Demande d'analyse

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Demande d'analyse

Messagepar Pik » 03 Juin 2011 13:11

Bonjour,
Voici le log de mon pc (XP), si quelqu'u a le temps de me donner un coup de main pour pallier à pas mal de ralentissements... Je suis un peu perdu! Merci d'avance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:30:53, on 03/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OFFICE One 7.0\program\soffice.exe
C:\Program Files\OFFICE One 7.0\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canyousea.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8653f80c000000000000002243310a61&tlver=1.4.19.19&affID=17160
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.233.195.36 http://www.agoride.com agoride.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Logon Session Broker (ASBroker) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Local Communication Channel (ASChannel) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 22719 bytes
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar nardino » 04 Juin 2011 09:41

Bonjour
Hijackthis est un peu dépassé.
Je te propose ceci qui n'exclue pas une bonne description des problèmes rencontrés :
1- Image Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

Image Double-clique sur le fichier mbam-setup-1.50.exe (sous Vista et 7 autorise les modifications)
A la fin de l'installation, veille à ce que les options suivantes soient cochées
    -Mettre à jour Malwarebytes' Anti-Malware
    -Exécuter Malwarebytes' Anti-Malware
Image Clique sur Terminer
Une fenêtre Mise à jour de Malwarebytes' Anti-Malware va s'ouvrir avec une barre de progression.
Puis une autre annonçant le succès de la mise à jour de la base de données. Clique sur OK.
Le programme s'ouvre sur l'onglet Recherche.
Coche Image Exécuter un examen rapide, clique sur le bouton Image

Image A la fin du scan, sélectionne tout et clique sur Supprimer la sélection

Image Poste le rapport qui s'ouvre après cette suppression.
Redémarre le pc si cela est demandé
Tu peux retrouver le rapport dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

2- Image Télécharge ZHPDiag de Nicolas Coolman sur ton bureau.

Explication en images

Si besoin est, nous ferons appel à d'autres outils.

@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 12:08

Bonjour,

Merci pour ta réponse
J'ai deja Malware en fonctionnement, je pense à voir un pc relativement clean, mais j'ai juste quelques ralentissements intempestifs lors de mes navigations et surtout une surchauffe quasi permanente, le ventilo tourne souvent à plein régime.. alors vieillissement, trop de programmes en cours ou autre je suis un peu perdu...

En attendant voici le rapport :

Rapport de ZHPScan v1.27 par Nicolas Coolman, Update du 03/06/2011
Run by Pik at 04/06/2011 12:59:46
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html


---\\ Clés de Registre trouvées (Registry Keys found)
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.ct2504091] =>Adware.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit
[HKCR\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon
[HKCR\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Babylon
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Conduit] =>Toolbar.Conduit

---\\ Valeurs de clé de Registre trouvées (Registry Values found)
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit

---\\ Dossiers trouvés (Directories found)
C:\Users\Pik\Appdata\Local\Conduit =>Toolbar.Conduit
C:\Users\Pik\Appdata\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\Pik\Appdata\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Pik\AppData\Roaming\Mozilla\Firefox\Profiles\flb9sjdf.default\Conduit =>Toolbar.Conduit
C:\Users\Pik\AppData\Roaming\Mozilla\Firefox\Profiles\flb9sjdf.default\ConduitEngine =>Toolbar.Conduit
C:\Users\Pik\AppData\Roaming\Mozilla\Firefox\Profiles\flb9sjdf.default\extensions\engine@conduit.com =>Toolbar.Conduit

---\\ Fichiers Firefox trouvés (Files found)
*** None ***

---\\ Fichiers trouvés (Files found)
*** None ***
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 12:10

ps : dans les clés de registre on voit surtout apparaitre cette putain de Toolbar.Babylon que je n'arrive pas à localiser pour la virer!
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar nardino » 04 Juin 2011 12:16

Bonjour
Ce n'est la rapport ZHPScan que je veux.
D'ores et déjà tu peux passer cet outil avant de faire le nouveau rapport ZHPDiag.txt
Télécharge AD-Remover sur ton bureau.
http://www.teamxscript.org/adremoverTelechargement.html
Double clique sur AD-R.exe
Clique sur le bouton Nettoyer.
Poste le rapport qui va s'ouvrir en fin de scan.
Le rapport est sauvegardé sous C:\Ad-report-SCAN[1].txt
Puis ferme le programme par Quitter.

@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 15:47

Bonjour
Voici les trois rapports :

Malware : 2 détectés donc j'ai cleané
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6768

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

04/06/2011 16:34:49
mbam-log-2011-06-04 (16-34-42).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 411098
Temps écoulé: 3 heure(s), 35 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Pik\AppData\Local\Temp\2174014.uninstall\uninstall.exe (Adware.Agent) -> No action taken.
c:\Users\Pik\AppData\Local\Temp\icreinstall\audioconvertersetup[2].exe (Adware.Agent) -> No action taken.
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 15:50

Le ZHPDial partie 1 :

Rapport de ZHPDiag v1.27.222 par Nicolas Coolman, Update du 03/06/2011
Run by Pik at 04/06/2011 15:17:55
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18975
MFIE: Mozilla Firefox v3.6.17 (fr) (Defaut)
GCIE: Google Chrome

---\\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 23 GB (19%) free of 116 GB

---\\ Logged in mode
Computer Name: PC-DE-PIK
User Name: Pik
All Users Names: Pik, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\Pik\AppData\Roaming
%LocalAppData%=C:\Users\Pik\AppData\Local
%StartMenu%=C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 105 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.545264F1F3AC5BD57B159EBBDC4FDC58] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/09/2010 07:01:28.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]



---\\ Processus lancés
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe [65536]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.B114DB354D13A21C1AC2B1807EE2F500] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [273544]
[MD5.D5A730DFDEAE005373E62BC2A866E3BB] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638232]
[MD5.2487C45B64790FC210547919F18FAC71] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1047656]
[MD5.8E5B33895AA1678EC12F74336069EEB3] - (...) -- C:\Program Files\Ad-Remover\main.exe [527371]
[MD5.BE01E566D1F569AAB32D0335613E1EEA] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168]
[MD5.A3F8BB3A06EB64266EA8A6908919F87D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [657920]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 12.0.1.647.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@garmin.com/GpsControl] - (.GARMIN Corp. - Garmin Communicator Plug-In 2.9.2.0.) -- C:\Program Files\Garmin GPS Plugin\npGarmin.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50917.0.) -- c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=12.0.1.647] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=12.0.1.647] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.652] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=12.0.1.652] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=12.0.1.647] - (.RealNetworks, Inc. - 12.0.1.647.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
M0 - MFSP: prefs.js [Pik - flb9sjdf.default] http://www.windguru.cz/fr/index.php?sc=48561
M2 - MFEP: prefs.js [Pik - flb9sjdf.default\foxmarks@kei.com] [] Xmarks v (.Todd Agulnick.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-727338538-3528345807-2767783072-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} Clé orpheline
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} Clé orpheline
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 85.233.195.36 www.agoride.com agoride.com



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} . (.Bioscrypt Inc. - SSO IE Listener.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.)
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-727338538-3528345807-2767783072-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Pik\Desktop\AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\Pik\Desktop\Agoride.lnk . (...) -- D:\Tafs\Agoride
O4 - Global Startup: C:\Users\Pik\Desktop\Corbeille.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 12.lnk . (.Pinnacle Systems.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\rawavrecorder - Raccourci.lnk . (...) -- C:\Users\Pik\Documents\rawavrecorder\rawavrecorder.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\sidebar - Raccourci.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files\Vuze\Azureus.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinCal - Raccourci.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - (.not file.) - C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} . (.Bioscrypt Inc. - e-Wallet Service.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpNameServer = 172.16.40.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpNameServer = 172.16.40.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpDomain = mobile.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpDomain = mobile.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.40.254


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Adobe Version Cue CS3) . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: (ATKGFNEXSrv) . (.Pas de propriétaire - GFNEXSrv.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (FLEXnet Licensing Service) . (.Macrovision Europe Ltd. - Activation Licensing Service.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gupdatem) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) - Clé orpheline
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 176.2.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: (spmgr) . (.Pas de propriétaire - spmgr Module.) - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeLogonTaskS-1-5-21-727338538-3528345807-2767783072-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeScheduledTaskS-1-5-21-727338538-3528345807-2767783072-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.EA20D863A09D2C39A4E35D6D761236FE] [APT] [{355DF9A7-FCCD-464B-8DF5-AA982A75CDC8}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{B938C576-4966-485A-A64A-C82372766083}] (.Pas de propriétaire.) -- C:\Program Files\ALLCapture 3.0 Essai\unins000.exe (.not file.)



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: AHV content for Acrobat and Flash - (.Adobe Systems Incorporated.) [HKLM] -- {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
O42 - Logiciel: ASUS CopyProtect - (.ASUS.) [HKLM] -- {6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
O42 - Logiciel: ASUS Power4Gear eXtreme - (.ASUS.) [HKLM] -- {9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
O42 - Logiciel: ASUS Security Protect Manager - (.ASUSTeK Computer Inc..) [HKLM] -- {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
O42 - Logiciel: ATK Generic Function Service - (.ATK.) [HKLM] -- {D3D54F3E-C5C3-443D-978F-87A72E5616E8}
O42 - Logiciel: ATK Hotkey - (.ASUS.) [HKLM] -- {7C05592D-424B-46CB-B505-E0013E8E75C9}
O42 - Logiciel: ATK Media - (.ASUS.) [HKLM] -- {D1E5870E-E3E5-4475-98A6-ADD614524ADF}
O42 - Logiciel: ATKOSD2 - (.ASUS.) [HKLM] -- {3B05F2FB-745B-4012-ADF2-439F36B2E70B}
O42 - Logiciel: Adobe After Effects CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {EB0202F7-016A-410C-ADE4-40F848CCC661}
O42 - Logiciel: Adobe After Effects CS3 Presets - (.Adobe Systems Incorporated.) [HKLM] -- {193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_3675c95c239b992d5d0ee8fce969b9e
O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- {7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95}
O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394}
O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23}
O42 - Logiciel: Adobe BridgeTalk Plugin CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E}
O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {73B5D990-04EA-4751-B10F-5534770B91F2}
O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
O42 - Logiciel: Adobe Contribute CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {F84ADE4E-9220-4324-994D-801EDD9DD251}
O42 - Logiciel: Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- {5D2398DF-3022-4820-93BA-F1175FBEA9CA}
O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {4BDB76C6-902E-41D5-9064-68768E02886B}
O42 - Logiciel: Adobe Encore CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
O42 - Logiciel: Adobe Encore CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM] -- {B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
O42 - Logiciel: Adobe Extension Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {BE5F3842-8309-4754-92D5-83E02E6077A3}
O42 - Logiciel: Adobe Fireworks CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {21C4D775-368A-46C4-8DC3-4207165B7115}
O42 - Logiciel: Adobe Flash CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {80FD3971-8482-49C8-BA8C-B6464A15882F}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Video Encoder - (.Adobe Systems Incorporated.) [HKLM] -- {1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B}
O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {7ACFB90E-8FD0-4397-AD3A-5195412623A3}
O42 - Logiciel: Adobe Illustrator CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6E08CE13-C2AB-4749-9335-5900B958929E}
O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
O42 - Logiciel: Adobe InDesign CS3 Icon Handler - (.Adobe Systems Incorporated.) [HKLM] -- {EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078}
O42 - Logiciel: Adobe MotionPicture Color Files - (.Adobe Systems Incorporated.) [HKLM] -- {6B708481-748A-4EB4-97C1-CD386244FF77}
O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
O42 - Logiciel: Adobe Premiere Pro CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
O42 - Logiciel: Adobe Premiere Pro CS3 Functional Content - (.Adobe Systems Incorporated.) [HKLM] -- {50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
O42 - Logiciel: Adobe Premiere Pro CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- {485ACF57-F364-440A-8496-E1E81C8FA1AA}
O42 - Logiciel: Adobe Reader 8.2.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A82000000003}
O42 - Logiciel: Adobe SING CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B671CBFD-4109-4D35-9252-3062D3CCB7B2}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {004685F7-9FB6-4789-812F-59ABB34A55AF}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
O42 - Logiciel: Adobe Soundbooth CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
O42 - Logiciel: Adobe Soundbooth CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM] -- {0327FA9D-975C-448C-A086-577D57BB25B8}
O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183}
O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8}
O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5}
O42 - Logiciel: Adobe Version Cue CS3 Server - (.Adobe Systems Incorporated.) [HKLM] -- {1D58229F-C505-45CA-8223-F35F3A34B963}
O42 - Logiciel: Adobe Video Profiles - (.Adobe Systems Incorporated.) [HKLM] -- {845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
O42 - Logiciel: Adobe WAS CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C5BD220A-EFE8-48A5-B70E-9503D535FACE}
O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
O42 - Logiciel: Adobe XMP DVA Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {0224CACC-994D-45F8-B973-D65056EA9C2F}
O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {D5A31AB1-345D-47C7-A87B-036A669F6DF1}
O42 - Logiciel: Ajouter ou supprimer Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_b5d5789539ea1f004a4defceea74312
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: AuthenTec Fingerprint Sensor Minimum Install - (.AuthenTec, Inc..) [HKLM] -- {EB4DF30B-102B-4F0C-927A-D50E037A325D}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}
O42 - Logiciel: Boris Graffiti - (.Boris FX, Inc..) [HKLM] -- {262BF2CD-601D-4F43-919C-4B00B1D1F338}
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] -- {415B2719-AD3A-4944-B404-C472DB6085B3}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {83770D14-21B9-44B3-8689-F7B523F94560}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Dolby Control Center - (.Dolby.) [HKLM] -- {DE66EFAD-B9CC-4FD4-9157-6C18E5100161}
O42 - Logiciel: Express Gate - (.devicevm.) [HKLM] -- {2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}
O42 - Logiciel: FileZilla Client 3.3.2.1 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client
O42 - Logiciel: Garmin Communicator Plugin - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {C7DD94A8-F775-426C-B56C-8E555A59F9E2}
O42 - Logiciel: Garmin USB Drivers - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {6DB7AD00-F781-11DF-9EEF-001279CD8240}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: ITECIR - (.ITE.) [HKLM] -- {40580068-9B10-40B5-9548-536CE88AB23C}
O42 - Logiciel: IZArc 4.1 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: LightScribe System Software 1.14.17.1 - (.LightScribe.) [HKLM] -- {0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Bullet Looks Studio - (.Pas de propriétaire.) [HKLM] -- Magic Bullet Looks Studio
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox (3.6.17) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.17)
O42 - Logiciel: NB Probe - (.Pas de propriétaire.) [HKLM] -- {6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Nikon Message Center - (.Nikon.) [HKLM] -- {D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
O42 - Logiciel: Nikon RAW Codec - (.Nikon.) [HKLM] -- {C8616041-2802-4DE2-B3BD-6285AAD65C2A}
O42 - Logiciel: Nikon Transfer - (.Nikon.) [HKLM] -- {E9757890-7EC5-46C8-99AB-B00F07B6525C}
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM] -- {7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
O42 - Logiciel: OFFICE One 7.0 - (.ISSENDIS.) [HKLM] -- {276CB8D8-4C93-4C1D-95A3-B1B1FFF980A1}
O42 - Logiciel: OFFICE One License v7 - (.ISSENDIS.) [HKLM] -- {74588E42-C78A-42A8-9A3A-9ED6BF747CFE}
O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] -- {87441A59-5E64-4096-A170-14EFE67200C3}
O42 - Logiciel: Pilote vidéo Pinnacle - (.Pinnacle Systems.) [HKLM] -- {5EB90C06-964F-4195-B83E-BD7E55C88415}
O42 - Logiciel: Pinnacle Studio 12 - (.Pinnacle Systems.) [HKLM] -- {D041EB9E-890A-4098-8F94-51DA194AC72A}
O42 - Logiciel: Pinnacle Studio 12 Ultimate Plugins - (.Pinnacle Systems.) [HKLM] -- {D1860E6E-520E-4380-8433-E58E8F88B473}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2008 Runtime - (.RealNetworks, Inc.) [HKLM] -- {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Skype™ 4.1 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: Sony Noise Reduction Plug-In 2.0h - (.Sony.) [HKLM] -- {06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
O42 - Logiciel: Sorenson Squeeze Trial - (.Pas de propriétaire.) [HKLM] -- {8B8C7492-DD45-47F7-B456-EB0197BC5085}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.1 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: ViewNX - (.Nikon.) [HKLM] -- {F007CBCE-D714-4C0B-8CE9-9B0D78116468}
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: WinFlash - (.Pas de propriétaire.) [HKLM] -- {DE10AB76-4756-4913-BE25-55D1C1051F9A}
O42 - Logiciel: Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) - (.Garmin.) [HKLM] -- 49CF605F02C7954F4E139D18828DE298CD59217C
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Wireless Console 2 - (.ATK.) [HKLM] -- {83F73CB1-7705-49D1-9852-84D839CA2A45}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {2A697B53-0DE3-42DA-B41D-C3F804B1C538}
O42 - Logiciel: proDAD Mercalli 1.0 - (.Pas de propriétaire.) [HKLM] -- proDAD-Mercalli-1.0
O42 - Logiciel: proDAD Vitascene 1.0 - (.Pas de propriétaire.) [HKLM] -- proDAD-Vitascene-1.0

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\BabylonToolbar]
[HKCU\Software\Badoo]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\Database]
[HKCU\Software\Digital Basic]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Freeware]
[HKCU\Software\Gabest]
[HKCU\Software\Garmin]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\ITConcepts]
[HKCU\Software\IZSoftware]
[HKCU\Software\InstallCore]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept (Nikon)]
[HKCU\Software\MainConcept (Sorenson)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Maxtor]
[HKCU\Software\MimarSinan]
[HKCU\Software\Minnetonka Audio Software]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Nikon]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\Pinnacle Systems]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Red Giant Software]
[HKCU\Software\RedGiantSoftware]
[HKCU\Software\Ripp-it]
[HKCU\Software\Skype]
[HKCU\Software\Sony Media Software]
[HKCU\Software\SorensonMedia]
[HKCU\Software\Sorenson]
[HKCU\Software\Synaptics]
[HKCU\Software\TechSmith]
[HKCU\Software\TorrentEasy]
[HKCU\Software\Trolltech]
[HKCU\Software\VOB]
[HKCU\Software\YASASOFT]
[HKCU\Software\ej-technologies]
[HKCU\Software\proDAD]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ASPG]
[HKLM\Software\ASUS]
[HKLM\Software\ATK0100]
[HKLM\Software\ATK]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AsLdr]
[HKLM\Software\Atheros]
[HKLM\Software\AuthenTec]
[HKLM\Software\Avira]
[HKLM\Software\Azureus]
[HKLM\Software\BabylonToolbar]
[HKLM\Software\Boris FX, Inc.]
[HKLM\Software\CDDB]
[HKLM\Software\CLSYSTEM]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DeviceVM]
[HKLM\Software\DivX]
[HKLM\Software\Documentation]
[HKLM\Software\Dolby]
[HKLM\Software\Electric Clav]
[HKLM\Software\FAST Multimedia]
[HKLM\Software\FileZilla 3]
[HKLM\Software\FreeCDRIP]
[HKLM\Software\GEAR Software]
[HKLM\Software\Garmin]
[HKLM\Software\Google]
[HKLM\Software\HighCriteria]
[HKLM\Software\ITConcepts]
[HKLM\Software\ITE]
[HKLM\Software\IZSoftware]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\LightScribe]
[HKLM\Software\MAXSOFT-OCRON]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Minnetonka Audio Software]
[HKLM\Software\Motorola]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nikon]
[HKLM\Software\Norton]
[HKLM\Software\Ntpad]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Pegasus Imaging]
[HKLM\Software\PegasusImaging]
[HKLM\Software\Pinnacle Systems]
[HKLM\Software\Policies]
[HKLM\Software\RICOH]
[HKLM\Software\RTLSetup]
[HKLM\Software\Rainbow Technologies]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\Red Giant Software]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Siemens]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Media Software]
[HKLM\Software\Sorenson Media]
[HKLM\Software\SorensonMedia]
[HKLM\Software\SuppHelpDir]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Synthetic Aperture]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows]
[HKLM\Software\Wondershare]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
[HKLM\Software\proDAD]
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 15:52

Le ZHPDial partie 2 :

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2011 - 15:12:00 - [136619167] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 19/01/2011 - 12:20:58 - [5599945240] ----D- C:\Program Files\Adobe
O43 - CFD: 15/01/2010 - 05:40:46 - [21712298] ----D- C:\Program Files\ASUS
O43 - CFD: 17/03/2009 - 13:24:30 - [19129104] ----D- C:\Program Files\ASUS Security Center
O43 - CFD: 17/03/2009 - 13:15:04 - [10314336] ----D- C:\Program Files\Atheros
O43 - CFD: 17/03/2009 - 13:01:24 - [464496] ----D- C:\Program Files\ATKGFNEX
O43 - CFD: 20/08/2009 - 12:28:44 - [175973891] ----D- C:\Program Files\Avira
O43 - CFD: 28/01/2010 - 16:25:40 - [1995218] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 11/04/2011 - 13:22:20 - [617036] ----D- C:\Program Files\Bonjour
O43 - CFD: 01/08/2009 - 11:08:42 - [309963549] ----D- C:\Program Files\Boris FX, Inc
O43 - CFD: 17/03/2009 - 13:15:00 - [3920423] ----D- C:\Program Files\Cisco
O43 - CFD: 27/05/2011 - 15:12:02 - [2055656579] ----D- C:\Program Files\Common Files
O43 - CFD: 17/03/2009 - 12:27:52 - [225755440] ----D- C:\Program Files\CyberLink
O43 - CFD: 22/09/2010 - 10:40:48 - [304608] ----D- C:\Program Files\DIFX
O43 - CFD: 17/03/2009 - 13:09:48 - [37037839] ----D- C:\Program Files\Dolby
O43 - CFD: 28/04/2010 - 00:49:44 - [15671177] ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD: 17/03/2009 - 13:23:52 - [651178] ----D- C:\Program Files\Fingerprint Sensor
O43 - CFD: 22/09/2010 - 10:40:12 - [122956] ----D- C:\Program Files\Garmin
O43 - CFD: 22/09/2010 - 10:40:52 - [12266640] ----D- C:\Program Files\Garmin GPS Plugin
O43 - CFD: 12/12/2010 - 23:53:58 - [91660401] ----D- C:\Program Files\Google
O43 - CFD: 14/03/2011 - 20:52:36 - [90408304] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 30/11/2010 - 14:56:20 - [5784461] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/04/2011 - 13:28:34 - [1856627] ----D- C:\Program Files\iPod
O43 - CFD: 11/04/2011 - 13:29:36 - [127660511] ----D- C:\Program Files\iTunes
O43 - CFD: 26/02/2010 - 18:01:00 - [13497990] ----D- C:\Program Files\IZArc
O43 - CFD: 19/02/2010 - 16:02:54 - [9588280] ----D- C:\Program Files\LooksBuilderSE
O43 - CFD: 04/06/2011 - 12:58:20 - [7677754] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 26/11/2009 - 15:04:08 - [226432] ----D- C:\Program Files\Microsoft
O43 - CFD: 26/10/2009 - 21:51:28 - [93496097] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 02/01/2011 - 09:49:02 - [38360699] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 30/11/2010 - 14:56:20 - [99342446] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/06/2011 - 19:12:16 - [31685778] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 17/08/2009 - 18:39:30 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 14/03/2011 - 20:53:12 - [0] ----D- C:\Program Files\My Company Name
O43 - CFD: 01/08/2009 - 11:28:18 - [50214013] ----D- C:\Program Files\Nikon
O43 - CFD: 03/04/2011 - 22:38:28 - [296891] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 20/11/2009 - 18:16:18 - [237438879] ----D- C:\Program Files\OFFICE One 7.0
O43 - CFD: 20/11/2009 - 18:18:14 - [2915264] ----D- C:\Program Files\OFFICE One v7
O43 - CFD: 15/03/2011 - 13:23:56 - [17510] ----D- C:\Program Files\Orange
O43 - CFD: 17/03/2009 - 13:34:44 - [7549187] ----D- C:\Program Files\P4G
O43 - CFD: 01/08/2009 - 11:05:02 - [1302197062] ----D- C:\Program Files\Pinnacle
O43 - CFD: 01/08/2009 - 11:09:16 - [134225611] ----D- C:\Program Files\proDAD
O43 - CFD: 27/05/2011 - 15:12:06 - [95907801] ----D- C:\Program Files\Real
O43 - CFD: 17/03/2009 - 13:08:34 - [58693339] ----D- C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 14:37:36 - [41817857] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 18/05/2011 - 13:08:14 - [29760953] R---D- C:\Program Files\Skype
O43 - CFD: 03/08/2009 - 11:04:16 - [5361222] ----D- C:\Program Files\Sony
O43 - CFD: 17/03/2009 - 13:37:40 - [14518091] ----D- C:\Program Files\Synaptics
O43 - CFD: 03/06/2011 - 13:28:04 - [22746] ----D- C:\Program Files\Trend Micro
O43 - CFD: 02/11/2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 03/08/2009 - 10:55:54 - [74466874] ----D- C:\Program Files\VideoLAN
O43 - CFD: 23/03/2011 - 18:55:58 - [111676387] ----D- C:\Program Files\Vuze
O43 - CFD: 18/02/2010 - 05:34:34 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 18/02/2010 - 05:34:32 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 18/02/2010 - 05:34:30 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 18/02/2010 - 05:34:32 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 15/01/2010 - 05:39:00 - [45806173] ----D- C:\Program Files\Windows Live
O43 - CFD: 30/11/2010 - 14:56:20 - [9116856] ----D- C:\Program Files\Windows Mail
O43 - CFD: 30/11/2010 - 14:56:22 - [4494025] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 02/11/2006 - 14:37:36 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 18/02/2010 - 05:34:32 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 18/02/2010 - 05:34:34 - [10427365] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 17/03/2009 - 13:22:32 - [2217805] ----D- C:\Program Files\Wireless Console 2
O43 - CFD: 04/06/2011 - 15:18:58 - [3899068] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 19/01/2011 - 12:21:10 - [1207128540] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 19/05/2011 - 12:58:30 - [16393504] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 01/08/2009 - 15:58:02 - [270336] ----D- C:\Program Files\Common Files\Control Panels
O43 - CFD: 15/03/2011 - 13:22:54 - [5959083] ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 01/08/2009 - 11:25:44 - [8208920] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 17/03/2009 - 12:26:44 - [30232782] ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 01/08/2009 - 15:30:38 - [655183] ----D- C:\Program Files\Common Files\Macrovision Shared
O43 - CFD: 11/04/2011 - 12:11:00 - [198421249] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 01/08/2009 - 11:26:44 - [4177705] ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 01/08/2009 - 11:30:36 - [27275286] ----D- C:\Program Files\Common Files\Nikon
O43 - CFD: 31/07/2009 - 18:34:10 - [3385947] ----D- C:\Program Files\Common Files\Pinnacle
O43 - CFD: 26/05/2011 - 13:33:42 - [0] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 31/07/2009 - 18:14:12 - [1959208] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/02/2010 - 05:34:32 - [16016370] ----D- C:\Program Files\Common Files\System
O43 - CFD: 31/07/2009 - 16:26:20 - [493650721] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:12:02 - [352256] ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 31/07/2009 - 18:28:32 - [315828] ----D- C:\Program Files\Common Files\Yahoo!
O43 - CFD: 24/02/2011 - 17:00:26 - [164285851] ----D- C:\ProgramData\Adobe
O43 - CFD: 01/08/2009 - 15:56:22 - [0] ----D- C:\ProgramData\ALM
O43 - CFD: 11/04/2011 - 13:21:48 - [2344708] ----D- C:\ProgramData\Apple
O43 - CFD: 11/04/2011 - 13:26:18 - [38413029] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 21/08/2009 - 16:36:00 - [104718] ----D- C:\ProgramData\ASUS
O43 - CFD: 17/03/2009 - 13:14:32 - [12024] ----D- C:\ProgramData\Atheros
O43 - CFD: 20/08/2009 - 12:28:44 - [49531767] ----D- C:\ProgramData\Avira
O43 - CFD: 24/01/2010 - 18:57:48 - [40076] ----D- C:\ProgramData\CyberLink
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 01/08/2009 - 11:27:50 - [279] ----D- C:\ProgramData\EnterNHelp
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 01/08/2009 - 11:25:52 - [12] ----D- C:\ProgramData\Flags
O43 - CFD: 26/08/2010 - 18:48:18 - [52655] ----D- C:\ProgramData\FLEXnet
O43 - CFD: 01/08/2009 - 11:27:50 - [12] ----D- C:\ProgramData\Galaxy Swirl
O43 - CFD: 28/08/2009 - 13:21:50 - [390] ----D- C:\ProgramData\LightScribe
O43 - CFD: 20/08/2009 - 12:32:22 - [16236380] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 30/11/2010 - 14:35:06 - [173361566] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 18/11/2009 - 13:44:12 - [119336] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 10/08/2009 - 14:34:00 - [0] ----D- C:\ProgramData\Minnetonka Audio Software
O43 - CFD: 01/08/2009 - 11:26:42 - [6997856] ----D- C:\ProgramData\Nikon
O43 - CFD: 18/02/2010 - 05:30:46 - [189747] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 03/04/2011 - 22:38:12 - [281381] ----D- C:\ProgramData\NVIDIA Corporation
O43 - CFD: 20/11/2009 - 18:18:14 - [190] ----D- C:\ProgramData\OFFICE One v7
O43 - CFD: 03/04/2011 - 22:43:04 - [2191] ----D- C:\ProgramData\P4G
O43 - CFD: 31/07/2009 - 18:28:32 - [459526] ----D- C:\ProgramData\Pinnacle
O43 - CFD: 31/07/2009 - 18:28:32 - [0] ----D- C:\ProgramData\Pinnacle Studio Plus
O43 - CFD: 31/07/2009 - 18:33:24 - [36864] ----D- C:\ProgramData\Pinnacle Studio Ultimate
O43 - CFD: 22/02/2010 - 16:37:28 - [1482220] ----D- C:\ProgramData\Real
O43 - CFD: 31/07/2009 - 18:14:10 - [28326338] ----D- C:\ProgramData\Skype
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 31/07/2009 - 18:28:32 - [2965596473] ----D- C:\ProgramData\Studio 12
O43 - CFD: 31/07/2009 - 17:51:02 - [64] ----D- C:\ProgramData\Symantec
O43 - CFD: 17/03/2009 - 12:27:04 - [90183] ----D- C:\ProgramData\Temp
O43 - CFD: 02/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 28/04/2011 - 20:39:12 - [2828624] ----D- C:\ProgramData\TorrentEasy
O43 - CFD: 01/08/2009 - 11:27:50 - [40] ----D- C:\ProgramData\Ultima_T15
O43 - CFD: 03/08/2009 - 20:22:32 - [0] ----D- C:\ProgramData\WindowsSearch
O43 - CFD: 03/06/2011 - 11:32:14 - [401556194] ----D- C:\Users\Pik\AppData\Roaming\Adobe
O43 - CFD: 17/02/2010 - 19:52:12 - [23508] ----D- C:\Users\Pik\AppData\Roaming\ALLCapture
O43 - CFD: 11/04/2011 - 13:32:02 - [60918535] ----D- C:\Users\Pik\AppData\Roaming\Apple Computer
O43 - CFD: 04/01/2011 - 23:05:20 - [0] ----D- C:\Users\Pik\AppData\Roaming\Avira
O43 - CFD: 29/05/2011 - 00:14:26 - [7802977] ----D- C:\Users\Pik\AppData\Roaming\Azureus
O43 - CFD: 18/11/2009 - 12:57:30 - [0] ----D- C:\Users\Pik\AppData\Roaming\CyberLink
O43 - CFD: 26/05/2011 - 17:02:52 - [1015] ----D- C:\Users\Pik\AppData\Roaming\dvdcss
O43 - CFD: 04/11/2010 - 12:51:04 - [19008] ----D- C:\Users\Pik\AppData\Roaming\FileZilla
O43 - CFD: 27/05/2011 - 12:57:26 - [1235] ----D- C:\Users\Pik\AppData\Roaming\Free Sound Recorder
O43 - CFD: 22/09/2010 - 10:41:40 - [0] ----D- C:\Users\Pik\AppData\Roaming\GARMIN
O43 - CFD: 31/07/2009 - 16:33:42 - [0] ----D- C:\Users\Pik\AppData\Roaming\Identities
O43 - CFD: 14/03/2011 - 20:53:08 - [0] ----D- C:\Users\Pik\AppData\Roaming\InstallShield
O43 - CFD: 01/08/2009 - 10:58:06 - [2093674] ----D- C:\Users\Pik\AppData\Roaming\Macromedia
O43 - CFD: 20/08/2009 - 12:32:24 - [6314] ----D- C:\Users\Pik\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 14:37:36 - [0] ----D- C:\Users\Pik\AppData\Roaming\Media Center Programs
O43 - CFD: 17/04/2010 - 12:37:56 - [26511500] -S--D- C:\Users\Pik\AppData\Roaming\Microsoft
O43 - CFD: 31/07/2009 - 18:09:38 - [6976636] ----D- C:\Users\Pik\AppData\Roaming\Mozilla
O43 - CFD: 19/08/2009 - 11:16:40 - [81920] ----D- C:\Users\Pik\AppData\Roaming\Nikon
O43 - CFD: 04/06/2011 - 12:07:48 - [5202035] ----D- C:\Users\Pik\AppData\Roaming\OFFICEOne7
O43 - CFD: 01/08/2009 - 11:09:18 - [79194] ----D- C:\Users\Pik\AppData\Roaming\proDAD
O43 - CFD: 27/05/2011 - 15:12:28 - [2869781] ----D- C:\Users\Pik\AppData\Roaming\Real
O43 - CFD: 03/06/2011 - 18:02:28 - [1729944] ----D- C:\Users\Pik\AppData\Roaming\Skype
O43 - CFD: 03/06/2011 - 16:04:12 - [61848] ----D- C:\Users\Pik\AppData\Roaming\skypePM
O43 - CFD: 29/05/2011 - 03:22:00 - [627204] ----D- C:\Users\Pik\AppData\Roaming\vlc
O43 - CFD: 26/05/2011 - 16:03:14 - [1638851834] ----D- C:\Users\Pik\Appdata\Local\Adobe
O43 - CFD: 12/09/2009 - 14:12:40 - [0] ----D- C:\Users\Pik\Appdata\Local\Apple
O43 - CFD: 03/12/2010 - 16:44:00 - [19937425] ----D- C:\Users\Pik\Appdata\Local\Apple Computer
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Application Data
O43 - CFD: 21/08/2009 - 16:35:58 - [1373750] ----D- C:\Users\Pik\Appdata\Local\ASUS
O43 - CFD: 31/07/2009 - 18:33:52 - [5319168] ----D- C:\Users\Pik\Appdata\Local\Downloaded Installations
O43 - CFD: 27/05/2011 - 12:53:28 - [5018] ----D- C:\Users\Pik\Appdata\Local\Google
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Historique
O43 - CFD: 19/02/2010 - 16:04:30 - [1293669190] ----D- C:\Users\Pik\Appdata\Local\Microsoft
O43 - CFD: 30/11/2009 - 17:32:58 - [241629] ----D- C:\Users\Pik\Appdata\Local\Microsoft Games
O43 - CFD: 15/01/2010 - 07:42:30 - [37712] ----D- C:\Users\Pik\Appdata\Local\MigWiz
O43 - CFD: 31/07/2009 - 18:09:32 - [66133936] ----D- C:\Users\Pik\Appdata\Local\Mozilla
O43 - CFD: 04/11/2010 - 02:40:40 - [12547] ----D- C:\Users\Pik\Appdata\Local\Pinnacle
O43 - CFD: 31/07/2009 - 16:34:34 - [727040] ----D- C:\Users\Pik\Appdata\Local\Power2Go
O43 - CFD: 18/11/2009 - 13:28:32 - [285696] ----D- C:\Users\Pik\Appdata\Local\Seven Zip
O43 - CFD: 03/08/2009 - 11:00:28 - [0] ----D- C:\Users\Pik\Appdata\Local\Sony
O43 - CFD: 19/08/2009 - 11:09:50 - [7992] ----D- C:\Users\Pik\Appdata\Local\Symantec
O43 - CFD: 04/06/2011 - 15:21:36 - [28523317] ----D- C:\Users\Pik\Appdata\Local\Temp
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Temporary Internet Files
O43 - CFD: 31/07/2009 - 17:48:12 - [3566022] ----D- C:\Users\Pik\Appdata\Local\VirtualStore



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.DCED12005489BB7700FCFD7FB0EE1200] - 04/06/2011 - 14:16:04 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [11927]
O44 - LFC:[MD5.7C4EC5520097D9594A7B1A131BD706CE] - 04/06/2011 - 14:13:22 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [12150]
O44 - LFC:[MD5.DCED12005489BB7700FCFD7FB0EE1200] - 04/06/2011 - 13:43:30 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1836575]
O44 - LFC:[MD5.0268EF6A8D57CF2D1A0F78F9A5538F50] - 04/06/2011 - 13:42:34 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.4AE18CEF7F93BB62D8ACF7B7470C95F4] - 04/06/2011 - 10:46:23 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1470810]
O44 - LFC:[MD5.AEF06567AB13ECAD8D21420F004DFBCB] - 04/06/2011 - 10:46:23 ---A- . (...) -- C:\Windows\System32\perfc009.dat [98916]
O44 - LFC:[MD5.9D12AF16305E7D65EC851B74687E712D] - 04/06/2011 - 10:46:23 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [123556]
O44 - LFC:[MD5.0688BC4601B8AA8F0270A892E8E41116] - 04/06/2011 - 10:46:23 ---A- . (...) -- C:\Windows\System32\perfh009.dat [584844]
O44 - LFC:[MD5.5D61FA84CEE63FB782BFD2D0EFC19988] - 04/06/2011 - 10:46:23 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [669566]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/05/2011 - 11:59:35 ---A- . (...) -- C:\Windows\setupact.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/05/2011 - 11:59:35 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.84D360FEDD0074DAA8B3C0EA2A6E146E] - 29/05/2011 - 09:27:40 ---A- . (...) -- C:\Windows\PFRO.log [328260]
O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [39984]
O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [22712]
O44 - LFC:[MD5.E9E1BDA354DD4CB06E721041F6266D92] - 27/05/2011 - 14:11:44 ---A- . (.RealNetworks, Inc. - Real Player(tm) ActiveX Control.) -- C:\Windows\System32\rmoc3260.dll [198848]
O44 - LFC:[MD5.33833B3EDA1B07EBD367FA9B38B23E60] - 27/05/2011 - 14:11:28 ---A- . (.RealNetworks, Inc. - 16 bit DirectX helper DLL.) -- C:\Windows\System32\pndx5016.dll [6656]
O44 - LFC:[MD5.B74E422BC81236042529DC8A42A18423] - 27/05/2011 - 14:11:28 ---A- . (.RealNetworks, Inc. - 32 bit DirectX helper DLL.) -- C:\Windows\System32\pndx5032.dll [5632]
O44 - LFC:[MD5.B4EB68502E52EBDC0B2C55EA3445284C] - 27/05/2011 - 14:11:26 ---A- . (.Progressive Networks - Pas de description.) -- C:\Windows\System32\pncrt.dll [272896]
O44 - LFC:[MD5.3A63DC3953A6B51A119E9320C4B6DB53] - 26/05/2011 - 12:33:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [172668]



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0ac2f552-06c6-11df-a3ef-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{0e67dbe1-bb15-11de-a5dd-00235470097e}\AutoRun\command - Clé orpheline
O51 - MPSK:{6f0e2f4d-4ef1-11e0-9743-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{9fde41bb-4cc8-11e0-b11a-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{a09d363c-3df2-11e0-b0d5-8e7bb57945b1}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- G:\autorun.exe (.not file.)
O51 - MPSK:{ad835400-4bb8-11e0-b375-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{f811ea29-9dd4-11de-8599-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- I:\LaunchU3.exe (.not file.)

---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \Drivers32\"vidc.mjpg"="pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\Windows\System32\pvmjpg30.dll
O52 - TDSD: \Drivers32\"vidc.yv12"="yv12vfw.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM"="MP3 PowerEncoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\Windows\System32\pvmjpg30.dll



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Acrobat Assistant 8.0 [Key] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\Adobe_ID0EYTHM [Key] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.exe
O53 - SMSR:HKLM\...\startupreg\ASUS Screen Saver Protector [Key] . (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe
O53 - SMSR:HKLM\...\startupreg\ATKMEDIA [Key] . (.ASUS - ATK Media.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (.ASUS - ATKOSD2.) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O53 - SMSR:HKLM\...\startupreg\CLMLServer [Key] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O53 - SMSR:HKLM\...\startupreg\CognizanceTS [Key] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll
O53 - SMSR:HKLM\...\startupreg\ehTray.exe [Key] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O53 - SMSR:HKLM\...\startupreg\fssui [Key] . (...) -- C:\Program Files\Windows Live\Family Safety\fsui.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Google Desktop Search [Key] . (...) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HControlUser [Key] . (.Pas de propriétaire - HControlUser.) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O53 - SMSR:HKLM\...\startupreg\LightScribe Control Panel [Key] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\NvCplDaemon [Key] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O53 - SMSR:HKLM\...\startupreg\NvMediaCenter [Key] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O53 - SMSR:HKLM\...\startupreg\P2Go_Menu [Key] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE [Key] . (...) -- C:\Program Files\PowerISO\PWRISOVM.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (...) -- C:\Program Files\QuickTime\QTTask.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (...) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Defender [Key] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O53 - SMSR:HKLM\...\startupreg\WMPNSCFG [Key] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0

---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.4DF523F49694B2884F8E5D870BF3E253] - 06/04/2008 - 02:56:08 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\drivers\athr.sys [908800]
O58 - SDL:[MD5.97AFFA9D95FFE20EEE6229BC6BE166CF] - 15/12/2006 - 23:11:57 ---A- . (.ATK0100 - ATK0100 ACPI Utility.) -- C:\Windows\system32\drivers\ATKACPI.sys [7680]
O58 - SDL:[MD5.F70D2392158CB68E775F8C4CD3D12FBB] - 17/06/2007 - 05:29:08 ---A- . (.AuthenTec, Inc. - Slide Fingerprint USB Driver.) -- C:\Windows\system32\drivers\atswpdrv.sys [146824]
O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 14/12/2010 - 09:17:25 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [61960]
O58 - SDL:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 01/04/2011 - 18:15:55 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [137656]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.E66710639A292F6341D63B01EE8E8037] - 12/11/2008 - 11:53:36 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ewusbfake.sys [100224]
O58 - SDL:[MD5.4154079A88089155D10168333B19627F] - 12/11/2008 - 11:53:36 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ewusbmdm.sys [101504]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.707C1692214B1C290271067197F075F6] - 20/07/2008 - 10:44:43 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [324120]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.8BCD857C7932AD005D5F9C89329DA2E1] - 19/12/2007 - 01:12:12 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\itecir.sys [54784]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.27BD4AC228EF6C0D490617C32E86A672] - 03/06/2008 - 22:41:51 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\system32\drivers\kbfiltr.sys [15928]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.8039F480C192DD99FED4EBC71FFBF795] - 29/05/2008 - 18:21:02 ---A- . (.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) -- C:\Windows\system32\drivers\lullaby.sys [15416]
O58 - SDL:[MD5.A3E700D78EEC390F1208098CDCA5C6B6] - 23/09/2005 - 22:18:32 ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\Windows\system32\drivers\MarvinBus.sys [171520]
O58 - SDL:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]
O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [39984]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.216AC775320F64DE28CFEB7C179C4FF9] - 03/05/2007 - 12:37:08 ---A- . (.Maxtor Corp. - OneTouch Security Driver.) -- C:\Windows\system32\drivers\mxopswd.sys [22152]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.2C7AC27710E8D41C1EB7D1599187D237] - 25/06/2008 - 06:05:05 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [44064]
O58 - SDL:[MD5.B5D2B15D3EBA77BEF9392FBEFB3DDDA0] - 25/07/2008 - 09:30:59 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.) -- C:\Windows\system32\drivers\nvlddmkm.sys [7547552]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 03:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 03:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.9CCF89372C5A04E97CD89B58AE697796] - 27/08/2009 - 13:18:30 ---A- . (.TCT International Mobile Ltd - USB/Serial Device Driver.) -- C:\Windows\system32\drivers\qcusbser.sys [103552]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 03:23:24 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.DED01A389926A89540B82373E4C550EE] - 25/06/2008 - 23:55:12 ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\system32\drivers\rimmptsk.sys [47104]
O58 - SDL:[MD5.C398BCA91216755B098679A8DA8A2300] - 30/07/2007 - 18:42:58 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\system32\drivers\rimsptsk.sys [43008]
O58 - SDL:[MD5.2A2554CB24506E0A0508FC395C4A1B42] - 30/07/2007 - 19:54:02 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\system32\drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.23EBCEE9AAA4D6C88728791FAB462456] - 13/06/2008 - 10:10:07 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2152344]
O58 - SDL:[MD5.ABBE0F54BA3A378262C9CB86CF7D91F8] - 14/02/2008 - 22:56:01 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\system32\drivers\Rtlh86.sys [118784]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 03:23:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.C8A58FC905C9184FA70E37F71060C64D] - 02/11/2006 - 08:41:49 ---A- . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\Windows\system32\drivers\smserial.sys [1010560]
O58 - SDL:[MD5.0057F29323C393A35903B4C5DAF9A144] - 09/05/2007 - 08:16:39 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\system32\drivers\sncduvc.sys [28160]
O58 - SDL:[MD5.A709DFA1674C1ED61EF7B5F29B38EEB1] - 13/05/2008 - 07:35:23 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\system32\drivers\snp2uvc.sys [1772544]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 15:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.A59457258DC236F63D6EAC759EF6C08B] - 16/11/2007 - 06:09:45 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [195760]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 03:23:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 03:23:23 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.85ECE26F326C2D07BA77A60343468272] - 19/11/2008 - 09:41:08 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\system32\drivers\WsAudioDevice_383.sys [16640]
O58 - SDL:[MD5.7D1F3B131D503EF43EE594B5A2B9B427] - 02/11/2006 - 08:30:56 ---A- . (.Marvell - Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon.) -- C:\Windows\system32\drivers\yk60x86.sys [194048]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.4DF523F49694B2884F8E5D870BF3E253] - 06/04/2008 - 02:56:08 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\athr.sys [908800]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]

---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\Program Files\ATKGFNEX\ASMMAP.sys - ASMMAP (ASMMAP) .(...) - LEGACY_ASMMAP
O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 14/12/2010 - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 01/04/2011 - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(...) - LEGACY_EECTRL
O64 - Services: CurCS - (.not file.) - EraserUtilDrv10910 (EraserUtilDrv10910) .(...) - LEGACY_ERASERUTILDRV10910
O64 - Services: CurCS - (.not file.) - EraserUtilRebootDrv (EraserUtilRebootDrv) .(...) - LEGACY_ERASERUTILREBOOTDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\EXFAT.sys - (.not file.) - exFAT File System Driver (exfat) .(...) - LEGACY_EXFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - (.not file.) - FssFltr (fssfltr) .(...) - LEGACY_FSSFLTR
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys - ghaio (ghaio) .(...) - LEGACY_GHAIO
O64 - Services: CurCS - (.not file.) - IDSVix86 (IDSVix86) .(...) - LEGACY_IDSVIX86
O64 - Services: CurCS - 29/05/2008 - C:\Windows\System32\DRIVERS\lullaby.sys - lullaby(lullaby) .(.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) - LEGACY_LULLABY
O64 - Services: CurCS - 29/05/2011 - C:\Windows\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - (.not file.) - SCDEmu (SCDEmu) .(...) - LEGACY_SCDEMU
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR
O64 - Services: CurCS - 17/06/2010 - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - (.not file.) - SYMDNS (SYMDNS) .(...) - LEGACY_SYMDNS
O64 - Services: CurCS - (.not file.) - Symantec Extended File Attributes (SymEFA) .(...) - LEGACY_SYMEFA
O64 - Services: CurCS - (.not file.) - SYMFW (SYMFW) .(...) - LEGACY_SYMFW
O64 - Services: CurCS - (.not file.) - SYMNDISV (SYMNDISV) .(...) - LEGACY_SYMNDISV
O64 - Services: CurCS - (.not file.) - SYMREDRV (SYMREDRV) .(...) - LEGACY_SYMREDRV
O64 - Services: CurCS - (.not file.) - SYMTDI (SYMTDI) .(...) - LEGACY_SYMTDI
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 15:53

Le ZHPDial partie 3 :

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.496F03DCA0EFF43EA168ED20ACCC6EFF] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Pik\AppData\Local\Temp\GLFE554.tmp.ConduitEngineSetup.exe [158048]
[MD5.B92293778555CE3DABE7F0A7E98B34C0] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Pik\AppData\Local\Temp\prxGLFE554.tmp.tbFree.dll [175912]
[MD5.1A8438854DD15E4389F5BDEF502C369D] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Pik\AppData\Local\Temp\tbFree.dll [4216104]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "{DCF239A9-08D5-451D-848A-94AE4B220428}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O87 - FAEL: "{0F673E9A-8902-4EAB-BCA1-82A85B74BAA0}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - Render Manager.) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
O87 - FAEL: "{523B54AA-DD68-4760-9D59-C54E3A6C1D7E}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - Render Manager.) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
O87 - FAEL: "{D6F10092-5BAA-488E-ACAD-3DFCA9691D52}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O87 - FAEL: "{0A1DCFA0-7D79-494F-967F-0C2BE46C857C}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O87 - FAEL: "{1B57699E-C0CC-45C0-B5E4-ABFCB70736AE}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - umi.) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
O87 - FAEL: "{07DEBAD6-D0CD-4F11-AC6B-168DDF130528}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - umi.) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
O87 - FAEL: "{1AEBB7CF-3A36-4097-AD13-EDDCB826B3E5}" | In - Public - P6 - TRUE | .(.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O87 - FAEL: "{7BF73580-F1B4-4F94-8A7C-F2894BAD5EE8}" | In - Public - P17 - TRUE | .(.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O87 - FAEL: "TCP Query User{63B7E2DC-D556-4331-9891-4C00EFB169C5}C:\program files\internet explorer\iexplore.exe" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "UDP Query User{0B65D0A8-16FC-4FE3-8581-CA16B6386908}C:\program files\internet explorer\iexplore.exe" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "TCP Query User{C920A700-0F1C-4201-B747-E2F944DBF068}C:\program files\real\realplayer\realplay.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{C595EDBD-47A1-4479-9029-765749CE58A9}C:\program files\real\realplayer\realplay.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{5671566C-7A54-4325-8957-735E3F834501}C:\program files\real\realplayer\recordingmanager.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc..) -- C:\program files\real\realplayer\recordingmanager.exe
O87 - FAEL: "UDP Query User{19BF5A03-90E4-4A49-B37A-4F2B8F9B9EAC}C:\program files\real\realplayer\recordingmanager.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc..) -- C:\program files\real\realplayer\recordingmanager.exe
O87 - FAEL: "TCP Query User{07B53EAC-5AEF-4F6E-9144-FF45A0BCC7A3}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "UDP Query User{2379E3DC-87FE-4EB6-B3E9-39503A1C2F28}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "TCP Query User{40640BD7-81C5-4EF4-9CCD-953D17AE41EB}C:\program files\sorenson media\sorenson squeeze\squeeze.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\sorenson media\sorenson squeeze\squeeze.exe (.not file.)
O87 - FAEL: "UDP Query User{BC9B1C14-D627-4ACA-9D19-E347195A1F8C}C:\program files\sorenson media\sorenson squeeze\squeeze.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\sorenson media\sorenson squeeze\squeeze.exe (.not file.)
O87 - FAEL: "TCP Query User{FAF2AD50-0693-4DED-B149-831DB3209246}C:\program files\real\realplayer\realplay.exe" | In - Private - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{10314C96-231F-4AF3-8E21-CA7BADEE5616}C:\program files\real\realplayer\realplay.exe" | In - Private - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{25966E69-A7B1-4F7F-80D9-C3313D0AAE62}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "UDP Query User{99BE7EFD-DAA4-4E62-A56E-3D4201504FD8}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "{28671E82-2846-44F7-9222-263B2B27DD72}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{10B06F31-EB42-445D-BE5F-C29F9179BE0A}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{B6555CF1-4489-4440-BD26-4F6E301086C8}" | In - Private - P6 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "{EFCAB917-48AE-4E12-9F6E-3CAED8856A8B}" | In - Private - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "TCP Query User{581D1393-3486-42C2-A18B-A3DC05631E2E}C:\program files\pinnacle\studio 12\programs\studio.exe" | In - Private - P6 - TRUE | .(.Pinnacle Systems.) -- C:\program files\pinnacle\studio 12\programs\studio.exe
O87 - FAEL: "UDP Query User{C5CA2314-D1D2-4CB5-9FC0-6E62D7A33FAC}C:\program files\pinnacle\studio 12\programs\studio.exe" | In - Private - P17 - TRUE | .(.Pinnacle Systems.) -- C:\program files\pinnacle\studio 12\programs\studio.exe
O87 - FAEL: "{94F783D3-B0A3-4350-AEC3-9757DEE10BB7}" | In - Public - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{6DF9C3B6-58D2-4890-940A-B01D60129D27}" | In - Public - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "TCP Query User{EA887355-A021-496B-9B5E-20825A2718F8}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe
O87 - FAEL: "UDP Query User{DD3A5749-A83D-4CA2-8862-FBC2153619A4}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe
O87 - FAEL: "{57F1B4D2-FEB2-42CE-8F18-A700592D47EE}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{D066CB98-5F47-4683-864A-9CE4CF0F3B67}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{5820F6D7-0212-4595-BA5A-FD75FC2E6C12}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{D17BFA95-19E0-42A0-8310-27C41CADFF30}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{80B666F1-FB20-423A-937A-EA65AA37260F}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "TCP Query User{B181D822-BA8B-434A-A145-2ACDE541BAFE}C:\program files\internet explorer\iexplore.exe" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "UDP Query User{75E229CC-4628-49D5-851C-0A90A17FE1F1}C:\program files\internet explorer\iexplore.exe" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "{4205FFEC-5F54-4FF0-9DD3-C5883F64BF1B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Pik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3OYTIIF\AudioConverterSetup[2].exe (.not file.)
O87 - FAEL: "{5E150F8A-1B01-411E-9C9E-213DF9C0073B}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Pik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3OYTIIF\AudioConverterSetup[2].exe (.not file.)



---\\ Scan Additionnel (O88)
Database Version : 8462 - (03/06/2011)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
C:\Users\Pik\Appdata\LocalLow\BabylonToolbar =>Toolbar.Babylon



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
SR - | Auto 09/05/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 01/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 03/10/2007 94208 | (ASLDRService) . (...) - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 01/08/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 12/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 0 | (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 07/03/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 25/07/2008 196608 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 03/08/2007 125496 | (spmgr) . (...) - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar Pik » 04 Juin 2011 15:53

Et enfin le Ad-Report :
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:11:59 le 04/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Pik@PC-DE-PIK (ASUSTeK Computer Inc. M50Vc)

============== RECHERCHE ==============


Dossier trouvé: C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default\conduit
Dossier trouvé: C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default\ConduitEngine
Dossier trouvé: C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default\extensions\engine@conduit.com
Dossier trouvé: C:\Users\Pik\AppData\Local\Conduit
Dossier trouvé: C:\Users\Pik\AppData\LocalLow\Conduit

-- Fichier ouvert: C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default\Prefs.js --
Ligne trouvée: user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...
Ligne trouvée: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1092307/FR", "\"0\"...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/FR", "\"0\"")...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2504091", ...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2704262", ...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... nApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... nApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... Apps&loc...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... Apps&loc...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... dApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... dApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... ar&local...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... ar&local...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-se ... er=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... ver=3.3....
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2504091",...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2704262",...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... T2504091...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... T2704262...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"634...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... cale=en-us", "\"...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "CT2504091");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", false);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2504091,ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 18 2011 13:06:53 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 27 2011 15:14:00 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 27 2011 13:01:18 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "{3e45b015-8a50-4fa1-aca3-6c21d36cafd1}");
Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 27 2011 13:01:19 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.globalUserId", "d669388b-958c-4836-8e96-cfbe64f09f0a");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri May 27 2011 13:01:30 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri May 27 2011 13:01:19 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Fri May 27 2011 15:09:14 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri May 27 2011 13:01:20 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé trouvée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2504091
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2704262
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.17 (fr)] ****

HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&amp;q={searchTerms}&amp;mntrId=8653f80c000000000000002243310a61&amp;tlver=1.4.19.19&amp;affID=17160/)

-- C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\foxmarks@kei.com-trash (?)
Prefs.js - browser.search.selectedEngine, Search the web (Babylon)
Prefs.js - browser.startup.homepage, hxxp://www.windguru.cz/fr/index.php?sc=48561
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss ... tlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18975] ****

HKCU_Main|Default_Page_URL - hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.canyousea.com/fr/
HKLM_Main|Default_Page_URL - hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss ... ffID=17160
HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKCU_URLSearchHooks|{32b29df0-2237-4370-9a29-37cebb730e9b} (x)
HKCU_SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} - "Search the web (Babylon)" (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8653f80c000000000...)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (x)
HKCU_Toolbar\WebBrowser|{32B29DF0-2237-4370-9A29-37CEBB730E9B} (x)
HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll) (x)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{1009C944-97D5-44A9-9E32-DFF54F498968} - "ASUS Security Protect Manager e-Wallet" (C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll,1)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll) (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 04/06/2011 15:12:30 (12011 Octet(s))

Fin à: 15:13:22, 04/06/2011

============== E.O.F ==============
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Deamnde d'analyse

Messagepar nardino » 04 Juin 2011 17:37

Bonjour
Merci d'héberger le rapport ZHPDiag comme indiqué sur le tuto.
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar Pik » 05 Juin 2011 15:44

Bonjour Nardino,
Voici le rapport ZHPDiag , je l'ai déjà posté auparavant il me semble mais pas sûr de comprendre ce que tu demandes :(
J'ai suivi le tuto comme indiqué ici : http://rue-du-montceau.pagesperso-orang ... anchor-top
Je l'avais posté en 3 parties car il y a trop de caractère pour un seul message, je recommence donc ci-dessous :

Rapport de ZHPDiag v1.27.222 par Nicolas Coolman, Update du 03/06/2011
Run by Pik at 05/06/2011 16:40:18
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18975
MFIE: Mozilla Firefox v3.6.17 (fr) (Defaut)
GCIE: Google Chrome

---\\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 23 GB (19%) free of 116 GB

---\\ Logged in mode
Computer Name: PC-DE-PIK
User Name: Pik
All Users Names: Pik, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\Pik\AppData\Roaming
%LocalAppData%=C:\Users\Pik\AppData\Local
%StartMenu%=C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 105 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.545264F1F3AC5BD57B159EBBDC4FDC58] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/09/2010 07:01:28.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]



---\\ Processus lancés
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe [65536]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.B114DB354D13A21C1AC2B1807EE2F500] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [273544]
[MD5.D5A730DFDEAE005373E62BC2A866E3BB] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638232]
[MD5.A3F8BB3A06EB64266EA8A6908919F87D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [657920]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Pik] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 12.0.1.647.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@garmin.com/GpsControl] - (.GARMIN Corp. - Garmin Communicator Plug-In 2.9.2.0.) -- C:\Program Files\Garmin GPS Plugin\npGarmin.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50917.0.) -- c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=12.0.1.647] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=12.0.1.647] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.652] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=12.0.1.652] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=12.0.1.647] - (.RealNetworks, Inc. - 12.0.1.647.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
M0 - MFSP: prefs.js [Pik - flb9sjdf.default] http://www.windguru.cz/fr/index.php?sc=48561
M2 - MFEP: prefs.js [Pik - flb9sjdf.default\foxmarks@kei.com] [] Xmarks v (.Todd Agulnick.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canyousea.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-727338538-3528345807-2767783072-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canyousea.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} Clé orpheline
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} Clé orpheline
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 85.233.195.36 www.agoride.com agoride.com



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} . (.Bioscrypt Inc. - SSO IE Listener.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.)
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-727338538-3528345807-2767783072-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Pik\Desktop\AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\Pik\Desktop\Agoride.lnk . (...) -- D:\Tafs\Agoride
O4 - Global Startup: C:\Users\Pik\Desktop\Corbeille.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 12.lnk . (.Pinnacle Systems.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\rawavrecorder - Raccourci.lnk . (...) -- C:\Users\Pik\Documents\rawavrecorder\rawavrecorder.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\sidebar - Raccourci.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files\Vuze\Azureus.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinCal - Raccourci.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\Pik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - (.not file.) - C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} . (.Bioscrypt Inc. - e-Wallet Service.) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpNameServer = 172.16.40.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpNameServer = 172.16.40.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{3EB2AFAF-0A6D-4941-995D-4E7079474DD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpNameServer = 172.16.40.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpDomain = mobile.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpDomain = mobile.lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{6342DF6B-7224-4757-B72B-CE98CC85ADEF}: DhcpDomain = mobile.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.40.254



---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Adobe Version Cue CS3) . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: (ATKGFNEXSrv) . (.Pas de propriétaire - GFNEXSrv.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (FLEXnet Licensing Service) . (.Macrovision Europe Ltd. - Activation Licensing Service.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gupdatem) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) - Clé orpheline
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 176.2.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: (spmgr) . (.Pas de propriétaire - spmgr Module.) - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeLogonTaskS-1-5-21-727338538-3528345807-2767783072-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeScheduledTaskS-1-5-21-727338538-3528345807-2767783072-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.EA20D863A09D2C39A4E35D6D761236FE] [APT] [{355DF9A7-FCCD-464B-8DF5-AA982A75CDC8}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{B938C576-4966-485A-A64A-C82372766083}] (.Pas de propriétaire.) -- C:\Program Files\ALLCapture 3.0 Essai\unins000.exe (.not file.)



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: AHV content for Acrobat and Flash - (.Adobe Systems Incorporated.) [HKLM] -- {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
O42 - Logiciel: ASUS CopyProtect - (.ASUS.) [HKLM] -- {6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
O42 - Logiciel: ASUS Power4Gear eXtreme - (.ASUS.) [HKLM] -- {9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
O42 - Logiciel: ASUS Security Protect Manager - (.ASUSTeK Computer Inc..) [HKLM] -- {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
O42 - Logiciel: ATK Generic Function Service - (.ATK.) [HKLM] -- {D3D54F3E-C5C3-443D-978F-87A72E5616E8}
O42 - Logiciel: ATK Hotkey - (.ASUS.) [HKLM] -- {7C05592D-424B-46CB-B505-E0013E8E75C9}
O42 - Logiciel: ATK Media - (.ASUS.) [HKLM] -- {D1E5870E-E3E5-4475-98A6-ADD614524ADF}
O42 - Logiciel: ATKOSD2 - (.ASUS.) [HKLM] -- {3B05F2FB-745B-4012-ADF2-439F36B2E70B}
O42 - Logiciel: Adobe After Effects CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {EB0202F7-016A-410C-ADE4-40F848CCC661}
O42 - Logiciel: Adobe After Effects CS3 Presets - (.Adobe Systems Incorporated.) [HKLM] -- {193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_3675c95c239b992d5d0ee8fce969b9e
O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- {7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95}
O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394}
O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23}
O42 - Logiciel: Adobe BridgeTalk Plugin CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E}
O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {73B5D990-04EA-4751-B10F-5534770B91F2}
O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
O42 - Logiciel: Adobe Contribute CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {F84ADE4E-9220-4324-994D-801EDD9DD251}
O42 - Logiciel: Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- {5D2398DF-3022-4820-93BA-F1175FBEA9CA}
O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {4BDB76C6-902E-41D5-9064-68768E02886B}
O42 - Logiciel: Adobe Encore CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
O42 - Logiciel: Adobe Encore CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM] -- {B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
O42 - Logiciel: Adobe Extension Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {BE5F3842-8309-4754-92D5-83E02E6077A3}
O42 - Logiciel: Adobe Fireworks CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {21C4D775-368A-46C4-8DC3-4207165B7115}
O42 - Logiciel: Adobe Flash CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {80FD3971-8482-49C8-BA8C-B6464A15882F}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Video Encoder - (.Adobe Systems Incorporated.) [HKLM] -- {1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B}
O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {7ACFB90E-8FD0-4397-AD3A-5195412623A3}
O42 - Logiciel: Adobe Illustrator CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6E08CE13-C2AB-4749-9335-5900B958929E}
O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
O42 - Logiciel: Adobe InDesign CS3 Icon Handler - (.Adobe Systems Incorporated.) [HKLM] -- {EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078}
O42 - Logiciel: Adobe MotionPicture Color Files - (.Adobe Systems Incorporated.) [HKLM] -- {6B708481-748A-4EB4-97C1-CD386244FF77}
O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
O42 - Logiciel: Adobe Premiere Pro CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
O42 - Logiciel: Adobe Premiere Pro CS3 Functional Content - (.Adobe Systems Incorporated.) [HKLM] -- {50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
O42 - Logiciel: Adobe Premiere Pro CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM] -- {485ACF57-F364-440A-8496-E1E81C8FA1AA}
O42 - Logiciel: Adobe Reader 8.2.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A82000000003}
O42 - Logiciel: Adobe SING CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B671CBFD-4109-4D35-9252-3062D3CCB7B2}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {004685F7-9FB6-4789-812F-59ABB34A55AF}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
O42 - Logiciel: Adobe Soundbooth CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
O42 - Logiciel: Adobe Soundbooth CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM] -- {0327FA9D-975C-448C-A086-577D57BB25B8}
O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183}
O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8}
O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5}
O42 - Logiciel: Adobe Version Cue CS3 Server - (.Adobe Systems Incorporated.) [HKLM] -- {1D58229F-C505-45CA-8223-F35F3A34B963}
O42 - Logiciel: Adobe Video Profiles - (.Adobe Systems Incorporated.) [HKLM] -- {845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
O42 - Logiciel: Adobe WAS CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C5BD220A-EFE8-48A5-B70E-9503D535FACE}
O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
O42 - Logiciel: Adobe XMP DVA Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {0224CACC-994D-45F8-B973-D65056EA9C2F}
O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {D5A31AB1-345D-47C7-A87B-036A669F6DF1}
O42 - Logiciel: Ajouter ou supprimer Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_b5d5789539ea1f004a4defceea74312
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: AuthenTec Fingerprint Sensor Minimum Install - (.AuthenTec, Inc..) [HKLM] -- {EB4DF30B-102B-4F0C-927A-D50E037A325D}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}
O42 - Logiciel: Boris Graffiti - (.Boris FX, Inc..) [HKLM] -- {262BF2CD-601D-4F43-919C-4B00B1D1F338}
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] -- {415B2719-AD3A-4944-B404-C472DB6085B3}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {83770D14-21B9-44B3-8689-F7B523F94560}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Dolby Control Center - (.Dolby.) [HKLM] -- {DE66EFAD-B9CC-4FD4-9157-6C18E5100161}
O42 - Logiciel: Express Gate - (.devicevm.) [HKLM] -- {2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}
O42 - Logiciel: FileZilla Client 3.3.2.1 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client
O42 - Logiciel: Garmin Communicator Plugin - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {C7DD94A8-F775-426C-B56C-8E555A59F9E2}
O42 - Logiciel: Garmin USB Drivers - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {6DB7AD00-F781-11DF-9EEF-001279CD8240}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: ITECIR - (.ITE.) [HKLM] -- {40580068-9B10-40B5-9548-536CE88AB23C}
O42 - Logiciel: IZArc 4.1 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: LightScribe System Software 1.14.17.1 - (.LightScribe.) [HKLM] -- {0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Bullet Looks Studio - (.Pas de propriétaire.) [HKLM] -- Magic Bullet Looks Studio
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox (3.6.17) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.17)
O42 - Logiciel: NB Probe - (.Pas de propriétaire.) [HKLM] -- {6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Nikon Message Center - (.Nikon.) [HKLM] -- {D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
O42 - Logiciel: Nikon RAW Codec - (.Nikon.) [HKLM] -- {C8616041-2802-4DE2-B3BD-6285AAD65C2A}
O42 - Logiciel: Nikon Transfer - (.Nikon.) [HKLM] -- {E9757890-7EC5-46C8-99AB-B00F07B6525C}
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM] -- {7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
O42 - Logiciel: OFFICE One 7.0 - (.ISSENDIS.) [HKLM] -- {276CB8D8-4C93-4C1D-95A3-B1B1FFF980A1}
O42 - Logiciel: OFFICE One License v7 - (.ISSENDIS.) [HKLM] -- {74588E42-C78A-42A8-9A3A-9ED6BF747CFE}
O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] -- {87441A59-5E64-4096-A170-14EFE67200C3}
O42 - Logiciel: Pilote vidéo Pinnacle - (.Pinnacle Systems.) [HKLM] -- {5EB90C06-964F-4195-B83E-BD7E55C88415}
O42 - Logiciel: Pinnacle Studio 12 - (.Pinnacle Systems.) [HKLM] -- {D041EB9E-890A-4098-8F94-51DA194AC72A}
O42 - Logiciel: Pinnacle Studio 12 Ultimate Plugins - (.Pinnacle Systems.) [HKLM] -- {D1860E6E-520E-4380-8433-E58E8F88B473}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2008 Runtime - (.RealNetworks, Inc.) [HKLM] -- {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Skype™ 4.1 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: Sony Noise Reduction Plug-In 2.0h - (.Sony.) [HKLM] -- {06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
O42 - Logiciel: Sorenson Squeeze Trial - (.Pas de propriétaire.) [HKLM] -- {8B8C7492-DD45-47F7-B456-EB0197BC5085}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.1 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: ViewNX - (.Nikon.) [HKLM] -- {F007CBCE-D714-4C0B-8CE9-9B0D78116468}
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: WinFlash - (.Pas de propriétaire.) [HKLM] -- {DE10AB76-4756-4913-BE25-55D1C1051F9A}
O42 - Logiciel: Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) - (.Garmin.) [HKLM] -- 49CF605F02C7954F4E139D18828DE298CD59217C
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Wireless Console 2 - (.ATK.) [HKLM] -- {83F73CB1-7705-49D1-9852-84D839CA2A45}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {2A697B53-0DE3-42DA-B41D-C3F804B1C538}
O42 - Logiciel: proDAD Mercalli 1.0 - (.Pas de propriétaire.) [HKLM] -- proDAD-Mercalli-1.0
O42 - Logiciel: proDAD Vitascene 1.0 - (.Pas de propriétaire.) [HKLM] -- proDAD-Vitascene-1.0

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\BabylonToolbar]
[HKCU\Software\Badoo]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\Database]
[HKCU\Software\Digital Basic]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Freeware]
[HKCU\Software\Gabest]
[HKCU\Software\Garmin]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\ITConcepts]
[HKCU\Software\IZSoftware]
[HKCU\Software\InstallCore]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Adobe2)]
[HKCU\Software\MainConcept (Nikon)]
[HKCU\Software\MainConcept (Sorenson)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Maxtor]
[HKCU\Software\MimarSinan]
[HKCU\Software\Minnetonka Audio Software]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Nikon]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\Pinnacle Systems]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Red Giant Software]
[HKCU\Software\RedGiantSoftware]
[HKCU\Software\Ripp-it]
[HKCU\Software\Skype]
[HKCU\Software\Sony Media Software]
[HKCU\Software\SorensonMedia]
[HKCU\Software\Sorenson]
[HKCU\Software\Synaptics]
[HKCU\Software\TechSmith]
[HKCU\Software\TorrentEasy]
[HKCU\Software\Trolltech]
[HKCU\Software\VOB]
[HKCU\Software\YASASOFT]
[HKCU\Software\ej-technologies]
[HKCU\Software\proDAD]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ASPG]
[HKLM\Software\ASUS]
[HKLM\Software\ATK0100]
[HKLM\Software\ATK]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AsLdr]
[HKLM\Software\Atheros]
[HKLM\Software\AuthenTec]
[HKLM\Software\Avira]
[HKLM\Software\Azureus]
[HKLM\Software\BabylonToolbar]
[HKLM\Software\Boris FX, Inc.]
[HKLM\Software\CDDB]
[HKLM\Software\CLSYSTEM]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DeviceVM]
[HKLM\Software\DivX]
[HKLM\Software\Documentation]
[HKLM\Software\Dolby]
[HKLM\Software\Electric Clav]
[HKLM\Software\FAST Multimedia]
[HKLM\Software\FileZilla 3]
[HKLM\Software\FreeCDRIP]
[HKLM\Software\GEAR Software]
[HKLM\Software\Garmin]
[HKLM\Software\Google]
[HKLM\Software\HighCriteria]
[HKLM\Software\ITConcepts]
[HKLM\Software\ITE]
[HKLM\Software\IZSoftware]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\LightScribe]
[HKLM\Software\MAXSOFT-OCRON]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Minnetonka Audio Software]
[HKLM\Software\Motorola]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nikon]
[HKLM\Software\Norton]
[HKLM\Software\Ntpad]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Pegasus Imaging]
[HKLM\Software\PegasusImaging]
[HKLM\Software\Pinnacle Systems]
[HKLM\Software\Policies]
[HKLM\Software\RICOH]
[HKLM\Software\RTLSetup]
[HKLM\Software\Rainbow Technologies]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\Red Giant Software]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Siemens]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Media Software]
[HKLM\Software\Sorenson Media]
[HKLM\Software\SorensonMedia]
[HKLM\Software\SuppHelpDir]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Synthetic Aperture]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows]
[HKLM\Software\Wondershare]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
[HKLM\Software\proDAD]
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Demande d'analyse

Messagepar Pik » 05 Juin 2011 15:45

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2011 - 15:12:00 - [136619167] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 19/01/2011 - 12:20:58 - [5599945240] ----D- C:\Program Files\Adobe
O43 - CFD: 15/01/2010 - 05:40:46 - [21712298] ----D- C:\Program Files\ASUS
O43 - CFD: 17/03/2009 - 13:24:30 - [19129104] ----D- C:\Program Files\ASUS Security Center
O43 - CFD: 17/03/2009 - 13:15:04 - [10314336] ----D- C:\Program Files\Atheros
O43 - CFD: 17/03/2009 - 13:01:24 - [464496] ----D- C:\Program Files\ATKGFNEX
O43 - CFD: 20/08/2009 - 12:28:44 - [175973891] ----D- C:\Program Files\Avira
O43 - CFD: 28/01/2010 - 16:25:40 - [1995218] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 11/04/2011 - 13:22:20 - [617036] ----D- C:\Program Files\Bonjour
O43 - CFD: 01/08/2009 - 11:08:42 - [309963549] ----D- C:\Program Files\Boris FX, Inc
O43 - CFD: 17/03/2009 - 13:15:00 - [3920423] ----D- C:\Program Files\Cisco
O43 - CFD: 27/05/2011 - 15:12:02 - [2055656579] ----D- C:\Program Files\Common Files
O43 - CFD: 17/03/2009 - 12:27:52 - [225755440] ----D- C:\Program Files\CyberLink
O43 - CFD: 22/09/2010 - 10:40:48 - [304608] ----D- C:\Program Files\DIFX
O43 - CFD: 17/03/2009 - 13:09:48 - [37037839] ----D- C:\Program Files\Dolby
O43 - CFD: 28/04/2010 - 00:49:44 - [15671177] ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD: 17/03/2009 - 13:23:52 - [651178] ----D- C:\Program Files\Fingerprint Sensor
O43 - CFD: 22/09/2010 - 10:40:12 - [122956] ----D- C:\Program Files\Garmin
O43 - CFD: 22/09/2010 - 10:40:52 - [12266640] ----D- C:\Program Files\Garmin GPS Plugin
O43 - CFD: 12/12/2010 - 23:53:58 - [91660401] ----D- C:\Program Files\Google
O43 - CFD: 14/03/2011 - 20:52:36 - [90408304] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 30/11/2010 - 14:56:20 - [5784461] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/04/2011 - 13:28:34 - [1856627] ----D- C:\Program Files\iPod
O43 - CFD: 11/04/2011 - 13:29:36 - [127660511] ----D- C:\Program Files\iTunes
O43 - CFD: 26/02/2010 - 18:01:00 - [13497990] ----D- C:\Program Files\IZArc
O43 - CFD: 19/02/2010 - 16:02:54 - [9588280] ----D- C:\Program Files\LooksBuilderSE
O43 - CFD: 04/06/2011 - 12:58:20 - [7677754] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 26/11/2009 - 15:04:08 - [226432] ----D- C:\Program Files\Microsoft
O43 - CFD: 26/10/2009 - 21:51:28 - [93496097] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 02/01/2011 - 09:49:02 - [38360699] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 30/11/2010 - 14:56:20 - [99342446] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/06/2011 - 19:12:16 - [31685778] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 17/08/2009 - 18:39:30 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 14/03/2011 - 20:53:12 - [0] ----D- C:\Program Files\My Company Name
O43 - CFD: 01/08/2009 - 11:28:18 - [50214013] ----D- C:\Program Files\Nikon
O43 - CFD: 03/04/2011 - 22:38:28 - [296891] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 20/11/2009 - 18:16:18 - [237438879] ----D- C:\Program Files\OFFICE One 7.0
O43 - CFD: 20/11/2009 - 18:18:14 - [2915264] ----D- C:\Program Files\OFFICE One v7
O43 - CFD: 15/03/2011 - 13:23:56 - [17510] ----D- C:\Program Files\Orange
O43 - CFD: 17/03/2009 - 13:34:44 - [7549187] ----D- C:\Program Files\P4G
O43 - CFD: 01/08/2009 - 11:05:02 - [1302197062] ----D- C:\Program Files\Pinnacle
O43 - CFD: 01/08/2009 - 11:09:16 - [134225611] ----D- C:\Program Files\proDAD
O43 - CFD: 27/05/2011 - 15:12:06 - [95907801] ----D- C:\Program Files\Real
O43 - CFD: 17/03/2009 - 13:08:34 - [58693339] ----D- C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 14:37:36 - [41817857] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 18/05/2011 - 13:08:14 - [29760953] R---D- C:\Program Files\Skype
O43 - CFD: 03/08/2009 - 11:04:16 - [5361222] ----D- C:\Program Files\Sony
O43 - CFD: 17/03/2009 - 13:37:40 - [14518091] ----D- C:\Program Files\Synaptics
O43 - CFD: 03/06/2011 - 13:28:04 - [22746] ----D- C:\Program Files\Trend Micro
O43 - CFD: 02/11/2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 03/08/2009 - 10:55:54 - [74466874] ----D- C:\Program Files\VideoLAN
O43 - CFD: 23/03/2011 - 18:55:58 - [111676387] ----D- C:\Program Files\Vuze
O43 - CFD: 18/02/2010 - 05:34:34 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 18/02/2010 - 05:34:32 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 18/02/2010 - 05:34:30 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 18/02/2010 - 05:34:32 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 15/01/2010 - 05:39:00 - [45806173] ----D- C:\Program Files\Windows Live
O43 - CFD: 30/11/2010 - 14:56:20 - [9116856] ----D- C:\Program Files\Windows Mail
O43 - CFD: 30/11/2010 - 14:56:22 - [4494025] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 02/11/2006 - 14:37:36 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 18/02/2010 - 05:34:32 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 18/02/2010 - 05:34:34 - [10427365] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 17/03/2009 - 13:22:32 - [2217805] ----D- C:\Program Files\Wireless Console 2
O43 - CFD: 05/06/2011 - 16:40:26 - [4015496] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 19/01/2011 - 12:21:10 - [1207128540] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 19/05/2011 - 12:58:30 - [16393504] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 01/08/2009 - 15:58:02 - [270336] ----D- C:\Program Files\Common Files\Control Panels
O43 - CFD: 15/03/2011 - 13:22:54 - [5959083] ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 01/08/2009 - 11:25:44 - [8208920] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 17/03/2009 - 12:26:44 - [30232782] ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 01/08/2009 - 15:30:38 - [655183] ----D- C:\Program Files\Common Files\Macrovision Shared
O43 - CFD: 11/04/2011 - 12:11:00 - [198421249] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 01/08/2009 - 11:26:44 - [4177705] ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 01/08/2009 - 11:30:36 - [27275286] ----D- C:\Program Files\Common Files\Nikon
O43 - CFD: 31/07/2009 - 18:34:10 - [3385947] ----D- C:\Program Files\Common Files\Pinnacle
O43 - CFD: 26/05/2011 - 13:33:42 - [0] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 31/07/2009 - 18:14:12 - [1959208] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/02/2010 - 05:34:32 - [16016370] ----D- C:\Program Files\Common Files\System
O43 - CFD: 31/07/2009 - 16:26:20 - [493650721] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:12:02 - [352256] ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 31/07/2009 - 18:28:32 - [315828] ----D- C:\Program Files\Common Files\Yahoo!
O43 - CFD: 24/02/2011 - 17:00:26 - [164285851] ----D- C:\ProgramData\Adobe
O43 - CFD: 01/08/2009 - 15:56:22 - [0] ----D- C:\ProgramData\ALM
O43 - CFD: 11/04/2011 - 13:21:48 - [2344708] ----D- C:\ProgramData\Apple
O43 - CFD: 11/04/2011 - 13:26:18 - [38413029] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 21/08/2009 - 16:36:00 - [104718] ----D- C:\ProgramData\ASUS
O43 - CFD: 17/03/2009 - 13:14:32 - [12024] ----D- C:\ProgramData\Atheros
O43 - CFD: 20/08/2009 - 12:28:44 - [49556601] ----D- C:\ProgramData\Avira
O43 - CFD: 24/01/2010 - 18:57:48 - [40076] ----D- C:\ProgramData\CyberLink
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 01/08/2009 - 11:27:50 - [279] ----D- C:\ProgramData\EnterNHelp
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 01/08/2009 - 11:25:52 - [12] ----D- C:\ProgramData\Flags
O43 - CFD: 26/08/2010 - 18:48:18 - [52776] ----D- C:\ProgramData\FLEXnet
O43 - CFD: 01/08/2009 - 11:27:50 - [12] ----D- C:\ProgramData\Galaxy Swirl
O43 - CFD: 28/08/2009 - 13:21:50 - [390] ----D- C:\ProgramData\LightScribe
O43 - CFD: 20/08/2009 - 12:32:22 - [16236380] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 30/11/2010 - 14:35:06 - [173557412] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 18/11/2009 - 13:44:12 - [119336] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 10/08/2009 - 14:34:00 - [0] ----D- C:\ProgramData\Minnetonka Audio Software
O43 - CFD: 01/08/2009 - 11:26:42 - [6997856] ----D- C:\ProgramData\Nikon
O43 - CFD: 18/02/2010 - 05:30:46 - [189747] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 03/04/2011 - 22:38:12 - [281381] ----D- C:\ProgramData\NVIDIA Corporation
O43 - CFD: 20/11/2009 - 18:18:14 - [190] ----D- C:\ProgramData\OFFICE One v7
O43 - CFD: 03/04/2011 - 22:43:04 - [2191] ----D- C:\ProgramData\P4G
O43 - CFD: 31/07/2009 - 18:28:32 - [459526] ----D- C:\ProgramData\Pinnacle
O43 - CFD: 31/07/2009 - 18:28:32 - [0] ----D- C:\ProgramData\Pinnacle Studio Plus
O43 - CFD: 31/07/2009 - 18:33:24 - [36864] ----D- C:\ProgramData\Pinnacle Studio Ultimate
O43 - CFD: 22/02/2010 - 16:37:28 - [1482220] ----D- C:\ProgramData\Real
O43 - CFD: 31/07/2009 - 18:14:10 - [28326338] ----D- C:\ProgramData\Skype
O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 31/07/2009 - 18:28:32 - [2965596473] ----D- C:\ProgramData\Studio 12
O43 - CFD: 31/07/2009 - 17:51:02 - [64] ----D- C:\ProgramData\Symantec
O43 - CFD: 17/03/2009 - 12:27:04 - [90183] ----D- C:\ProgramData\Temp
O43 - CFD: 02/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 28/04/2011 - 20:39:12 - [2828624] ----D- C:\ProgramData\TorrentEasy
O43 - CFD: 01/08/2009 - 11:27:50 - [40] ----D- C:\ProgramData\Ultima_T15
O43 - CFD: 03/08/2009 - 20:22:32 - [0] ----D- C:\ProgramData\WindowsSearch
O43 - CFD: 04/06/2011 - 16:28:20 - [401556579] ----D- C:\Users\Pik\AppData\Roaming\Adobe
O43 - CFD: 17/02/2010 - 19:52:12 - [23508] ----D- C:\Users\Pik\AppData\Roaming\ALLCapture
O43 - CFD: 11/04/2011 - 13:32:02 - [60918535] ----D- C:\Users\Pik\AppData\Roaming\Apple Computer
O43 - CFD: 04/01/2011 - 23:05:20 - [0] ----D- C:\Users\Pik\AppData\Roaming\Avira
O43 - CFD: 29/05/2011 - 00:14:26 - [7802977] ----D- C:\Users\Pik\AppData\Roaming\Azureus
O43 - CFD: 18/11/2009 - 12:57:30 - [0] ----D- C:\Users\Pik\AppData\Roaming\CyberLink
O43 - CFD: 26/05/2011 - 17:02:52 - [1015] ----D- C:\Users\Pik\AppData\Roaming\dvdcss
O43 - CFD: 04/11/2010 - 12:51:04 - [19008] ----D- C:\Users\Pik\AppData\Roaming\FileZilla
O43 - CFD: 27/05/2011 - 12:57:26 - [1235] ----D- C:\Users\Pik\AppData\Roaming\Free Sound Recorder
O43 - CFD: 22/09/2010 - 10:41:40 - [0] ----D- C:\Users\Pik\AppData\Roaming\GARMIN
O43 - CFD: 31/07/2009 - 16:33:42 - [0] ----D- C:\Users\Pik\AppData\Roaming\Identities
O43 - CFD: 14/03/2011 - 20:53:08 - [0] ----D- C:\Users\Pik\AppData\Roaming\InstallShield
O43 - CFD: 01/08/2009 - 10:58:06 - [2093816] ----D- C:\Users\Pik\AppData\Roaming\Macromedia
O43 - CFD: 20/08/2009 - 12:32:24 - [901795] ----D- C:\Users\Pik\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 14:37:36 - [0] ----D- C:\Users\Pik\AppData\Roaming\Media Center Programs
O43 - CFD: 17/04/2010 - 12:37:56 - [26481894] -S--D- C:\Users\Pik\AppData\Roaming\Microsoft
O43 - CFD: 31/07/2009 - 18:09:38 - [6785023] ----D- C:\Users\Pik\AppData\Roaming\Mozilla
O43 - CFD: 19/08/2009 - 11:16:40 - [81920] ----D- C:\Users\Pik\AppData\Roaming\Nikon
O43 - CFD: 04/06/2011 - 16:57:18 - [5202048] ----D- C:\Users\Pik\AppData\Roaming\OFFICEOne7
O43 - CFD: 01/08/2009 - 11:09:18 - [79194] ----D- C:\Users\Pik\AppData\Roaming\proDAD
O43 - CFD: 27/05/2011 - 15:12:28 - [2869781] ----D- C:\Users\Pik\AppData\Roaming\Real
O43 - CFD: 03/06/2011 - 18:02:28 - [1729944] ----D- C:\Users\Pik\AppData\Roaming\Skype
O43 - CFD: 03/06/2011 - 16:04:12 - [61848] ----D- C:\Users\Pik\AppData\Roaming\skypePM
O43 - CFD: 04/06/2011 - 20:06:14 - [627213] ----D- C:\Users\Pik\AppData\Roaming\vlc
O43 - CFD: 26/05/2011 - 16:03:14 - [1638854026] ----D- C:\Users\Pik\Appdata\Local\Adobe
O43 - CFD: 12/09/2009 - 14:12:40 - [0] ----D- C:\Users\Pik\Appdata\Local\Apple
O43 - CFD: 03/12/2010 - 16:44:00 - [19937425] ----D- C:\Users\Pik\Appdata\Local\Apple Computer
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Application Data
O43 - CFD: 21/08/2009 - 16:35:58 - [1373750] ----D- C:\Users\Pik\Appdata\Local\ASUS
O43 - CFD: 31/07/2009 - 18:33:52 - [5319168] ----D- C:\Users\Pik\Appdata\Local\Downloaded Installations
O43 - CFD: 27/05/2011 - 12:53:28 - [5018] ----D- C:\Users\Pik\Appdata\Local\Google
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Historique
O43 - CFD: 19/02/2010 - 16:04:30 - [1316019899] ----D- C:\Users\Pik\Appdata\Local\Microsoft
O43 - CFD: 30/11/2009 - 17:32:58 - [241629] ----D- C:\Users\Pik\Appdata\Local\Microsoft Games
O43 - CFD: 15/01/2010 - 07:42:30 - [37712] ----D- C:\Users\Pik\Appdata\Local\MigWiz
O43 - CFD: 31/07/2009 - 18:09:32 - [69209320] ----D- C:\Users\Pik\Appdata\Local\Mozilla
O43 - CFD: 04/11/2010 - 02:40:40 - [12547] ----D- C:\Users\Pik\Appdata\Local\Pinnacle
O43 - CFD: 31/07/2009 - 16:34:34 - [727040] ----D- C:\Users\Pik\Appdata\Local\Power2Go
O43 - CFD: 18/11/2009 - 13:28:32 - [285696] ----D- C:\Users\Pik\Appdata\Local\Seven Zip
O43 - CFD: 03/08/2009 - 11:00:28 - [0] ----D- C:\Users\Pik\Appdata\Local\Sony
O43 - CFD: 19/08/2009 - 11:09:50 - [7992] ----D- C:\Users\Pik\Appdata\Local\Symantec
O43 - CFD: 05/06/2011 - 16:39:04 - [27519749] ----D- C:\Users\Pik\Appdata\Local\Temp
O43 - CFD: 31/07/2009 - 16:22:46 - [0] -SH-D- C:\Users\Pik\Appdata\Local\Temporary Internet Files
O43 - CFD: 31/07/2009 - 17:48:12 - [3566022] ----D- C:\Users\Pik\Appdata\Local\VirtualStore



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4AE18CEF7F93BB62D8ACF7B7470C95F4] - 05/06/2011 - 15:36:57 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1470810]
O44 - LFC:[MD5.8443A0069C0B99F60C153CB265C29139] - 05/06/2011 - 15:36:57 ---A- . (...) -- C:\Windows\System32\perfc009.dat [101250]
O44 - LFC:[MD5.9D12AF16305E7D65EC851B74687E712D] - 05/06/2011 - 15:36:57 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [123556]
O44 - LFC:[MD5.DED341C92892E28E543839C37A86241A] - 05/06/2011 - 15:36:57 ---A- . (...) -- C:\Windows\System32\perfh009.dat [587178]
O44 - LFC:[MD5.5D61FA84CEE63FB782BFD2D0EFC19988] - 05/06/2011 - 15:36:57 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [669566]
O44 - LFC:[MD5.DCED12005489647600ECFD7FB0EE1200] - 05/06/2011 - 15:34:13 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1854958]
O44 - LFC:[MD5.77B537ECBA2BD54B97D9206A5C8E94A3] - 05/06/2011 - 15:31:00 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.7E6E0C3EFF5C1D21EA4EBB6DC144DBD6] - 04/06/2011 - 19:03:20 ---A- . (...) -- C:\Windows\setupact.log [695]
O44 - LFC:[MD5.5179551E357665B1F72137456C2A30D1] - 04/06/2011 - 14:28:37 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.C4FFD6F8256643A811844ED82D7FEC3E] - 04/06/2011 - 14:16:04 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [12133]
O44 - LFC:[MD5.7C4EC5520097D9594A7B1A131BD706CE] - 04/06/2011 - 14:13:22 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [12150]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/05/2011 - 11:59:35 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.84D360FEDD0074DAA8B3C0EA2A6E146E] - 29/05/2011 - 09:27:40 ---A- . (...) -- C:\Windows\PFRO.log [328260]
O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [39984]
O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [22712]
O44 - LFC:[MD5.E9E1BDA354DD4CB06E721041F6266D92] - 27/05/2011 - 14:11:44 ---A- . (.RealNetworks, Inc. - Real Player(tm) ActiveX Control.) -- C:\Windows\System32\rmoc3260.dll [198848]
O44 - LFC:[MD5.33833B3EDA1B07EBD367FA9B38B23E60] - 27/05/2011 - 14:11:28 ---A- . (.RealNetworks, Inc. - 16 bit DirectX helper DLL.) -- C:\Windows\System32\pndx5016.dll [6656]
O44 - LFC:[MD5.B74E422BC81236042529DC8A42A18423] - 27/05/2011 - 14:11:28 ---A- . (.RealNetworks, Inc. - 32 bit DirectX helper DLL.) -- C:\Windows\System32\pndx5032.dll [5632]
O44 - LFC:[MD5.B4EB68502E52EBDC0B2C55EA3445284C] - 27/05/2011 - 14:11:26 ---A- . (.Progressive Networks - Pas de description.) -- C:\Windows\System32\pncrt.dll [272896]
O44 - LFC:[MD5.3A63DC3953A6B51A119E9320C4B6DB53] - 26/05/2011 - 12:33:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [172668]



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0ac2f552-06c6-11df-a3ef-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{0e67dbe1-bb15-11de-a5dd-00235470097e}\AutoRun\command - Clé orpheline
O51 - MPSK:{6f0e2f4d-4ef1-11e0-9743-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{9fde41bb-4cc8-11e0-b11a-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{a09d363c-3df2-11e0-b0d5-8e7bb57945b1}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- G:\autorun.exe (.not file.)
O51 - MPSK:{ad835400-4bb8-11e0-b375-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{f811ea29-9dd4-11de-8599-00235470097e}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- I:\LaunchU3.exe (.not file.)



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \Drivers32\"vidc.mjpg"="pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\Windows\System32\pvmjpg30.dll
O52 - TDSD: \Drivers32\"vidc.yv12"="yv12vfw.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM"="MP3 PowerEncoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\Windows\System32\pvmjpg30.dll



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Acrobat Assistant 8.0 [Key] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\Adobe_ID0EYTHM [Key] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.exe
O53 - SMSR:HKLM\...\startupreg\ASUS Screen Saver Protector [Key] . (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe
O53 - SMSR:HKLM\...\startupreg\ATKMEDIA [Key] . (.ASUS - ATK Media.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (.ASUS - ATKOSD2.) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O53 - SMSR:HKLM\...\startupreg\CLMLServer [Key] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O53 - SMSR:HKLM\...\startupreg\CognizanceTS [Key] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll
O53 - SMSR:HKLM\...\startupreg\ehTray.exe [Key] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O53 - SMSR:HKLM\...\startupreg\fssui [Key] . (...) -- C:\Program Files\Windows Live\Family Safety\fsui.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Google Desktop Search [Key] . (...) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HControlUser [Key] . (.Pas de propriétaire - HControlUser.) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O53 - SMSR:HKLM\...\startupreg\LightScribe Control Panel [Key] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\NvCplDaemon [Key] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O53 - SMSR:HKLM\...\startupreg\NvMediaCenter [Key] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O53 - SMSR:HKLM\...\startupreg\P2Go_Menu [Key] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE [Key] . (...) -- C:\Program Files\PowerISO\PWRISOVM.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (...) -- C:\Program Files\QuickTime\QTTask.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (...) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Defender [Key] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O53 - SMSR:HKLM\...\startupreg\WMPNSCFG [Key] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Demande d'analyse

Messagepar Pik » 05 Juin 2011 15:46

---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.4DF523F49694B2884F8E5D870BF3E253] - 06/04/2008 - 02:56:08 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\drivers\athr.sys [908800]
O58 - SDL:[MD5.97AFFA9D95FFE20EEE6229BC6BE166CF] - 15/12/2006 - 23:11:57 ---A- . (.ATK0100 - ATK0100 ACPI Utility.) -- C:\Windows\system32\drivers\ATKACPI.sys [7680]
O58 - SDL:[MD5.F70D2392158CB68E775F8C4CD3D12FBB] - 17/06/2007 - 05:29:08 ---A- . (.AuthenTec, Inc. - Slide Fingerprint USB Driver.) -- C:\Windows\system32\drivers\atswpdrv.sys [146824]
O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 14/12/2010 - 09:17:25 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [61960]
O58 - SDL:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 01/04/2011 - 18:15:55 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [137656]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.E66710639A292F6341D63B01EE8E8037] - 12/11/2008 - 11:53:36 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ewusbfake.sys [100224]
O58 - SDL:[MD5.4154079A88089155D10168333B19627F] - 12/11/2008 - 11:53:36 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ewusbmdm.sys [101504]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.707C1692214B1C290271067197F075F6] - 20/07/2008 - 10:44:43 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [324120]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.8BCD857C7932AD005D5F9C89329DA2E1] - 19/12/2007 - 01:12:12 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\itecir.sys [54784]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.27BD4AC228EF6C0D490617C32E86A672] - 03/06/2008 - 22:41:51 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\system32\drivers\kbfiltr.sys [15928]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.8039F480C192DD99FED4EBC71FFBF795] - 29/05/2008 - 18:21:02 ---A- . (.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) -- C:\Windows\system32\drivers\lullaby.sys [15416]
O58 - SDL:[MD5.A3E700D78EEC390F1208098CDCA5C6B6] - 23/09/2005 - 22:18:32 ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\Windows\system32\drivers\MarvinBus.sys [171520]
O58 - SDL:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]
O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [39984]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 03:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.216AC775320F64DE28CFEB7C179C4FF9] - 03/05/2007 - 12:37:08 ---A- . (.Maxtor Corp. - OneTouch Security Driver.) -- C:\Windows\system32\drivers\mxopswd.sys [22152]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.2C7AC27710E8D41C1EB7D1599187D237] - 25/06/2008 - 06:05:05 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [44064]
O58 - SDL:[MD5.B5D2B15D3EBA77BEF9392FBEFB3DDDA0] - 25/07/2008 - 09:30:59 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.) -- C:\Windows\system32\drivers\nvlddmkm.sys [7547552]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 03:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 03:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.9CCF89372C5A04E97CD89B58AE697796] - 27/08/2009 - 13:18:30 ---A- . (.TCT International Mobile Ltd - USB/Serial Device Driver.) -- C:\Windows\system32\drivers\qcusbser.sys [103552]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 03:23:24 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.DED01A389926A89540B82373E4C550EE] - 25/06/2008 - 23:55:12 ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\system32\drivers\rimmptsk.sys [47104]
O58 - SDL:[MD5.C398BCA91216755B098679A8DA8A2300] - 30/07/2007 - 18:42:58 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\system32\drivers\rimsptsk.sys [43008]
O58 - SDL:[MD5.2A2554CB24506E0A0508FC395C4A1B42] - 30/07/2007 - 19:54:02 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\system32\drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.23EBCEE9AAA4D6C88728791FAB462456] - 13/06/2008 - 10:10:07 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2152344]
O58 - SDL:[MD5.ABBE0F54BA3A378262C9CB86CF7D91F8] - 14/02/2008 - 22:56:01 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\system32\drivers\Rtlh86.sys [118784]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 03:23:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.C8A58FC905C9184FA70E37F71060C64D] - 02/11/2006 - 08:41:49 ---A- . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\Windows\system32\drivers\smserial.sys [1010560]
O58 - SDL:[MD5.0057F29323C393A35903B4C5DAF9A144] - 09/05/2007 - 08:16:39 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\system32\drivers\sncduvc.sys [28160]
O58 - SDL:[MD5.A709DFA1674C1ED61EF7B5F29B38EEB1] - 13/05/2008 - 07:35:23 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\system32\drivers\snp2uvc.sys [1772544]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 15:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.A59457258DC236F63D6EAC759EF6C08B] - 16/11/2007 - 06:09:45 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [195760]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 03:23:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 03:23:23 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.85ECE26F326C2D07BA77A60343468272] - 19/11/2008 - 09:41:08 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\system32\drivers\WsAudioDevice_383.sys [16640]
O58 - SDL:[MD5.7D1F3B131D503EF43EE594B5A2B9B427] - 02/11/2006 - 08:30:56 ---A- . (.Marvell - Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon.) -- C:\Windows\system32\drivers\yk60x86.sys [194048]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.4DF523F49694B2884F8E5D870BF3E253] - 06/04/2008 - 02:56:08 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\athr.sys [908800]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\Program Files\ATKGFNEX\ASMMAP.sys - ASMMAP (ASMMAP) .(...) - LEGACY_ASMMAP
O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 14/12/2010 - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 01/04/2011 - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(...) - LEGACY_EECTRL
O64 - Services: CurCS - (.not file.) - EraserUtilDrv10910 (EraserUtilDrv10910) .(...) - LEGACY_ERASERUTILDRV10910
O64 - Services: CurCS - (.not file.) - EraserUtilRebootDrv (EraserUtilRebootDrv) .(...) - LEGACY_ERASERUTILREBOOTDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\EXFAT.sys - (.not file.) - exFAT File System Driver (exfat) .(...) - LEGACY_EXFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - (.not file.) - FssFltr (fssfltr) .(...) - LEGACY_FSSFLTR
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys - ghaio (ghaio) .(...) - LEGACY_GHAIO
O64 - Services: CurCS - (.not file.) - IDSVix86 (IDSVix86) .(...) - LEGACY_IDSVIX86
O64 - Services: CurCS - 29/05/2008 - C:\Windows\System32\DRIVERS\lullaby.sys - lullaby(lullaby) .(.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) - LEGACY_LULLABY
O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - (.not file.) - SCDEmu (SCDEmu) .(...) - LEGACY_SCDEMU
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR
O64 - Services: CurCS - 17/06/2010 - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - (.not file.) - SYMDNS (SYMDNS) .(...) - LEGACY_SYMDNS
O64 - Services: CurCS - (.not file.) - Symantec Extended File Attributes (SymEFA) .(...) - LEGACY_SYMEFA
O64 - Services: CurCS - (.not file.) - SYMFW (SYMFW) .(...) - LEGACY_SYMFW
O64 - Services: CurCS - (.not file.) - SYMNDISV (SYMNDISV) .(...) - LEGACY_SYMNDISV
O64 - Services: CurCS - (.not file.) - SYMREDRV (SYMREDRV) .(...) - LEGACY_SYMREDRV
O64 - Services: CurCS - (.not file.) - SYMTDI (SYMTDI) .(...) - LEGACY_SYMTDI



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - http://www.google.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.496F03DCA0EFF43EA168ED20ACCC6EFF] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Pik\AppData\Local\Temp\GLFE554.tmp.ConduitEngineSetup.exe [158048]
[MD5.B92293778555CE3DABE7F0A7E98B34C0] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Pik\AppData\Local\Temp\prxGLFE554.tmp.tbFree.dll [175912]
[MD5.1A8438854DD15E4389F5BDEF502C369D] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Pik\AppData\Local\Temp\tbFree.dll [4216104]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "{DCF239A9-08D5-451D-848A-94AE4B220428}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O87 - FAEL: "{0F673E9A-8902-4EAB-BCA1-82A85B74BAA0}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - Render Manager.) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
O87 - FAEL: "{523B54AA-DD68-4760-9D59-C54E3A6C1D7E}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - Render Manager.) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
O87 - FAEL: "{D6F10092-5BAA-488E-ACAD-3DFCA9691D52}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O87 - FAEL: "{0A1DCFA0-7D79-494F-967F-0C2BE46C857C}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
O87 - FAEL: "{1B57699E-C0CC-45C0-B5E4-ABFCB70736AE}" | In - Public - P6 - TRUE | .(.Pinnacle Systems - umi.) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
O87 - FAEL: "{07DEBAD6-D0CD-4F11-AC6B-168DDF130528}" | In - Public - P17 - TRUE | .(.Pinnacle Systems - umi.) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
O87 - FAEL: "{1AEBB7CF-3A36-4097-AD13-EDDCB826B3E5}" | In - Public - P6 - TRUE | .(.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O87 - FAEL: "{7BF73580-F1B4-4F94-8A7C-F2894BAD5EE8}" | In - Public - P17 - TRUE | .(.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O87 - FAEL: "TCP Query User{63B7E2DC-D556-4331-9891-4C00EFB169C5}C:\program files\internet explorer\iexplore.exe" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "UDP Query User{0B65D0A8-16FC-4FE3-8581-CA16B6386908}C:\program files\internet explorer\iexplore.exe" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "TCP Query User{C920A700-0F1C-4201-B747-E2F944DBF068}C:\program files\real\realplayer\realplay.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{C595EDBD-47A1-4479-9029-765749CE58A9}C:\program files\real\realplayer\realplay.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{5671566C-7A54-4325-8957-735E3F834501}C:\program files\real\realplayer\recordingmanager.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc..) -- C:\program files\real\realplayer\recordingmanager.exe
O87 - FAEL: "UDP Query User{19BF5A03-90E4-4A49-B37A-4F2B8F9B9EAC}C:\program files\real\realplayer\recordingmanager.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc..) -- C:\program files\real\realplayer\recordingmanager.exe
O87 - FAEL: "TCP Query User{07B53EAC-5AEF-4F6E-9144-FF45A0BCC7A3}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "UDP Query User{2379E3DC-87FE-4EB6-B3E9-39503A1C2F28}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "TCP Query User{40640BD7-81C5-4EF4-9CCD-953D17AE41EB}C:\program files\sorenson media\sorenson squeeze\squeeze.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\sorenson media\sorenson squeeze\squeeze.exe (.not file.)
O87 - FAEL: "UDP Query User{BC9B1C14-D627-4ACA-9D19-E347195A1F8C}C:\program files\sorenson media\sorenson squeeze\squeeze.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\sorenson media\sorenson squeeze\squeeze.exe (.not file.)
O87 - FAEL: "TCP Query User{FAF2AD50-0693-4DED-B149-831DB3209246}C:\program files\real\realplayer\realplay.exe" | In - Private - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{10314C96-231F-4AF3-8E21-CA7BADEE5616}C:\program files\real\realplayer\realplay.exe" | In - Private - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{25966E69-A7B1-4F7F-80D9-C3313D0AAE62}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "UDP Query User{99BE7EFD-DAA4-4E62-A56E-3D4201504FD8}C:\users\pik\documents\rawavrecorder\rawavrecorder.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\pik\documents\rawavrecorder\rawavrecorder.exe
O87 - FAEL: "{28671E82-2846-44F7-9222-263B2B27DD72}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{10B06F31-EB42-445D-BE5F-C29F9179BE0A}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{B6555CF1-4489-4440-BD26-4F6E301086C8}" | In - Private - P6 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "{EFCAB917-48AE-4E12-9F6E-3CAED8856A8B}" | In - Private - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "TCP Query User{581D1393-3486-42C2-A18B-A3DC05631E2E}C:\program files\pinnacle\studio 12\programs\studio.exe" | In - Private - P6 - TRUE | .(.Pinnacle Systems.) -- C:\program files\pinnacle\studio 12\programs\studio.exe
O87 - FAEL: "UDP Query User{C5CA2314-D1D2-4CB5-9FC0-6E62D7A33FAC}C:\program files\pinnacle\studio 12\programs\studio.exe" | In - Private - P17 - TRUE | .(.Pinnacle Systems.) -- C:\program files\pinnacle\studio 12\programs\studio.exe
O87 - FAEL: "{94F783D3-B0A3-4350-AEC3-9757DEE10BB7}" | In - Public - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{6DF9C3B6-58D2-4890-940A-B01D60129D27}" | In - Public - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "TCP Query User{EA887355-A021-496B-9B5E-20825A2718F8}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe
O87 - FAEL: "UDP Query User{DD3A5749-A83D-4CA2-8862-FBC2153619A4}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe
O87 - FAEL: "{57F1B4D2-FEB2-42CE-8F18-A700592D47EE}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{D066CB98-5F47-4683-864A-9CE4CF0F3B67}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{5820F6D7-0212-4595-BA5A-FD75FC2E6C12}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{D17BFA95-19E0-42A0-8310-27C41CADFF30}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{80B666F1-FB20-423A-937A-EA65AA37260F}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "TCP Query User{B181D822-BA8B-434A-A145-2ACDE541BAFE}C:\program files\internet explorer\iexplore.exe" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "UDP Query User{75E229CC-4628-49D5-851C-0A90A17FE1F1}C:\program files\internet explorer\iexplore.exe" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "{4205FFEC-5F54-4FF0-9DD3-C5883F64BF1B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Pik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3OYTIIF\AudioConverterSetup[2].exe (.not file.)
O87 - FAEL: "{5E150F8A-1B01-411E-9C9E-213DF9C0073B}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Pik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3OYTIIF\AudioConverterSetup[2].exe (.not file.)



---\\ Scan Additionnel (O88)
Database Version : 8475 - (03/06/2011)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
C:\Users\Pik\Appdata\LocalLow\BabylonToolbar =>Toolbar.Babylon



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
SR - | Auto 09/05/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 01/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 03/10/2007 94208 | (ASLDRService) . (...) - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 01/08/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 12/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 0 | (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 07/03/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 25/07/2008 196608 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 03/08/2007 125496 | (spmgr) . (...) - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Pik at 05/06/2011 16:42:36

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



End of the scan (1214 lines in 02mn 17s)(0)
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Demande d'analyse

Messagepar nardino » 05 Juin 2011 17:36

Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar Pik » 05 Juin 2011 18:21

Bonsoir Nardino,
Je ne captes pas désolé, c'ets ce que j'ai fais, j'ai fais un copié collé du rapport ZHPDiag !
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Demande d'analyse

Messagepar nardino » 05 Juin 2011 18:47

Bonjour,
Je vais t'expliquer tout. :learn:
Si je te demande d'héberger le rapport c'est pour plusieurs raisons :
-Tu as vu la taille de ce dernier et la place qu'il prend sur le forum, donc à éviter
-Comme il est découpé, cela m'oblige à le reconstituer pour l'avoir en entier afin de le mettre dans un analyseur qui me permet de l'examiner plus rapidement sans avoir à faire du ligne par ligne.
-Hébergé, il ne reste en ligne que quelques jours, ce qui n'est pas plus mal.
J'espère que tu comprends mieux maintenant le sens de mes demandes. :wink:
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar Pik » 06 Juin 2011 07:10

Oui, bien sûr, désolé!
http://cjoint.com/?3FgijiIRRP3
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Re: Demande d'analyse

Messagepar nardino » 06 Juin 2011 10:39

Bonjour
Télécharge AD-Remover sur ton bureau.
http://www.teamxscript.org/adremoverTelechargement.html
Double clique sur AD-R.exe
Clique sur le bouton Nettoyer.
Poste le rapport qui va s'ouvrir en fin de scan.
Le rapport est sauvegardé sous C:\Ad-report-SCAN[1].txt
Puis ferme le programme par Quitter.

Mets à jour Internet Explorer, Firefox et Adobe Reader
http://windows.microsoft.com/fr-FR/inte ... ts/ie/home
http://www.mozilla-europe.org/fr/
Acrobat Reader X :
http://www.adobe.com/fr/products/acroba ... sions.html
Sélectionne ton système et la version appropriée ainsi que la langue souhaitée.
Décoche McAfee Security Scan
Clique sur Télécharger maintenant.
Installe-le
Cette version désinstalle les précédentes.
Et commence à surveiller la capacité d'utilisation de ton disque C.
Il doit rester toujours au moins 15% d'espace libre et tu en es à 19%.
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar Pik » 06 Juin 2011 12:21

Bonjour,
MAJ effectuées, j'ai bloqué toutes les mises à jour de mon pc (windows, adobe, explorer, mozilla..) depuis que je l'ai, c'est peut-être une erreur donc ? Lesquelles laisser en activité ?
Ci-dessous le rapport de scan de Ad-Remover :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:07:00 le 06/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Pik@PC-DE-PIK (ASUSTeK Computer Inc. M50Vc)

============== RECHERCHE ==============


Fichier trouvé: C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini



============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.17 (fr)] ****

HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&amp;q={searchTerms}&amp;mntrId=8653f80c000000000000002243310a61&amp;tlver=1.4.19.19&amp;affID=17160/)

-- C:\Users\Pik\AppData\Roaming\Mozilla\FireFox\Profiles\flb9sjdf.default --
Extensions\foxmarks@kei.com-trash (?)
Prefs.js - browser.search.selectedEngine, Search the web (Babylon)
Prefs.js - browser.startup.homepage, hxxp://www.windguru.cz/fr/index.php?sc=48561
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss ... tlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18975] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKCU_URLSearchHooks|{32b29df0-2237-4370-9a29-37cebb730e9b} (x)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{32B29DF0-2237-4370-9A29-37CEBB730E9B} (x)
HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll) (x)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{1009C944-97D5-44A9-9E32-DFF54F498968} - "ASUS Security Protect Manager e-Wallet" (C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll,1)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll) (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 30 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 20 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 04/06/2011 15:14:19 (12078 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 06/06/2011 13:04:24 (3952 Octet(s))
C:\Ad-Report-SCAN[1].txt - 04/06/2011 15:12:30 (3839 Octet(s))

Fin à: 13:08:04, 06/06/2011

============== E.O.F ==============
Pik
 
Messages: 28
Inscription: 03 Juin 2011 12:37

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités