Created 18/09/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\003.part.met [1185]
O61 - LFC:Last File Created 18/09/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\006.part.met [1057]
O61 - LFC:Last File Created 18/09/2011 - 09:59:38 ---A- C:\Users\Sarah\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm [3704]
O61 - LFC:Last File Created 19/02/2009 - 10:55:58 ---A- C:\Users\Sarah\AppData\Roaming\dvdcss\CACHEDIR.TAG [199]
O61 - LFC:Last File Created 24/06/2011 - 19:36:06 ---A- C:\Users\Sarah\AppData\Local\Temp\MainFrame.Log.txt [3076]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\EmailShield.txt [38183]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\FileSystemShield.txt [38836]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\IMShield.txt [38183]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\NetworkShield.txt [38183]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\P2PShield.txt [39885]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\ScriptShield.txt [38183]
O61 - LFC:Last File Created 25/02/2011 - 03:47:30 ---A- C:\Users\All Users\AVAST Software\Avast\report\WebShield.txt [39701]
O61 - LFC:Last File Created 25/02/2011 - 03:47:53 ---A- C:\Users\All Users\AVAST Software\Avast\report\BehaviorShield.txt [215513]
O61 - LFC:Last File Created 25/02/2011 - 10:05:02 ---A- C:\Users\All Users\AVAST Software\Avast\Log.db [78848]
O61 - LFC:Last File Created 25/02/2011 - 10:13:07 ---A- C:\Users\All Users\AVAST Software\Avast\URL.db [724992]
O61 - LFC:Last File Created 25/02/2011 - 10:17:16 ---A- C:\Users\All Users\AVAST Software\Avast\db1c856c984c95852-6ab7481e.dat [3594504]
O61 - LFC:Last File Created 25/02/2011 - 10:24:33 ---A- C:\Users\All Users\AVAST Software\Avast\snx_lconfig.xml [446]
O61 - LFC:Last File Created 25/02/2011 - 12:00:46 ---A- C:\Users\Sarah\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl [898]
O61 - LFC:Last File Created 25/02/2011 - 12:00:46 ---A- C:\Users\Sarah\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl [35779]
O61 - LFC:Last File Created 26/07/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\002.part.met.bak [1185]
O61 - LFC:Last File Created 26/07/2011 - 09:50:25 ---A- C:\Users\Sarah\Downloads\eMule\Temp\003.part.met.bak [1185]
O61 - LFC:Last File Created 26/07/2011 - 18:51:02 ---A- C:\Users\Sarah\Downloads\eMule\Temp\002.part [420689920]
~ Scan Files in 01mn 45s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 06/09/2011 - C:\Windows\system32\drivers\aswMonFlt.sys - aswMonFlt(aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - ??/??/???? - C:\Users\Sarah\AppData\Local\Temp\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME
~ Scan Services in 00mn 01s



---\\ Liste des fichiers non signés (O65)
O65 - LUF:25/05/2004 (.Pas de propriétaire - AC3Filter.) (1.01a) - c:\windows\system32\ac3filter.ax
O65 - LUF:13/12/2006 (.Pas de propriétaire - CddbFileTagger Module.) (2, 0, 0, 3) - c:\windows\system32\CddbFileTaggerRoxio.dll
O65 - LUF:13/12/2006 (.Pas de propriétaire - CddbPlaylist2 Module.) (2, 4, 1, 9) - c:\windows\system32\CddbPlaylist2Roxio.dll
O65 - LUF:16/08/2006 (.Pas de propriétaire - .) (1, 2, 0, 575) - c:\windows\system32\CoreAAC.ax
O65 - LUF:23/09/2006 (.Pas de propriétaire - PyWin32.) (2.5.210.0) - c:\windows\system32\pythoncom25.dll
O65 - LUF:23/09/2006 (.Pas de propriétaire - PyWin32.) (2.5.210.0) - c:\windows\system32\pywintypes25.dll
O65 - LUF:28/09/2004 (.Pas de propriétaire - .) (1.0.0.0) - c:\windows\system32\radevcl.bpl
O65 - LUF:23/09/2004 (.Pas de propriétaire - .) (1.0.0.0) - c:\windows\system32\ThemeManagerC6.bpl
O65 - LUF:23/09/2004 (.Pas de propriétaire - .) (1.0.0.0) - c:\windows\system32\VirtualTreeViewC6.bpl
~ Scan Sigcheck in 08mn 57s
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 10:46

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639
O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://tbsearch.ask.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9C8074B6-7B6B-4EE6-8448-AAF83A23DD22} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {B0967535-ECAC-4630-B4BE-376FA699A124} - (Yahoo! France) - http://fr.search.yahoo.com
~ Scan Keys in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.A6C18EAEE88228169764D8BB2EA39B8F] [SPRF][26/03/2009] (...) -- C:\Users\Sarah\AppData\Local\iycmi.bat [88]
[MD5.D0313FE25C02FD1E07BF80E79DE1718E] [SPRF][12/02/2009] (...) -- C:\Users\Sarah\AppData\Local\rvalptg.bat [90]
[MD5.CBE5295F531FE8A59FA741250BE30865] [SPRF][23/07/2008] (...) -- C:\Users\Sarah\Desktop\antivir_workstation_winu_en_h.exe [25049240]
[MD5.D59F24B86431EEB25281BCE7817783F1] [SPRF][15/11/2010] (.Pas de propriétaire - Audacity Setup.) -- C:\Users\Sarah\Desktop\audacity-win-1.2.6.exe [2228534]
[MD5.B8F465616861BD66FA4F1239FDAD9F08] [SPRF][30/04/2009] (.Electronic Arts - Autorun Application.) -- C:\Users\Sarah\Desktop\Autorun.exe [54544]
[MD5.44593B21F369C879E94437ED62222859] [SPRF][07/11/2009] (.Piriform Ltd - CCleaner Installer.) -- C:\Users\Sarah\Desktop\ccsetup225_slim.exe [1067856]
[MD5.BCA11B7E7F05B428E5D096FCED90B03B] [SPRF][24/07/2008] (.COMODO - COMODO Firewall Installer.) -- C:\Users\Sarah\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe [19564288]
[MD5.37C4EDFB87F6BAC764910A0745B681A3] [SPRF][04/01/2011] (...) -- C:\Users\Sarah\Desktop\Elf_1.exe [2485584]
[MD5.CFE340BAB437D912A7FC7DB1A545DCE0] [SPRF][27/12/2008] (...) -- C:\Users\Sarah\Desktop\eMule0.49b-Installer1.exe [3231826]
[MD5.28CD7E4F65E737F59F7EB2EDAF35DC1F] [SPRF][17/12/2009] (.Mozilla - Firefox.) -- C:\Users\Sarah\Desktop\Firefox Setup 3.5.6.exe [8143344]
[MD5.F51971D87D5839DE0499FA20FF54D92B] [SPRF][05/01/2010] (.Greentube AG - Ski Challenge 2010 (FTV).) -- C:\Users\Sarah\Desktop\FR-SkiChallenge10.exe [40187520]
[MD5.E8269245566BE948F6A219135B434160] [SPRF][04/04/2009] (.Trend Micro Inc. - HijackThis.) -- C:\Users\Sarah\Desktop\HiJackThis.exe [401720]
[MD5.C60983BC8885FF55F666F7BB626441A6] [SPRF][14/04/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r153.) -- C:\Users\Sarah\Desktop\install_flash_player.exe [2833568]
[MD5.626330E517187B37226EE7C73A653E6D] [SPRF][19/07/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r181.) -- C:\Users\Sarah\Desktop\install_flash_player_ax.exe [3124384]
[MD5.79CA0CD09F089FC68F5393AE2EFF64AB] [SPRF][25/01/2011] (.Apple Inc. - iTunes Installer.) -- C:\Users\Sarah\Desktop\iTunesSetup (1).exe [81876264]
[MD5.CE495BB9B9AF04340D5D484AC3F29C2A] [SPRF][03/11/2009] (.Apple Inc. - iTunes Installer.) -- C:\Users\Sarah\Desktop\iTunesSetup.exe [93226280]
[MD5.866E72C78E98CA4919CD16724A3BD4C1] [SPRF][24/10/2009] (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Users\Sarah\Desktop\mbam-setup.exe [4045528]
[MD5.D5F4AB6063B3B3795B1C0F0CF30C7DFB] [SPRF][01/02/2009] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\Sarah\Desktop\msicuu2.exe [359656]
[MD5.E8269245566BE948F6A219135B434160] [SPRF][04/04/2009] (.Trend Micro Inc. - HijackThis.) -- C:\Users\Sarah\Desktop\Sarah.exe [401720]
[MD5.DBB952921D1745486F0DF8512540E54B] [SPRF][06/09/2010] (.Pas de propriétaire - AVAST Software Setup Engine.) -- C:\Users\Sarah\Desktop\setup_av_free_fre.exe [49513448]
[MD5.E230F3DCD78E462DBF1DD538FC70FF2A] [SPRF][26/03/2009] (.Microsoft Corporation - Self Extracting Stub.) -- C:\Users\Sarah\Desktop\Windows6.0-KB936330-X86-wave0.exe [455611504]
[MD5.169F4C5A54AABECEFE123919C28E12C0] [SPRF][11/09/2010] (.Pas de propriétaire - Weight Watchers Points Calculator Setup.) -- C:\Users\Sarah\Desktop\WWPC-Setup.exe [414440]
[MD5.DD3975246D8928C04549B31B6B49434F] [SPRF][24/03/2008] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1527056]
[MD5.C86E26B3238837484F69273648DD3BEE] [SPRF][16/06/2010] (.IPLabs GmbH - JordanApplet http file uploader.) -- C:\Windows\Downloaded Program Files\JordanApplet.dll [3237328]
[MD5.7B995B40BAA728B52BE7951A08DCA153] [SPRF][05/05/2010] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [398704]
[MD5.DC38B1B71CB7FF8F4241333B9EC84F03] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfbmp13n.dll [57344]
[MD5.6CBA9ECE3186ADEAE144A79E3AC769FE] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfcmp13n.dll [401408]
[MD5.BDD316D6479220B8FA2A911262898640] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfeps13n.dll [65536]
[MD5.8B83DC9053B8164731B15AF455CBD9A9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lffax13n.dll [98304]
[MD5.A63B94BB949D5E836F144A0A754E5451] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfgif13n.dll [69632]
[MD5.1E1FDE2FF4B0197EF8A36259244CF142] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcd13n.dll [49152]
[MD5.9D9CA493D0864DF83D282E2393FE5825] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcx13n.dll [53248]
[MD5.AD6D6FAC370748775FB9FB33A398BFF9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpng13n.dll [159744]
[MD5.4A3A0CE4ED63580116A7354E06B42CDF] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpsd13n.dll [55808]
[MD5.BBBE68D622945FF8BC9CE847975B2389] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftga13n.dll [53248]
[MD5.333F810C00745C05EDF17D6580A4601E] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftif13n.dll [155648]
[MD5.E220815EECAD443CDAE2E0C221E51105] [SPRF][15/12/2009] (.IPLabs GmbH - ImageMagick Wrapper DLL.) -- C:\Windows\Downloaded Program Files\libwrpmag.dll [2994176]
[MD5.9788C72C2EC7011E6CC40CFDD5CE2251] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltclr13n.dll [1693696]
[MD5.55D16BEB62D0B6C54CE315F7063FA7A1] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltdis13n.dll [299008]
[MD5.F56BA445D7D36EB4DDBFE4477BAD594D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltefx13n.dll [206336]
[MD5.BF1727ED495670881E18E346D162CA3D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltfil13n.dll [163840]
[MD5.209B65395E75CD957E14B8EC3C742A7B] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltimg13n.dll [450560]
[MD5.CEFC7E62D25BDC3A4501062718D0A65F] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltkrn13n.dll [462848]
[MD5.A0F541D9D2CACEEC7A4A378CD0C31626] [SPRF][20/11/2006] (.Microsoft® Corporation - MSN Photo Upload Tool.) -- C:\Windows\Downloaded Program Files\MsnPUpld.dll [543544]
[MD5.4690A678A1EC998100506D9A5809181A] [SPRF][20/11/2006] (.Eastman Kodak - PCDLIB32.) -- C:\Windows\Downloaded Program Files\pcdlib32.dll [212480]
[MD5.732CACA8E848F6E721B093E51FC50B1D] [SPRF][09/01/2007] (.Microsoft® Corporation - Outil MSN Téléchargement de photos.) -- C:\Windows\Downloaded Program Files\PURfr-fr.dll [110592]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Scan Files in 00mn 18s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{EF6CA61F-9863-45F4-8549-FD48443B7E7E}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{0AB6ED54-0E52-40D4-9621-20AB7D749574}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}" | In - Public - P6 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}" | In - Public - P17 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "TCP Query User{6917B577-D2E6-48FD-A28A-3BA24F474421}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{07CEEEFA-CE9C-495D-84EE-FBC78E3FC9A3}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{63327458-4334-489F-B353-AA1E2EB99486}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\Orb.exe (.not file.)
O87 - FAEL: "{3406DB5A-8FF1-4478-9DA6-F71680F16A9C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\Orb.exe (.not file.)
O87 - FAEL: "{F54D1984-7390-4F43-979A-877D587FAAD8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe (.not file.)
O87 - FAEL: "{8DD60B67-1B2D-4876-A404-2B8F1B0811EA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe (.not file.)
O87 - FAEL: "{6685B999-8B2C-4A2C-B091-0ACC75AA523B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbIR.exe (.not file.)
O87 - FAEL: "{0960D641-2863-4459-98D9-30E1C2D6B9D9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbIR.exe (.not file.)
O87 - FAEL: "{CC274E9C-BB10-4103-B579-662084BC1836}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe (.not file.)
O87 - FAEL: "{9F19241A-B226-4805-9F7B-6026EBE5D078}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe (.not file.)
O87 - FAEL: "TCP Query User{6E1CCEE3-FD48-471A-9EC5-B993DBBBC44A}C:\program files\tmnationsforever\tmforever.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe (.not file.)
O87 - FAEL: "UDP Query User{3E9417FB-D648-4078-AC49-1974CBFFE171}C:\program files\tmnationsforever\tmforever.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe (.not file.)
O87 - FAEL: "TCP Query User{C0EC37FE-D4CA-406C-8CBF-39B9CB49B36B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe" | In - Private - P6 - TRUE | .(.Kaspersky Lab.) -- C:\programdata\kaspersky lab setup files\kaspersky an
O87 - FAEL: "UDP Query User{A50B1065-08B9-4637-92DE-8B768CFCB1DC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe" | In - Private - P17 - TRUE | .(.Kaspersky Lab.) -- C:\programdata\kaspersky lab setup files\kaspersky a
O87 - FAEL: "TCP Query User{B43BC0E9-66B1-48A6-B263-BF0C55FD70DA}C:\program files\azureus\azureus.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\azureus\azureus.exe (.not file.)
O87 - FAEL: "UDP Query User{9E1A7EBC-7A48-479C-8983-8BD7A0A271B7}C:\program files\azureus\azureus.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\azureus\azureus.exe (.not file.)
O87 - FAEL: "TCP Query User{B7FC4CF9-AFE9-43C6-9680-6632E7AC170E}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{F863F51B-3FFC-4EBD-823B-2547C26578B0}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "TCP Query User{4799B607-8A54-45BA-A339-202164DE39B0}C:\users\sarah\documents\emule\emule.exe" | In - Public - P6 - TRUE | .(.http://www.emule-project.net - eMule.) -- C:\users\sarah\documents\emule\emule.exe
O87 - FAEL: "UDP Query User{DEEA18C8-F338-4945-8485-5961CBBD8865}C:\users\sarah\documents\emule\emule.exe" | In - Public - P17 - TRUE | .(.http://www.emule-project.net - eMule.) -- C:\users\sarah\documents\emule\emule.exe
O87 - FAEL: "{2CA3D832-C978-4F6E-973B-887C8E822581}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Sarah\AppData\Local\Temp\WZSE2.TMP\SymNRT.exe (.not file.)
O87 - FAEL: "{91D669EC-5D12-4BD9-B8CF-214E6CECCC7A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Sarah\AppData\Local\Temp\WZSE2.TMP\SymNRT.exe (.not file.)
O87 - FAEL: "TCP Query User{E3B9482F-592E-4EC7-9A7A-EEDA2A02673B}C:\program files\electronic arts\eadm\core.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\electronic arts\eadm\core.exe (.not file.)
O87 - FAEL: "UDP Query User{F0BF279D-85FE-4942-A301-F989D4476C7E}C:\program files\electronic arts\eadm\core.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\electronic arts\eadm\core.exe (.not file.)
O87 - FAEL: "TCP Query User{950FB6B3-2D69-4140-B2CC-8E8ED5F795DD}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\sarah\desktop\fixitupkatesadventuredownload.exe (.not file.)
O87 - FAEL: "UDP Query User{49047E31-1B92-4B27-953D-2D9F955A4387}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\sarah\desktop\fixitupkatesadventuredownload.exe (.not file.)
O87 - FAEL: "TCP Query User{7F7E205F-AD80-4D90-9170-3D4555F81B6C}C:\program files\mozilla firefox\firefox.exe" | In - Public - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "UDP Query User{403EDBCD-E7B9-4245-B82F-A73901D5E356}C:\program files\mozilla firefox\firefox.exe" | In - Public - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "{CA2006D5-D9A8-4370-ADB0-0B22AFC6F404}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
~ Scan Firewall in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : 8634 - (29/08/2011)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\imside1egate.application.1] =>Adware.BHO
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\aoprndtws] =>Trojan.Vundo
[HKCU\Software\Microsoft\removerp] =>Trojan.Vundo
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\freeze.com] =>Adware.BHO
[HKLM\Software\freeze.com] =>Adware.BHO
[HKCU\Software\PopCap] =>Adware.PopCap
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\ShoppingReport] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKCU\Software\Winamp Toolbar] =>Toolbar.Winamp
[HKLM\Software\Winamp Toolbar] =>Toolbar.Winamp
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\ConduitEngine =>Toolbar.Conduit
C:\Program Files\Trymedia =>Adware.Trymedia
C:\Program Files\uTorrentBar_FR =>Toolbar.Conduit
C:\ProgramData\iWin =>Adware.BHO
C:\ProgramData\Trymedia =>Adware.Trymedia
C:\ProgramData\Winamp Toolbar =>Toolbar.Winamp
C:\Users\Sarah\AppData\Roaming\iWin =>Adware.BHO
C:\Users\Sarah\AppData\Local\OpenCandy =>Adware.OpenCandy
C:\Users\Sarah\AppData\Local\Winamp Toolbar =>Toolbar.Winamp
C:\Users\Sarah\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Sarah\AppData\LocalLow\ConduitEngine =>Toolbar.Conduit
C:\Users\Sarah\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Sarah\AppData\LocalLow\ShoppingReport =>Adware.SmartShopper
C:\Users\Sarah\AppData\LocalLow\uTorrentBar_FR =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Conduit =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\ConduitEngine =>Toolbar.Conduit
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Extensions\engine@conduit.com =>Toolbar.Conduit
~ Scan Additionnel in 00mn 11s



---\\ Recherche détournement de DNS routeur (O89)
Serveur : ns1.numericable.net
Address: 89.2.0.1
Nom : www.google.fr.numericable.fr
Address: 82.216.111.15
~ Scan DNS in 00mn 02s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 19/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/09/2007 188416 | (AlertService) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
SR - | Auto 21/03/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 01/09/2007 606208 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\system32\Ati2evxx.exe
SR - | Auto 06/09/2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 208896 | (DQLWinService) . (...) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
SS - | Auto 27/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 0 | (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 01/09/2007 61440 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 01/09/2007 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 01/09/2007 29696 | (IntelDHSvcConf) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
SR - | Demand 21/03/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 01/09/2007 75264 | (ISSM) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
SR - | Auto 01/09/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 26624 | (M1 Server) . (...) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
SS - | Demand 01/09/2007 167936 | (MCLServiceATL) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
SS - | Demand 01/09/2007 544256 | (Remote UI Service) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
SS - | Demand 01/09/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 01/09/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 26/03/2009 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
~ Scan Services in 00mn 04s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Sarah at 18/09/2011 11:38:03

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ Scan MBR in 00mn 06s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sarah at 18/09/2011 11:38:05

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 08s



End of the scan (1691 lines in 13mn 23s)(0)
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar tomtom95 » 18 Sep 2011 15:01

Bonjour margoya

Pour l'avertissement c'est normal certains outils son reconnu par tes protections comme Risktool (outils a risque), mais rien de néfaste. :wink:
Pour éviter ce problème désactive tes protections (antivirus, anti-malware)

    Par contre la prochaine fois post tes rapport via cjoint.
  • Héberger le fichier http://cjoint.com/
  • Clique sur parcourir va jusqu'au rapport sur ton bureau
  • Clique sur ouvrir, ce qui te ramène sur cjoint
  • Clique sur Créer le lien Cjoint
    Une nouvelle fenêtre apparait avec un lien en bleu
  • Copier et colle sur le forum pour que je puisse le télécharger et analyser.

Je te conseil vivement de supprimer tes logiciels de téléchargement P2P
Sources d'infections multiples.
eMule PeerToPeer
Azureus PeerToPeer

Comme tes ToolBars
Toolbar.Conduit
Toolbar.Ask


  • Ferme toutes les applications ouvertes
  • Désactive tes défenses (anti-virus,anti-spyware)
  • Double-clique sur ZHPFix
    Pour Vista et seven
    fais un clique droit sur l'icône et exécute en tant qu'administrateur
    Image
    Un raccourci installé par ZHPDiag sur le Bureau

    Sélectionne et surligne correctement avec la souris et "Clique droit > "Copier" ou "Ctrl+C"
    ces lignes ci dessous :
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
    M2 - MFEP: prefs.js [Sarah - eh3dtbf6.default\engine@conduit.com] [] Conduit Engine v3.3.3.2 (.Conduit Ltd..)
    M2 - MFEP: prefs.js [Sarah - eh3dtbf6.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR Community Toolbar v3.6.0.10 (.Conduit Ltd..)
    R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) (No version) -- (.not file.)
    R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} . (...) (No version) -- (.not file.)
    O3 - Toolbar: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) -- (.not file.)
    O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} . (...) -- (.not file.)
    O3 - Toolbar: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} . (...) -- (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [Google Software Updater] (...) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [Norton Internet Security - Analyse système complète - Sarah] (...) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-3301910120-441557304-1892818330-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-3301910120-441557304-1892818330-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [Secunia PSI Logon Task] (...) -- C:\Program Files\Secunia\PSI\psi.exe (.not file.) => Secunia Personal Software Inspector (PSI)
    [MD5.00000000000000000000000000000000] [APT] [{3B0C84F9-4EA6-413D-84B0-BE3C53D24D1A}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\Build-a-lot 3 Deluxe\GameInstlr.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{BACA823B-ADC9-49A9-94B6-9E7B15012280}] (...) -- C:\Users\Sarah\AppData\Local\Zylom Games\SKIP-BO Castaway Caper\GameInstlr.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{CF8E8177-264F-4709-8188-D97476A24D2B}] (...) -- C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe (.not file.)
    O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM] -- conduitEngine
    O42 - Logiciel: Elf 1 Toolbar - (.Elf 1.) [HKLM] -- Elf_1 Toolbar
    O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM] -- uTorrentBar_FR Toolbar
    [HKCU\Software\AppDataLow\Software\Conduit]
    [HKCU\Software\AppDataLow\Software\PriceGong]
    [HKCU\Software\AppDataLow\Software\ShoppingReport]
    [HKCU\Software\AppDataLow\Software\conduitEngine]
    [HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
    [HKCU\Software\AppDataLow\Toolbar]
    [HKCU\Software\Freeze.com]
    [HKCU\Software\PopCap]
    [HKLM\Software\Conduit]
    [HKLM\Software\Elf_1]
    [HKLM\Software\Freeze.com]
    [HKLM\Software\KasperskyLab]
    [HKLM\Software\McAfee.com]
    [HKLM\Software\Symantec]
    [HKLM\Software\Trymedia Systems]
    [HKLM\Software\mcafeeupdater]
    [HKLM\Software\uTorrentBar_FR]
    O43 - CFD: 19/12/2010 - 13:59:00 - [532064] ----D- C:\Program Files\Conduit
    O43 - CFD: 24/02/2011 - 17:15:28 - [76046] ----D- C:\Program Files\ConduitEngine
    O43 - CFD: 26/02/2011 - 18:21:34 - [216708] ----D- C:\Program Files\Elf_1
    O43 - CFD: 24/05/2008 - 14:00:42 - [0] ----D- C:\Program Files\Freeze.com
    O43 - CFD: 18/08/2008 - 18:34:42 - [548120] ----D- C:\Program Files\Kaspersky Lab
    O43 - CFD: 29/01/2008 - 20:45:26 - [34072] ----D- C:\Program Files\Trymedia
    O43 - CFD: 24/02/2011 - 17:28:42 - [223469] ----D- C:\Program Files\uTorrentBar_FR
    O43 - CFD: 23/07/2008 - 17:18:06 - [749732] ----D- C:\Program Files\Common Files\Symantec Shared
    O43 - CFD: 23/05/2009 - 21:50:10 - [0] ----D- C:\ProgramData\iWin
    O43 - CFD: 18/08/2008 - 18:32:28 - [30426944] ----D- C:\ProgramData\Kaspersky Lab Setup Files
    O43 - CFD: 15/09/2010 - 14:05:12 - [211140] ----D- C:\ProgramData\McAfee
    O43 - CFD: 19/02/2009 - 18:03:18 - [48847] ----D- C:\ProgramData\NortonInstaller
    O43 - CFD: 23/07/2008 - 17:14:54 - [0] ----D- C:\ProgramData\Symantec
    O43 - CFD: 20/01/2011 - 23:20:08 - [7189686] ----D- C:\ProgramData\Trymedia
    O43 - CFD: 23/05/2009 - 21:50:10 - [9198] ----D- C:\Users\Sarah\AppData\Roaming\iWin
    O43 - CFD: 04/11/2009 - 14:30:58 - [0] ----D- C:\Users\Sarah\AppData\Local\OpenCandy
    O51 - MPSK:{5eb500b9-f45f-11de-b129-001d60727471}\AutoRun\command - Clé orpheline
    O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639
    O69 - SBI: prefs.js [Sarah - eh3dtbf6.default] user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?
    O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://tbsearch.ask.com
    [MD5.37C4EDFB87F6BAC764910A0745B681A3] [SPRF][04/01/2011] (...) -- C:\Users\Sarah\Desktop\Elf_1.exe [2485584]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine]
    [HKLM\Software\Classes\Conduit.Engine]
    [HKLM\Software\Classes\imside1egate.application.1]
    [HKLM\Software\Classes\Toolbar.CT2851639]
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}]
    [HKCU\Software\Microsoft\aoprndtws]
    [HKCU\Software\Microsoft\removerp]
    [HKCU\Software\AppDataLow\Software\Conduit]
    [HKLM\Software\Conduit]
    [HKCU\Software\AppDataLow\Software\conduitEngine]
    [HKLM\Software\conduitEngine]
    [HKCU\Software\freeze.com]
    [HKLM\Software\freeze.com]
    [HKCU\Software\PopCap]
    [HKCU\Software\AppDataLow\Software\PriceGong]
    [HKCU\Software\AppDataLow\Software\ShoppingReport]
    [HKCU\Software\AppDataLow\Toolbar]
    [HKLM\Software\Trymedia Systems]
    [HKCU\Software\AppDataLow\Software\uTorrentBar_FR
    [HKLM\Software\uTorrentBar_FR]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine]
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D}
    [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D}
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

    FirewallRAZ
    EmptyTemp
    EmptyFlash
  • Clique successivement sur l'icône H (pour effacer le rapport qui s'est affiché) Image puis sur l'icône de la "malette cachée par la feuille" Image .
  • Vérifie que toutes les lignes que je t'ai demandé de copier sont dans la fenêtre.
  • Et seulement ces lignes
  • Puis clique sur le bouton [OK]
  • A ce moment apparaîtra au début de chaque ligne
    une petite case vide. [ ]
  • Ensuite clique sur Tous puis sur Nettoyer
  • Valide par Oui la désinstallation des programmes si demandé
  • Laisse l'outil travailler. Si un redémarrage est demandé accepte et redémarre le PC
  • Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.

    Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPFix\ZHPFixReport.txt

Ensuite refait la procédure de AdwCleaner - Recherche : avec tes protections désactivés (anti-virus,anti-spyware)
  • Sur cette page AdwCleaner de Xplode
    Image
    clique sur Télécharger et enregistre le fichier sur ton Bureau
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7
    il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal
    clique sur Recherche et patiente le temps de l'analyse
  • A la fin du scan
    un rapport AdwCleaner[R].txt s'ouvre. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner[R].txt

A+
Avatar de l’utilisateur
tomtom95
Libellulien Junior
Libellulien Junior
 
Messages: 124
Inscription: 10 Sep 2011 23:37

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 18:30

Désolée de ne pas avoir mis le 1er rapoort avec cjoint, j'avais un message me disant "raccourci manquant", je ne pouvais procéder qu'ainsi (sûrement une mauvaise manip' de ma part à un moment donné, désolée)

Rapport ZHPfix:

Rapport de ZHPFix 1.12.3360 par Nicolas Coolman, Update du 29/08/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-18-09-2011-19-27-10.txt
Run by Sarah at 18/09/2011 19:27:10
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-p ... hpfix.html

========== Logiciel(s) ==========
ABSENT Uninstall Process: c:\progra~1\condui~1\conduitengineuninstall.exe
ABSENT Uninstall Process: c:\progra~1\elf_1\unwise.exe
ABSENT Uninstall Process: c:\progra~1\utorre~1\unwise.exe

========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Users\Sarah\Desktop\Elf_1.exe

========== Clé(s) du Registre ==========
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine]
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elf_1 Toolbar]
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar]
SUPPRIME Key: HKCU\Software\AppDataLow\Software\Conduit
SUPPRIME Key: HKCU\Software\AppDataLow\Software\PriceGong
SUPPRIME Key: HKCU\Software\AppDataLow\Software\ShoppingReport
SUPPRIME Key: HKCU\Software\AppDataLow\Software\conduitEngine
SUPPRIME Key: HKCU\Software\AppDataLow\Software\uTorrentBar_FR
SUPPRIME Key: HKCU\Software\AppDataLow\Toolbar
SUPPRIME Key: HKCU\Software\Freeze.com
SUPPRIME Key: HKCU\Software\PopCap
SUPPRIME Key: HKLM\Software\Conduit
SUPPRIME Key: HKLM\Software\Elf_1
SUPPRIME Key: HKLM\Software\Freeze.com
SUPPRIME Key: HKLM\Software\KasperskyLab
SUPPRIME Key: HKLM\Software\McAfee.com
SUPPRIME Key: HKLM\Software\Symantec
SUPPRIME Key: HKLM\Software\Trymedia Systems
SUPPRIME Key: HKLM\Software\mcafeeupdater
SUPPRIME Key: HKLM\Software\uTorrentBar_FR
SUPPRIME CLSID MPSK: {5eb500b9-f45f-11de-b129-001d60727471}
SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
SUPPRIME Key: HKLM\Software\Classes\Conduit.Engine
SUPPRIME Key: HKLM\Software\Classes\imside1egate.application.1
SUPPRIME Key: HKLM\Software\Classes\Toolbar.CT2851639
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
SUPPRIME Key: HKCU\Software\Microsoft\aoprndtws
SUPPRIME Key: HKCU\Software\Microsoft\removerp
SUPPRIME Key: HKLM\Software\conduitEngine
ABSENT Key: HKCU\Software\freeze.com
ABSENT Key: HKLM\Software\freeze.com
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

========== Valeur(s) du Registre ==========
ABSENT URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
SUPPRIME URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
ABSENT URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9}
SUPPRIME URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9}
SUPPRIME Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
SUPPRIME Toolbar: {30F9B915-B755-4826-820B-08FBA6BD249D}
SUPPRIME Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9}
SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D}
ABSENT [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D}
SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
SUPPRIME FirewallRaz (Private) : TCP Query User{6917B577-D2E6-48FD-A28A-3BA24F474421}C:\program files\emule\emule.exe
SUPPRIME FirewallRaz (Private) : UDP Query User{07CEEEFA-CE9C-495D-84EE-FBC78E3FC9A3}C:\program files\emule\emule.exe
SUPPRIME FirewallRaz (Private) : {63327458-4334-489F-B353-AA1E2EB99486}
SUPPRIME FirewallRaz (Private) : {3406DB5A-8FF1-4478-9DA6-F71680F16A9C}
SUPPRIME FirewallRaz (Private) : {F54D1984-7390-4F43-979A-877D587FAAD8}
SUPPRIME FirewallRaz (Private) : {8DD60B67-1B2D-4876-A404-2B8F1B0811EA}
SUPPRIME FirewallRaz (Private) : {6685B999-8B2C-4A2C-B091-0ACC75AA523B}
SUPPRIME FirewallRaz (Private) : {0960D641-2863-4459-98D9-30E1C2D6B9D9}
SUPPRIME FirewallRaz (Private) : {CC274E9C-BB10-4103-B579-662084BC1836}
SUPPRIME FirewallRaz (Private) : {9F19241A-B226-4805-9F7B-6026EBE5D078}
SUPPRIME FirewallRaz (Private) : TCP Query User{6E1CCEE3-FD48-471A-9EC5-B993DBBBC44A}C:\program files\tmnationsforever\tmforever.exe
SUPPRIME FirewallRaz (Private) : UDP Query User{3E9417FB-D648-4078-AC49-1974CBFFE171}C:\program files\tmnationsforever\tmforever.exe
SUPPRIME FirewallRaz (Private) : TCP Query User{C0EC37FE-D4CA-406C-8CBF-39B9CB49B36B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe
SUPPRIME FirewallRaz (Private) : UDP Query User{A50B1065-08B9-4637-92DE-8B768CFCB1DC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe
SUPPRIME FirewallRaz (Private) : TCP Query User{B43BC0E9-66B1-48A6-B263-BF0C55FD70DA}C:\program files\azureus\azureus.exe
SUPPRIME FirewallRaz (Private) : UDP Query User{9E1A7EBC-7A48-479C-8983-8BD7A0A271B7}C:\program files\azureus\azureus.exe
SUPPRIME FirewallRaz (Public) : TCP Query User{B7FC4CF9-AFE9-43C6-9680-6632E7AC170E}C:\program files\emule\emule.exe
SUPPRIME FirewallRaz (Public) : UDP Query User{F863F51B-3FFC-4EBD-823B-2547C26578B0}C:\program files\emule\emule.exe
SUPPRIME FirewallRaz (Public) : {2CA3D832-C978-4F6E-973B-887C8E822581}
SUPPRIME FirewallRaz (Public) : {91D669EC-5D12-4BD9-B8CF-214E6CECCC7A}
SUPPRIME FirewallRaz (Public) : TCP Query User{E3B9482F-592E-4EC7-9A7A-EEDA2A02673B}C:\program files\electronic arts\eadm\core.exe
SUPPRIME FirewallRaz (Public) : UDP Query User{F0BF279D-85FE-4942-A301-F989D4476C7E}C:\program files\electronic arts\eadm\core.exe
SUPPRIME FirewallRaz (Public) : TCP Query User{950FB6B3-2D69-4140-B2CC-8E8ED5F795DD}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe
SUPPRIME FirewallRaz (Public) : UDP Query User{49047E31-1B92-4B27-953D-2D9F955A4387}C:\users\sarah\desktop\fixitupkatesadventuredownload.exe
SUPPRIME FirewallRaz (None) : {747D5749-E1F4-496D-A7A8-66294039604A}

========== Elément(s) de donnée du Registre ==========
REMPLACE Value UacDisableNotify : Good (0) - Bad (1)

========== Préférences navigateur ==========
SUPPRIME Mozilla Pref: user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639
SUPPRIME Mozilla Pref: user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?

========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\extensions\engine@conduit.com
SUPPRIME Folder: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
SUPPRIME Folder: C:\Program Files\Conduit
SUPPRIME Folder: C:\Program Files\ConduitEngine
SUPPRIME Folder: C:\Program Files\Elf_1
SUPPRIME Folder: C:\Program Files\Freeze.com
SUPPRIME Folder: C:\Program Files\Kaspersky Lab
SUPPRIME Folder: C:\Program Files\Trymedia
SUPPRIME Folder: C:\Program Files\uTorrentBar_FR
SUPPRIME Folder: C:\Program Files\Common Files\Symantec Shared
SUPPRIME Folder: C:\ProgramData\iWin
SUPPRIME Folder: C:\ProgramData\Kaspersky Lab Setup Files
SUPPRIME Folder: C:\ProgramData\McAfee
SUPPRIME Folder: C:\ProgramData\NortonInstaller
SUPPRIME Reboot Folder**: C:\ProgramData\Symantec
SUPPRIME Folder: C:\ProgramData\Trymedia
SUPPRIME Folder: C:\Users\Sarah\AppData\Roaming\iWin
SUPPRIME Folder: C:\Users\Sarah\AppData\Local\OpenCandy
SUPPRIME Temporaires Windows: : 93
SUPPRIME Flash Cookies: 823

========== Fichier(s) ==========
SUPPRIME File: c:\users\sarah\desktop\elf_1.exe
SUPPRIME Temporaires Windows: : 239
SUPPRIME Flash Cookies: 358

========== Tache planifiée ==========
SUPPRIME Task: Google Software Updater
SUPPRIME Task: Norton Internet Security - Analyse système complète - Sarah
SUPPRIME Task: RealUpgradeLogonTaskS-1-5-21-3301910120-441557304-1892818330-1001
SUPPRIME Task: RealUpgradeScheduledTaskS-1-5-21-3301910120-441557304-1892818330-1001
SUPPRIME Task: Secunia PSI Logon Task
SUPPRIME Task: {3B0C84F9-4EA6-413D-84B0-BE3C53D24D1A}
SUPPRIME Task: {BACA823B-ADC9-49A9-94B6-9E7B15012280}
SUPPRIME Task: {CF8E8177-264F-4709-8188-D97476A24D2B}

========== Autre ==========
NON TRAITE [HKCU\Software\AppDataLow\Software\uTorrentBar_FR


========== Récapitulatif ==========
1 : Processus mémoire
34 : Clé(s) du Registre
37 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
20 : Dossier(s)
3 : Fichier(s)
3 : Logiciel(s)
2 : Préférences navigateur
8 : Tache planifiée
1 : Autre


End of the scan in 01mn 04s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 18/09/2011 19:27:10 [8863]
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 18 Sep 2011 18:39

# AdwCleaner v1.306 - Rapport créé le 18/09/2011 à 19:39:38
# Mis à jour le 14/09/11 à 13h par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Sarah - PC-DE-SARAH (Administrateur)
# Exécuté depuis : C:\Users\Sarah\Desktop\adwcleaner.exe
# Option [Recherche]


***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Conduit
Dossier Présent : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\ConduitEngine

***** [Registre] *****

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v6.0.2 (fr)

Profil : eh3dtbf6.default
Fichier : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\prefs.js

Présente : user_pref("CT2851639..clientLogIsEnabled", true);
Présente : user_pref("CT2851639..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Présente : user_pref("CT2851639..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Présente : user_pref("CT2851639.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Présente : user_pref("CT2851639.CTID", "CT2851639");
Présente : user_pref("CT2851639.CurrentServerDate", "26-2-2011");
Présente : user_pref("CT2851639.DialogsAlignMode", "LTR");
Présente : user_pref("CT2851639.DownloadReferralCookieData", "");
Présente : user_pref("CT2851639.EMailNotifierPollDate", "Sat Feb 26 2011 09:00:17 GMT+0100");
Présente : user_pref("CT2851639.FeedLastCount2548968607390276962", 550);
Présente : user_pref("CT2851639.FeedPollDate129351529712775081", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775087", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775093", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775099", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775105", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775111", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775117", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775123", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775129", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775135", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedPollDate129351529712775141", "Sat Feb 26 2011 08:15:41 GMT+0100");
Présente : user_pref("CT2851639.FeedTTL129351529712775081", 10);
Présente : user_pref("CT2851639.FeedTTL129351529712775105", 15);
Présente : user_pref("CT2851639.FeedTTL129351529712775117", 5);
Présente : user_pref("CT2851639.FeedTTL129351529712775129", 5);
Présente : user_pref("CT2851639.FirstServerDate", "19-12-2010");
Présente : user_pref("CT2851639.FirstTime", true);
Présente : user_pref("CT2851639.FirstTimeFF3", true);
Présente : user_pref("CT2851639.FixPageNotFoundErrors", false);
Présente : user_pref("CT2851639.GroupingServerCheckInterval", 1440);
Présente : user_pref("CT2851639.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Présente : user_pref("CT2851639.HasUserGlobalKeys", true);
Présente : user_pref("CT2851639.Initialize", true);
Présente : user_pref("CT2851639.InitializeCommonPrefs", true);
Présente : user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
Présente : user_pref("CT2851639.InstallationType", "UnknownIntegration");
Présente : user_pref("CT2851639.InstalledDate", "Sun Dec 19 2010 12:59:17 GMT+0100");
Présente : user_pref("CT2851639.IsGrouping", false);
Présente : user_pref("CT2851639.IsMulticommunity", false);
Présente : user_pref("CT2851639.IsOpenThankYouPage", true);
Présente : user_pref("CT2851639.IsOpenUninstallPage", false);
Présente : user_pref("CT2851639.LanguagePackLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
Présente : user_pref("CT2851639.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Présente : user_pref("CT2851639.LastLogin_3.2.5.2", "Sat Feb 26 2011 08:15:29 GMT+0100");
Présente : user_pref("CT2851639.LatestVersion", "3.2.5.2");
Présente : user_pref("CT2851639.Locale", "fr");
Présente : user_pref("CT2851639.MCDetectTooltipHeight", "83");
Présente : user_pref("CT2851639.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Présente : user_pref("CT2851639.MCDetectTooltipWidth", "295");
Présente : user_pref("CT2851639.SearchFromAddressBarIsInit", true);
Présente : /*user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&q=");*/
Présente : user_pref("CT2851639.SearchInNewTabEnabled", true);
Présente : user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
Présente : user_pref("CT2851639.SearchInNewTabLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("CT2851639.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Présente : user_pref("CT2851639.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Présente : user_pref("CT2851639.ServiceMapLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("CT2851639.SettingsLastCheckTime", "Sat Feb 26 2011 08:15:29 GMT+0100");
Présente : user_pref("CT2851639.SettingsLastUpdate", "1297860073");
Présente : user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
Présente : user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Sun Feb 20 2011 18:56:29 GMT+0100");
Présente : user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1255348267");
Présente : user_pref("CT2851639.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Présente : user_pref("CT2851639.UserID", "UN97123987108106757");
Présente : user_pref("CT2851639.ValidationData_Search", 2);
Présente : user_pref("CT2851639.ValidationData_Toolbar", 2);
Présente : user_pref("CT2851639.WeatherNetwork", "");
Présente : user_pref("CT2851639.WeatherPollDate", "Sat Feb 26 2011 09:00:28 GMT+0100");
Présente : user_pref("CT2851639.WeatherUnit", "C");
Présente : user_pref("CT2851639.alertChannelId", "1243674");
Présente : user_pref("CT2851639.backendstorage.enableinj", "");
Présente : user_pref("CT2851639.backendstorage.pairingkey", "46334138433639394339434631353634464246334244453045444531413938343732464443333136");
Présente : user_pref("CT2851639.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Présente : user_pref("CT2851639.backendstorage.uttorrents", "7B226275696C64223A32333730332C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B2242423342453731453046414545363143463535414145413734383033353742344630373644433031222C3230312C223132372E486F7572732E4652454E43482E42445269702E587669442E4143332D4652655368222C313436323332353938322C313030302C313436323332353938322C323035373237383137342C313430362C37343130322C38322C313833382C22222C362C38362C302C3238342C3132383533362C2D312C305D2C5B2245433733464233423246353037433039433038433243443636443046424132333934423934363733222C3230312C224F6E652E547265652E48696C6C2E5330384531352E564F535446522E484454562E587669442D415465616D2E617669222C3336373030393739322C313030302C3336373030393739322C313331303832363439362C333537312C363332302C33362C302C22222C352C3138342C302C3339302C3132363935382C2D312C305D5D2C22746F7272656E7463223A22323537333034373136222C227273736665656473223A5B5D2C2272737366696C74657273223A5B5D7D");
Présente : user_pref("CT2851639.myStuffEnabled", true);
Présente : user_pref("CT2851639.myStuffPublihserMinWidth", 400);
Présente : user_pref("CT2851639.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Présente : user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
Présente : user_pref("CT2851639.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Présente : user_pref("CT2851639.testingCtid", "");
Présente : user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Sun Dec 19 2010 12:59:17 GMT+0100");
Présente : user_pref("CT2851639.usagesFlag", 2);
Présente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1239347/FR", "\"0\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/FR", "\"0\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2851639", "\"1290679360\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "ZSqe5hKaZ5ArucBehsFKPg==");
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "4QEZsg21gcAcM1vZlOyj4g==");
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "a47lyj7cLWBfKLgeVP5JNA==");
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "A4BF15en2mpzA5wEihSZog==");
Présente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\"803651ba7facb1:0\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-se ... er=3.3.3.2", "\"07b2625f8cb1:0\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "634248284990000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =1/11/2011 5:25:10 PM", "634335443890000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =11/8/2010 3:54:59 PM", "634285417620000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/21/2010 3:22:42 PM", "634285417620000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/27/2010 12:43:05 PM", "634293235860000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/30/2010 4:33:06 PM", "634303635100000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =2/17/2011 12:59:49 PM", "634339976460000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =2/22/2011 6:54:06 PM", "634339976460000000");
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2851639", "\"1297860073\"");
Présente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=fr", "\"634322696881670000\"");
Présente : user_pref("CommunityToolbar.EngineOwner", "CT2851639");
Présente : user_pref("CommunityToolbar.EngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
Présente : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_fr");
Présente : user_pref("CommunityToolbar.IsEngineShown", false);
Présente : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Présente : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/ ... =CT2851639", "744x663");
Présente : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2851639");
Présente : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
Présente : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_fr");
Présente : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Présente : user_pref("CommunityToolbar.ToolbarsList", "CT2851639,ConduitEngine");
Présente : user_pref("CommunityToolbar.ToolbarsList2", "CT2851639,ConduitEngine");
Présente : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 04 2011 12:44:18 GMT+0200");
Présente : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Présente : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 01 2011 03:33:25 GMT+0200");
Présente : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Présente : user_pref("CommunityToolbar.alert.locale", "en");
Présente : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Présente : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 03:33:16 GMT+0200");
Présente : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Présente : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Présente : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Présente : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Présente : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Présente : user_pref("CommunityToolbar.alert.userId", "536410b5-4f18-48a3-934a-9506479c86a3");
Présente : user_pref("CommunityToolbar.facebook.sessionKey", "2._buGlUvqI0ts1aAx12Ymng__.86400.1292972400-1740357924");
Présente : user_pref("CommunityToolbar.facebook.sessionSecret", "bwSDTuGN1kLXIIoeN1Irtg__");
Présente : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("CommunityToolbar.facebook.userId", "1740357924");
Présente : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Présente : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Présente : user_pref("ConduitEngine.CTID", "ConduitEngine");
Présente : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed May 04 2011 12:44:17 GMT+0200");
Présente : user_pref("ConduitEngine.FirstServerDate", "12/21/2010 22");
Présente : user_pref("ConduitEngine.FirstTime", true);
Présente : user_pref("ConduitEngine.FirstTimeFF3", true);
Présente : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Présente : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Présente : user_pref("ConduitEngine.Initialize", true);
Présente : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Présente : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Présente : user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 12:59:17 GMT+0100");
Présente : user_pref("ConduitEngine.IsMulticommunity", false);
Présente : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Présente : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Présente : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Présente : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Présente : /*user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");*/
Présente : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 26 2011 08:15:30 GMT+0100");
Présente : user_pref("ConduitEngine.UserID", "UN00544542114939139");
Présente : user_pref("ConduitEngine.engineLocale", "en-US");
Présente : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Présente : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed May 04 2011 12:44:17 GMT+0200");
Présente : user_pref("ConduitEngine.initDone", true);
Présente : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [16837 octets] - [18/09/2011 19:39:39]

########## EOF - C:\AdwCleaner[R1].txt - [16966 octets] ##########
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar tomtom95 » 18 Sep 2011 19:39

Bonsoir margoya

Pas de problème pour cjoint ,c'est seulement plus facile pour moi :wink:

  • Ferme toutes les applications y compris ton navigateur
  • Relance AdwCleaner par un double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7
    il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal
    clique sur Suppression et patiente le temps de l'analyse
  • A la fin du scan
    un rapport AdwCleaner[S].txt s'ouvre. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner[S].txt


Télécharge la dernier version MalwareByte's sur ton Bureau.

Ou met a jour la version présente sur ton pc >> V 1.51.0.1118 base 7744

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Branche tes supports externes sur le pc (Clé USB,Disque Dur,etc..)
    Sans les ouvrirs
  • Exécute maintenant MalwareByte's Anti-Malware.Clique droit sur l'icône et "Exécuter en tant qu'administrateur"
    sélectionne "Exécuter un examen complet".
  • Coche toutes les cases des lecteurs
  • Afin de lancer la recherche clique sur"Rechercher".
  • Coche toutes les cases de tes lecteurs
  • Une fois le scan terminé une fenêtre s'ouvre clique sur OK.
  • Si des infections sont présentes
    clique sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
  • poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression accepte en cliquant sur Ok.

A+
Avatar de l’utilisateur
tomtom95
Libellulien Junior
Libellulien Junior
 
Messages: 124
Inscription: 10 Sep 2011 23:37

Re: Analyse SVP!

Messagepar margoya » 20 Sep 2011 16:18

Bonjour!

# AdwCleaner v1.306 - Rapport créé le 20/09/2011 à 17:17:01
# Mis à jour le 14/09/11 à 13h par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Sarah - PC-DE-SARAH (Administrateur)
# Exécuté depuis : C:\Users\Sarah\Desktop\adwcleaner.exe
# Option [Suppression]


***** [KillNav] *****

Aucun navigateur n'était en cours d'exécution.

***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\Conduit
Dossier Supprimé : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\ConduitEngine

***** [Registre] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v6.0.2 (fr)

Profil : eh3dtbf6.default
Fichier : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\eh3dtbf6.default\prefs.js

Supprimée : user_pref("CT2851639..clientLogIsEnabled", true);
Supprimée : user_pref("CT2851639..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Supprimée : user_pref("CT2851639..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Supprimée : user_pref("CT2851639.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Supprimée : user_pref("CT2851639.CTID", "CT2851639");
Supprimée : user_pref("CT2851639.CurrentServerDate", "26-2-2011");
Supprimée : user_pref("CT2851639.DialogsAlignMode", "LTR");
Supprimée : user_pref("CT2851639.DownloadReferralCookieData", "");
Supprimée : user_pref("CT2851639.EMailNotifierPollDate", "Sat Feb 26 2011 09:00:17 GMT+0100");
Supprimée : user_pref("CT2851639.FeedLastCount2548968607390276962", 550);
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775081", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775087", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775093", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775099", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775105", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775111", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775117", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775123", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775129", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775135", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedPollDate129351529712775141", "Sat Feb 26 2011 08:15:41 GMT+0100");
Supprimée : user_pref("CT2851639.FeedTTL129351529712775081", 10);
Supprimée : user_pref("CT2851639.FeedTTL129351529712775105", 15);
Supprimée : user_pref("CT2851639.FeedTTL129351529712775117", 5);
Supprimée : user_pref("CT2851639.FeedTTL129351529712775129", 5);
Supprimée : user_pref("CT2851639.FirstServerDate", "19-12-2010");
Supprimée : user_pref("CT2851639.FirstTime", true);
Supprimée : user_pref("CT2851639.FirstTimeFF3", true);
Supprimée : user_pref("CT2851639.FixPageNotFoundErrors", false);
Supprimée : user_pref("CT2851639.GroupingServerCheckInterval", 1440);
Supprimée : user_pref("CT2851639.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Supprimée : user_pref("CT2851639.HasUserGlobalKeys", true);
Supprimée : user_pref("CT2851639.Initialize", true);
Supprimée : user_pref("CT2851639.InitializeCommonPrefs", true);
Supprimée : user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
Supprimée : user_pref("CT2851639.InstallationType", "UnknownIntegration");
Supprimée : user_pref("CT2851639.InstalledDate", "Sun Dec 19 2010 12:59:17 GMT+0100");
Supprimée : user_pref("CT2851639.IsGrouping", false);
Supprimée : user_pref("CT2851639.IsMulticommunity", false);
Supprimée : user_pref("CT2851639.IsOpenThankYouPage", true);
Supprimée : user_pref("CT2851639.IsOpenUninstallPage", false);
Supprimée : user_pref("CT2851639.LanguagePackLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
Supprimée : user_pref("CT2851639.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Supprimée : user_pref("CT2851639.LastLogin_3.2.5.2", "Sat Feb 26 2011 08:15:29 GMT+0100");
Supprimée : user_pref("CT2851639.LatestVersion", "3.2.5.2");
Supprimée : user_pref("CT2851639.Locale", "fr");
Supprimée : user_pref("CT2851639.MCDetectTooltipHeight", "83");
Supprimée : user_pref("CT2851639.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Supprimée : user_pref("CT2851639.MCDetectTooltipWidth", "295");
Supprimée : user_pref("CT2851639.SearchFromAddressBarIsInit", true);
Supprimée : user_pref("CT2851639.SearchInNewTabEnabled", true);
Supprimée : user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
Supprimée : user_pref("CT2851639.SearchInNewTabLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("CT2851639.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Supprimée : user_pref("CT2851639.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Supprimée : user_pref("CT2851639.ServiceMapLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("CT2851639.SettingsLastCheckTime", "Sat Feb 26 2011 08:15:29 GMT+0100");
Supprimée : user_pref("CT2851639.SettingsLastUpdate", "1297860073");
Supprimée : user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
Supprimée : user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Sun Feb 20 2011 18:56:29 GMT+0100");
Supprimée : user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1255348267");
Supprimée : user_pref("CT2851639.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Supprimée : user_pref("CT2851639.UserID", "UN97123987108106757");
Supprimée : user_pref("CT2851639.ValidationData_Search", 2);
Supprimée : user_pref("CT2851639.ValidationData_Toolbar", 2);
Supprimée : user_pref("CT2851639.WeatherNetwork", "");
Supprimée : user_pref("CT2851639.WeatherPollDate", "Sat Feb 26 2011 09:00:28 GMT+0100");
Supprimée : user_pref("CT2851639.WeatherUnit", "C");
Supprimée : user_pref("CT2851639.alertChannelId", "1243674");
Supprimée : user_pref("CT2851639.backendstorage.enableinj", "");
Supprimée : user_pref("CT2851639.backendstorage.pairingkey", "46334138433639394339434631353634464246334244453045444531413938343732464443333136");
Supprimée : user_pref("CT2851639.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Supprimée : user_pref("CT2851639.backendstorage.uttorrents", "7B226275696C64223A32333730332C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B2242423342453731453046414545363143463535414145413734383033353742344630373644433031222C3230312C223132372E486F7572732E4652454E43482E42445269702E587669442E4143332D4652655368222C313436323332353938322C313030302C313436323332353938322C323035373237383137342C313430362C37343130322C38322C313833382C22222C362C38362C302C3238342C3132383533362C2D312C305D2C5B2245433733464233423246353037433039433038433243443636443046424132333934423934363733222C3230312C224F6E652E547265652E48696C6C2E5330384531352E564F535446522E484454562E587669442D415465616D2E617669222C3336373030393739322C313030302C3336373030393739322C313331303832363439362C333537312C363332302C33362C302C22222C352C3138342C302C3339302C3132363935382C2D312C305D5D2C22746F7272656E7463223A22323537333034373136222C227273736665656473223A5B5D2C2272737366696C74657273223A5B5D7D");
Supprimée : user_pref("CT2851639.myStuffEnabled", true);
Supprimée : user_pref("CT2851639.myStuffPublihserMinWidth", 400);
Supprimée : user_pref("CT2851639.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Supprimée : user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
Supprimée : user_pref("CT2851639.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Supprimée : user_pref("CT2851639.testingCtid", "");
Supprimée : user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Sun Dec 19 2010 12:59:17 GMT+0100");
Supprimée : user_pref("CT2851639.usagesFlag", 2);
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1239347/FR", "\"0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/FR", "\"0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2851639", "\"1290679360\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "ZSqe5hKaZ5ArucBehsFKPg==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "4QEZsg21gcAcM1vZlOyj4g==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "a47lyj7cLWBfKLgeVP5JNA==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=fr", "A4BF15en2mpzA5wEihSZog==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\"803651ba7facb1:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-se ... er=3.3.3.2", "\"07b2625f8cb1:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "634248284990000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =1/11/2011 5:25:10 PM", "634335443890000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =11/8/2010 3:54:59 PM", "634285417620000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/21/2010 3:22:42 PM", "634285417620000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/27/2010 12:43:05 PM", "634293235860000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... 12/30/2010 4:33:06 PM", "634303635100000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =2/17/2011 12:59:49 PM", "634339976460000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... =2/22/2011 6:54:06 PM", "634339976460000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2851639", "\"1297860073\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=fr", "\"634322696881670000\"");
Supprimée : user_pref("CommunityToolbar.EngineOwner", "CT2851639");
Supprimée : user_pref("CommunityToolbar.EngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
Supprimée : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_fr");
Supprimée : user_pref("CommunityToolbar.IsEngineShown", false);
Supprimée : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Supprimée : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/ ... =CT2851639", "744x663");
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2851639");
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_fr");
Supprimée : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2851639,ConduitEngine");
Supprimée : user_pref("CommunityToolbar.ToolbarsList2", "CT2851639,ConduitEngine");
Supprimée : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 04 2011 12:44:18 GMT+0200");
Supprimée : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Supprimée : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 01 2011 03:33:25 GMT+0200");
Supprimée : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Supprimée : user_pref("CommunityToolbar.alert.locale", "en");
Supprimée : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Supprimée : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 03:33:16 GMT+0200");
Supprimée : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Supprimée : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Supprimée : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Supprimée : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Supprimée : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Supprimée : user_pref("CommunityToolbar.alert.userId", "536410b5-4f18-48a3-934a-9506479c86a3");
Supprimée : user_pref("CommunityToolbar.facebook.sessionKey", "2._buGlUvqI0ts1aAx12Ymng__.86400.1292972400-1740357924");
Supprimée : user_pref("CommunityToolbar.facebook.sessionSecret", "bwSDTuGN1kLXIIoeN1Irtg__");
Supprimée : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("CommunityToolbar.facebook.userId", "1740357924");
Supprimée : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Supprimée : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Supprimée : user_pref("ConduitEngine.CTID", "ConduitEngine");
Supprimée : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed May 04 2011 12:44:17 GMT+0200");
Supprimée : user_pref("ConduitEngine.FirstServerDate", "12/21/2010 22");
Supprimée : user_pref("ConduitEngine.FirstTime", true);
Supprimée : user_pref("ConduitEngine.FirstTimeFF3", true);
Supprimée : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Supprimée : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Supprimée : user_pref("ConduitEngine.Initialize", true);
Supprimée : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Supprimée : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Supprimée : user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 12:59:17 GMT+0100");
Supprimée : user_pref("ConduitEngine.IsMulticommunity", false);
Supprimée : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Supprimée : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Supprimée : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Supprimée : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Supprimée : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 26 2011 08:15:30 GMT+0100");
Supprimée : user_pref("ConduitEngine.UserID", "UN00544542114939139");
Supprimée : user_pref("ConduitEngine.engineLocale", "en-US");
Supprimée : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Feb 25 2011 15:52:36 GMT+0100");
Supprimée : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed May 04 2011 12:44:17 GMT+0200");
Supprimée : user_pref("ConduitEngine.initDone", true);
Supprimée : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [16968 octets] - [18/09/2011 19:39:39]
AdwCleaner[S1].txt - [16882 octets] - [20/09/2011 17:17:01]

########## EOF - C:\AdwCleaner[S1].txt - [17011 octets] ##########
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 20 Sep 2011 17:15

Analyse Malwarebytes en cours...
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar margoya » 20 Sep 2011 18:22

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7755

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20/09/2011 19:22:04
mbam-log-2011-09-20 (19-22-04).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Elément(s) analysé(s): 425538
Temps écoulé: 1 heure(s), 43 minute(s), 51 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar tomtom95 » 20 Sep 2011 18:52

Bonsoir margoya

Comment ce comporte le pc ?

Refait une analyse avec ZHPDiag stp
  • Lance l'outil : double-clique sur ZHPDiag pour XP
    Pour Vista et seven
    fais un clique droit sur l'icône et exécute en tant qu'administrateur.

    Clique sur le Tournevis a droit en haut
    Image

    Coche toutes les cases .
  • Puis Clique sur la petite loupe Image en haut à gauche pour débuter l'analyse :
  • L'analyse peut durer une dizaine de minutes.
  • Le rapport généré par l'outil se nomme ZHPDiag.txt
  • Clique sur le bouton avec l'appareil photo pour copier le contenu intégral du rapport généré par l'outil dans le presse-papier :
  • Dans ta prochaine réponse
    clique sur les touches CTRL+V pour coller ce rapport.
  • Si tu rencontres un message d'erreur
    cela signifie que le rapport est trop long. Il faut donc l'éditer en plusieurs parties en veillant bien à ne rien oublier
  • héberger le fichier contenant ce rapport ici http://cjoint.com/ :wink:
  • Indique ensuite dans ta prochaine réponse l'adresse d'hébergement de ce rapport pour que je puisse le télécharger et l'analyser.

Si tout est ok je te donne les derniéres manips et les mise a jour que tu doit faire :supers:

A+
Avatar de l’utilisateur
tomtom95
Libellulien Junior
Libellulien Junior
 
Messages: 124
Inscription: 10 Sep 2011 23:37

Re: Analyse SVP!

Messagepar margoya » 22 Sep 2011 17:21

L'ordi ne rame plus, je peux enfin écrire un mail sans que le curseur se bloque :supers:

Par contre je n'arrive pas à héberger sur cjoint, impossible de retrouver mon analyse sur l'ordinateur pour l"herberger sur le site et quand je tape dans la barre de recherche, on me dit raccourci manquant :oops:
margoya
Libellulien Junior
Libellulien Junior
 
Messages: 229
Inscription: 22 Juil 2008 11:24

Re: Analyse SVP!

Messagepar tomtom95 » 22 Sep 2011 18:13

Bonsoir margoya

Bonne nouvelle :wink:

    Pour posté tes rapport via cjoint je te remettre la manip.
  • Héberger le fichier http://cjoint.com/
  • Clique sur parcourir va jusqu'au rapport sur ton bureau
  • Clique sur ouvrir
    ce qui te ramène sur cjoint
  • Clique sur Créer le lien Cjoint
    Une nouvelle fenêtre apparait avec un lien en bleu
  • Copier et colle sur le forum pour que je puisse le télécharger et analyser.

Le rapport ZHPDiag.txt,doit être sur le
Si tu la supprimer ,il y a une sauvegarde qui ce trouve a la base de ( C )
Clique sur démarrer >> ordinateur >>
Tu dois avoir un répertoire ZHP >> ouvre-le et dedans tu as un fichier ZHPDiag.txt
En cas ou tu ne le trouve pas refait stp une analyse avec ZHPDiag merci

A+
Avatar de l’utilisateur
tomtom95
Libellulien Junior
Libellulien Junior
 
Messages: 124
Inscription: 10 Sep 2011 23:37

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 1 invité