Rapport de ZHPDiag v1.27.2423 par Nicolas Coolman, Update du 21/07/2011
Run by rené at 23/07/2011 21:16:49
Web site :
http://www.premiumorange.com/zeb-help-p ... pdiag.html---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
---\\ System Information
Windows 7 Starter Edition, 32-bit (Build 7600)
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
~ Boot mode: ~ Normal (Normal boot)
Total RAM: 1011 MB (13% free)
~ System Restore: Activé (Enable)
System drive C: has 179 GB (83%) free of 215 GB
---\\ Logged in mode
~ Computer Name: RENÉ-HP
~ User Name: rené
~ All Users Names: rené, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
~ Logged in as Administrator
---\\ Environnement Variables
~ %AppData%=C:\Users\rené\AppData\Roaming\
~ %Desktop%=C:\Users\rené\Desktop\
~ %Favorites%=C:\Users\rené\Favorites\
~ %LocalAppData%=C:\Users\rené\AppData\Local\
~ %StartMenu%=C:\Users\rené\AppData\Roaming\Microsoft\Windows\Start Menu\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 179 Go of 215 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 18 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.27/04/2011 - 06:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (....) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/06/2011 - 20:31:50.) -- C:\Windows\system32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/08/2010 - 02:03:02.) -- C:\Windows\system32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/04/2011 - 06:44:01.) -- C:\Windows\system32\drivers\ntfs.sys [1210240]
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 2/27
~ Mes Documents (My Documents) : 1/4
~ Mon Bureau (My Desktop) : 1/2
~ Menu demarrer (Programs) : 7/21
---\\ Processus lancés
[MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008]
[MD5.27870BDDDE2BB30C134247512D8A6156] - (.PCTuto - autoupdater.) -- C:\Users\rené\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe [663168]
[MD5.285FBAB6FACA1E3166FB352C34AAC762] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848]
[MD5.DC8F297AC5D203AB8D3B70709740F29C] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592]
[MD5.D165F0D7BDCDE31BE4B1E2149E92AC2A] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552]
[MD5.41E7042F32E30363FCE1ABCCF630DDA4] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952]
[MD5.F778E8D83339B7C02EAC8B13AB83999E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1778984]
[MD5.D1930CA970D4250D891F432419E3D6C9] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904]
[MD5.01E60FEE382DCB512ACA93D31D6BD954] - (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568]
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708]
[MD5.4C8981727B06F718832DD3D42C9EB769] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168]
[MD5.3EEC83341AECDE670C2CE16EBED5D66C] - (.PCTUTO - PCTUTO.) -- C:\Program Files\PCTuto\pctuto.exe [982656]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.33BFCE71F407F24E5DFDB7DD46CE2D6D] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449584]
[MD5.73E7F1D810AA3520BF15545A57B86712] - (.Zecter Inc. - HP CloudDrive.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe [154304]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]
[MD5.C5E25590F63DA3D4240521A02F641B10] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [828704]
[MD5.3426775825ADF252E5A7486B24A678C6] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720]
[MD5.6408547F86FE90924BDE983D79C23A93] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2831648]
[MD5.64EFAF916C4009F1B84153D0BB491FB0] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [673040]
[MD5.745EE2C6FB0B43C9F00E017F5E5D7317] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [307376]
[MD5.0C48AFAA67B59D73567DF8EB4DD04B4A] - (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe [240288]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040]
[MD5.CB443C9D1485A3F7B21D15BE2D3CF168] - (.Hewlett-Packard Company - HP Wireless Assistant.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064]
[MD5.DDB5F8380F88EE659D519A69BE56A9D5] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [309304]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [47104]
[MD5.887BAA34C1B3AB4FBC54BF6545B59B49] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [658432]
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50401.0.) -- c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://fr.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://g.uk.msn.comR0 - HKUS\S-1-5-21-4135575750-1372082982-2780986660-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
http://fr.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-4135575750-1372082982-2780986660-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.comR3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BHO Project - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} . (.InternetEngine - Pas de description.) -- C:\Program Files\Object\bho_project.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AmIcoSinglun] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [ZumoDrive] . (...) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [PCTuto] . (.PCTUTO - PCTUTO.) -- C:\Program Files\PCTuto\pctuto.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\RunOnce: [autoupdater] . (.PCTuto - autoupdater.) -- C:\Users\rené\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-4135575750-1372082982-2780986660-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-4135575750-1372082982-2780986660-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (.Broadcom Corporation..) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk . (.ArcSoft Inc..) -- C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\rené\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\rené\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} . (.Evernote Corporation - Web Clipper extension tool for IE.) -- C:\Program Files\Evernote\Evernote3.5\enbar.dll
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{068C6309-0704-4299-9CF8-F02EAF24CFF2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A2E2A7D-EF25-4F99-9E96-04C44BF07C6E}: DhcpNameServer = 192.168.72.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{068C6309-0704-4299-9CF8-F02EAF24CFF2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A2E2A7D-EF25-4F99-9E96-04C44BF07C6E}: DhcpNameServer = 192.168.72.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{068C6309-0704-4299-9CF8-F02EAF24CFF2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4A2E2A7D-EF25-4F99-9E96-04C44BF07C6E}: DhcpNameServer = 192.168.72.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Andrea ST Filters Service (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service (HP Wireless Assistant Service) . (.Hewlett-Packard Company - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HPWMISVC (HPWMISVC) . (.Pas de propriétaire - HPWMISVC Application.) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: C:\Windows\system32\stlang.dll (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Program Files\IDT\WDM\STacSV.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.ED5D30F5D177A12E1A67401440DEA36D] [APT] [RecoveryCDWin7] (...) -- C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.ED5D30F5D177A12E1A67401440DEA36D] [APT] [Registration] (...) -- C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.ED5D30F5D177A12E1A67401440DEA36D] [APT] [ServicePlan] (...) -- C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.706C9BC93F29B54AEDB4DD5A7918D933] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.706C9BC93F29B54AEDB4DD5A7918D933] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Analyzer 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
[MD5.90CAD241DEC99A0350FB2A6AE61B63BB] [APT] [Norton Error Processor 18.6.0.29] (.Symantec Corporation.) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (BHDrvx86) . (.Symantec Corporation - BASH Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx86.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (DVMIO) . (.DeviceVM, Inc. - DVMIO virtual device driver.) - C:\Windows\System32\DRIVERS\dvmio.sys
O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: (IDSVix86) . (.Symantec Corporation - IDS Core Driver.) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110615.001\IDSvix86.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: (SymIRON) . (.Symantec Corporation - Iron Driver.) - C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.sys
O41 - Driver: (SymNetS) . (.Symantec Corporation - Network Security Driver.) - C:\Windows\system32\Drivers\NIS\1206000.01D\SYMNETS.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] -- {287ECFA4-719A-2143-A09B-D6A12DE54E40}
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {A2BCA9F1-566C-4805-97D1-7FDC93386723}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.4.5 MUI - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-FFFF-7B44-A91000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc.) [HKLM] -- {9ECF7817-DB11-4FBA-9DF1-296A578D513A}
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] -- InstallShield_{1588DD21-B959-4674-9CF0-4D13B7D75020}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bejeweled 2 Deluxe - (.WildTangent.) [HKLM] -- WT087428
O42 - Logiciel: Broadcom 2070 Bluetooth 3.0 - (.Broadcom Corporation.) [HKLM] -- {436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM] -- WT087453
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: Diner Dash 2 Restaurant Rescue - (.WildTangent.) [HKLM] -- WT087536
O42 - Logiciel: Dream Chronicles - (.WildTangent.) [HKLM] -- WT087467
O42 - Logiciel: ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM] -- {3877C901-7B90-4727-A639-B6ED2DD59D43}
O42 - Logiciel: Energy Star Digital Logo - (.Hewlett-Packard.) [HKLM] -- {BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
O42 - Logiciel: Evernote - (.Evernote Corp..) [HKLM] -- {F761359C-9CED-45AE-9A51-9D6605CD55C4}
O42 - Logiciel: FATE - (.WildTangent.) [HKLM] -- WT087361
O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM] -- facetheme
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP CloudDrive - (.Pas de propriétaire.) [HKLM] -- ZumoDrive
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM] -- {F4657EC0-BB82-47C7-ACD8-140212055852}
O42 - Logiciel: HP Game Console - (.WildTangent.) [HKLM] -- My HP Game Console
O42 - Logiciel: HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: HP HomeBase - (.ArcSoft.) [HKLM] -- {4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}
O42 - Logiciel: HP Power Manager - (.Hewlett-Packard Company.) [HKLM] -- {4B156358-CE9C-4E9F-8CAD-79AE86A68C60}
O42 - Logiciel: HP Quick Launch - (.Hewlett-Packard Company.) [HKLM] -- {E342D296-DB9D-4FC7-ACB0-39926C0BFA16}
O42 - Logiciel: HP QuickSync - (.Hewlett-Packard Company.) [HKLM] -- {40C19172-F700-4056-8683-2C64BE3202C8}
O42 - Logiciel: HP QuickWeb Installer - (.DeviceVM Inc..) [HKLM] -- {394FA67A-FF0A-4356-BB77-D85E5A300BDE}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {72D90DB3-A16A-4545-B555-868471101833}
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM] -- {8BAC9B23-9D91-48D6-8565-BD80D2BCBD18}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM] -- {FC17E0A7-EAA9-4902-92F8-C83B9FD02246}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {48EE0E00-86DE-47A5-8D00-B5D72A70BCCD}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Insaniquarium Deluxe - (.WildTangent.) [HKLM] -- WT087480
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF}
O42 - Logiciel: Jewel Quest - Heritage - (.WildTangent.) [HKLM] -- WT087374
O42 - Logiciel: Jewel Quest II - (.WildTangent.) [HKLM] -- WT087485
O42 - Logiciel: Jewel Quest Solitaire - (.WildTangent.) [HKLM] -- WT087490
O42 - Logiciel: JoJo's Fashion Show - (.WildTangent.) [HKLM] -- WT087385
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: Mahjongg Artifacts - (.WildTangent.) [HKLM] -- WT087495
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM] -- NIS
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM] -- PCTuto_is1
O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM] -- PCTuto Avast_is1
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM] -- WT087394
O42 - Logiciel: Plants vs. Zombies - (.WildTangent.) [HKLM] -- WT087501
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM] -- WT087396
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Realtek Ethernet Controller Driver For Windows 7 - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Recovery Manager - (.CyberLink Corp..) [HKLM] -- {44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skip-Bo - Castaway Caper - (.WildTangent.) [HKLM] -- WT087408
O42 - Logiciel: Slingo Deluxe - (.WildTangent.) [HKLM] -- WT087510
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Tradewinds Legends - (.WildTangent.) [HKLM] -- WT087409
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1
O42 - Logiciel: Virtual Villagers - The Secret City - (.WildTangent.) [HKLM] -- WT087513
O42 - Logiciel: Wedding Dash - (.WildTangent.) [HKLM] -- WT087519
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {76810709-A7D3-468D-9167-A1780C1E766C}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Zuma Deluxe - (.WildTangent.) [HKLM] -- WT087533
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Netscape]
[HKCU\Software\Norton]
[HKCU\Software\PCTuto]
[HKCU\Software\Policies]
[HKCU\Software\Synaptics]
[HKCU\Software\Trolltech]
[HKCU\Software\Widcomm]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AppDataLow]
[HKLM\Software\Avira]
[HKLM\Software\BcmSetup]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\DEVICEVM]
[HKLM\Software\Evernote]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Insyde]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nom de votre société]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\P2G_Upgrade]
[HKLM\Software\PCTuto]
[HKLM\Software\Policies]
[HKLM\Software\Product_Upgrade]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Widcomm]
[HKLM\Software\WildTangent]
[HKLM\Software\Wow6432Node]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Zecter]
O43 - CFD: 27/Files\HP Games
O43 - CFD: 03/12/2010 - 11:20:16 - [43436945] ----D- C:\Program Files\IDT
O43 - CFD: 03/12/2010 - 11:26:08 - [94764020] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 03/12/2010 - 11:08:18 - [11048089] ----D- C:\Program Files\Intel
O43 - CFD: 17/06/2011 - 23:35:22 - [4498312] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 16/08/2010 - 19:42:02 - [90561113] ----D- C:\Program Files\Java
O43 - CFD: 23/07/2011 - 20:31:34 - [6953184] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 03/12/2010 - 11:50:30 - [854520] ----D- C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 06:52:32 - [46990135] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 16/08/2010 - 18:33:08 - [6423243] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 16/08/2010 - 19:31:04 - [38271979] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 03/12/2010 - 11:52:18 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 03/12/2010 - 11:53:26 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 22/04/2011 - 06:06:10 - [15715] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:32 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 03/12/2010 - 11:27:02 - [202796524] ----D- C:\Program Files\Norton Internet Security
O43 - CFD: 03/12/2010 - 11:26:22 - [24382979] ----D- C:\Program Files\NortonInstaller
O43 - CFD: 23/07/2011 - 16:00:52 - [159814] ----D- C:\Program Files\Object
O43 - CFD: 19/04/2011 - 12:16:42 - [814259] R---D- C:\Program Files\Online Services
O43 - CFD: 03/12/2010 - 11:24:02 - [567838] ----D- C:\Program Files\onlineservices
O43 - CFD: 23/07/2011 - 20:48:36 - [7696043] ----D- C:\Program Files\PCTuto
O43 - CFD: 03/12/2010 - 11:03:58 - [1842843] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 06:52:32 - [38597377] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 12/05/2011 - 22:51:32 - [60872] ----D- C:\Program Files\Symantec
O43 - CFD: 03/12/2010 - 11:03:10 - [37790338] ----D- C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 06:53:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 03/12/2010 - 11:10:38 - [116740290] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 17/08/2010 - 02:50:44 - [3049984] ----D- C:\Program Files\Windows Defender
O43 - CFD: 03/12/2010 - 11:53:46 - [136553350] ----D- C:\Program Files\Windows Live
O43 - CFD: 03/12/2010 - 11:49:52 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 21/04/2011 - 05:50:26 - [6180864] ----D- C:\Program Files\Windows Mail
O43 - CFD: 21/04/2011 - 05:50:24 - [6607787] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 19/04/2011 - 12:14:44 - [12197556] ----D- C:\Program Files\Windows NT
O43 - CFD: 17/08/2010 - 02:50:44 - [4417800] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:34 - [189440] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 19/04/2011 - 12:16:40 - [10648749] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 23/07/2011 - 21:17:02 - [3931861] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 16/08/2010 - 19:05:18 - [16426975] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 16/08/2010 - 19:06:16 - [31787256] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 16/08/2010 - 17:36:02 - [2009175] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 16/08/2010 - 19:42:20 - [1231815] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 03/12/2010 - 11:49:56 - [18598524] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:06 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:37:06 - [41103783] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 19/04/2011 - 14:30:02 - [1313000] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 17/08/2010 - 02:50:44 - [10102259] ----D- C:\Program Files\Common Files\System
O43 - CFD: 03/12/2010 - 11:45:12 - [235123779] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 20/04/2011 - 14:52:36 - [761] ----D- C:\ProgramData\Adobe
O43 - CFD: 03/12/2010 - 11:10:04 - [497] ----D- C:\ProgramData\AmUStor
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 27/04/2011 - 11:51:20 - [54024786] ----D- C:\ProgramData\Avira
O43 - CFD: 19/04/2011 - 12:14:44 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 03/12/2010 - 11:24:52 - [34406] ----D- C:\ProgramData\CyberLink
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 19/04/2011 - 12:14:44 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 23/07/2011 - 16:19:28 - [1219682] ----D- C:\ProgramData\Google
O43 - CFD: 03/12/2010 - 12:03:54 - [360691] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 23/07/2011 - 20:31:28 - [7080090] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 19/04/2011 - 12:14:44 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 19/04/2011 - 12:14:44 - [1291365439] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 19/04/2011 - 12:14:44 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 19/04/2011 - 12:23:40 - [378777645] ----D- C:\ProgramData\Norton
O43 - CFD: 03/12/2010 - 11:26:22 - [1255268] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 16/08/2010 - 19:42:22 - [119] ----D- C:\ProgramData\Sun
O43 - CFD: 03/12/2010 - 11:25:56 - [254094] ----D- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 03/12/2010 - 11:43:30 - [1643128018] ----D- C:\ProgramData\WildTangent
O43 - CFD: 16/08/2010 - 19:52:50 - [35356150] ----D- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
O43 - CFD: 20/04/2011 - 14:51:58 - [203056] ----D- C:\Users\rené\AppData\Roaming\Adobe
O43 - CFD: 28/04/2011 - 09:57:02 - [0] ----D- C:\Users\rené\AppData\Roaming\Avira
O43 - CFD: 23/07/2011 - 16:21:02 - [522] ----D- C:\Users\rené\AppData\Roaming\Google
O43 - CFD: 27/04/2011 - 11:44:00 - [52397] ----D- C:\Users\rené\AppData\Roaming\Hewlett-Packard
O43 - CFD: 01/06/2011 - 23:41:30 - [642] ----D- C:\Users\rené\AppData\Roaming\hpqLog
O43 - CFD: 19/04/2011 - 12:22:24 - [0] ----D- C:\Users\rené\AppData\Roaming\Identities
O43 - CFD: 19/04/2011 - 12:34:54 - [2364] ----D- C:\Users\rené\AppData\Roaming\Macromedia
O43 - CFD: 23/07/2011 - 20:31:54 - [235467] ----D- C:\Users\rené\AppData\Roaming\Malwarebytes
O43 - CFD: 22/04/2011 - 07:24:20 - [3253283] -S--D- C:\Users\rené\AppData\Roaming\Microsoft
O43 - CFD: 21/04/2011 - 15:00:22 - [2164181] ----D- C:\Users\rené\AppData\Roaming\PCtuto
O43 - CFD: 23/07/2011 - 20:50:12 - [301832] ----D- C:\Users\rené\AppData\Roaming\ZumoDrive
O43 - CFD: 20/04/2011 - 14:55:58 - [121622] ----D- C:\Users\rené\AppData\Local\Adobe
O43 - CFD: 19/04/2011 - 12:15:02 - [0] -SH-D- C:\Users\rené\AppData\Local\Application Data
O43 - CFD: 21/04/2011 - 22:49:20 - [1272141] ----D- C:\Users\rené\AppData\Local\Apps
O43 - CFD: 19/04/2011 - 12:22:56 - [0] ----D- C:\Users\rené\AppData\Local\Broadcom
O43 - CFD: 23/07/2011 - 16:18:04 - [0] ----D- C:\Users\rené\AppData\Local\Deployment
O43 - CFD: 19/04/2011 - 15:47:30 - [577877] ----D- C:\Users\rené\AppData\Local\Diagnostics
O43 - CFD: 23/07/2011 - 16:19:40 - [8047] ----D- C:\Users\rené\AppData\Local\Google
O43 - CFD: 20/04/2011 - 14:56:06 - [11255] ----D- C:\Users\rené\AppData\Local\Hewlett-Packard
O43 - CFD: 19/04/2011 - 12:15:02 - [0] -SH-D- C:\Users\rené\AppData\Local\Historique
O43 - CFD: 22/04/2011 - 07:24:22 - [304251652] ----D- C:\Users\rené\AppData\Local\Microsoft
O43 - CFD: 09/05/2011 - 06:08:12 - [428849] ----D- C:\Users\rené\AppData\Local\Microsoft Games
O43 - CFD: 21/04/2011 - 15:00:16 - [533844] ----D- C:\Users\rené\AppData\Local\PCTuto
O43 - CFD: 23/07/2011 - 21:12:58 - [78227832] ----D- C:\Users\rené\AppData\Local\Temp
O43 - CFD: 19/04/2011 - 12:15:02 - [0] -SH-D- C:\Users\rené\AppData\Local\Temporary Internet Files
O43 - CFD: 19/04/2011 - 12:15:04 - [0] ----D- C:\Users\rené\AppData\Local\VirtualStore
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8CF88AADF3B36CF63B5B9F473411B4AA] - 23/07/2011 - 19:57:02 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14128]
O44 - LFC:[MD5.8CF88AADF3B36CF63B5B9F473411B4AA] - 23/07/2011 - 19:57:02 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14128]
O44 - LFC:[MD5.AA4D605C0F5F862BF8FA7202C4AFF3EC] - 23/07/2011 - 19:54:41 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.604A369D41F2D606433537E02F33EA38] - 23/07/2011 - 19:54:41 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106388]
O44 - LFC:[MD5.A9218F0BE9A6964915E4908B271F48CC] - 23/07/2011 - 19:54:41 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [130754]
O44 - LFC:[MD5.55B934102A70C14AB65832C59421AE4C] - 23/07/2011 - 19:54:41 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616008]
O44 - LFC:[MD5.1BF1C5FC69297414AA6F850CFB72446D] - 23/07/2011 - 19:54:41 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [704480]
O44 - LFC:[MD5.F8D88507B5E48CD85931194D37065078] - 23/07/2011 - 19:53:13 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1926844]
O44 - LFC:[MD5.79BA5BEF9C99E38DA4ED75D0A6E4F122] - 23/07/2011 - 19:48:58 ---A- . (...) -- C:\Windows\setupact.log [43381]
O44 - LFC:[MD5.A8350C61F48EACEE1B4950EA11A42050] - 23/07/2011 - 19:48:46 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.A4E65F8BFA150C066DCC6E2EFD44EF5C] - 23/07/2011 - 19:48:40 ---A- . (...) -- C:\Windows\PFRO.log [12912]
O44 - LFC:[MD5.6C4A09CED9B0AFD5BDFE470F9C10B583] - 23/07/2011 - 15:08:52 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [267680]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 07/07/2011 - 21:30:32 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [22712]
O44 - LFC:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [41272]
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=