Il y a actuellement 455 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

[Régle] AdAware.ClickPotato

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Régle] AdAware.ClickPotato

Message le 28 Avr 2011 21:41

Bonsoir,

je suis une nouvelle victime du fameux virus d'msn.
en effet des mails s'envoient automatiquement à tous mes contacts... grrrr :evil:

j'ai parcouru quelques post à ce sujet et commencé la demarche à effectuer, si quelqu'un veut bien prendre le temps de m'aider s'il vous plait.

voici le rapport fait par ZHP:
Code: Tout sélectionner
Rapport de ZHPDiag v1.27.193 par Nicolas Coolman, Update du 28/04/2011
Run by Amélie at 28/04/2011 22:25:58
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3956 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 106 GB (73%) free of 145 GB

---\\ Logged in mode
Computer Name: AMÉLIE-PC
User Name: Amélie
All Users Names: Amélie, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=
%LocalAppData%=
%StartMenu%=

---\\ DOS/Devices
A:\ Hard drive, Flash drive, Thumb drive (Free 137 Go of 138 Go)
C:\ Hard drive, Flash drive, Thumb drive (Free 106 Go of 145 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)
F:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK



---\\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/04/2011 08:55:33.) -- C:\Windows\system32\wininet.dll [1126912]



---\\ Processus lancés
[MD5.1E14A26E0EA1C47103BDE6A260CCF009] - (.Pas de propriétaire - ST Service Scheduling.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe   [781536]
[MD5.BF03365A9F23F27F717A21A0CE926151] - (.SoftThinks - Dell - Dell DataSafe Local Backup.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe   [1853248]
[MD5.80B62FF105908EC9E4B072AFB1CFC824] - (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe   [409744]
[MD5.0647EF247A5D0402E74FE89F5F6A8A11] - (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe   [498160]
[MD5.00D1FB0073B4A8BD2989EA8FF4CC792B] - (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe   [206064]
[MD5.2E9A1A6555C20424FC6DCC3AF21F4D68] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3451496]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [249064]
[MD5.AEEC0405A1C587562275AB20CC6E3521] - (.Microsoft Corporation - Visual Basic Command Line Compiler.) -- C:\Windows\Temp\svhost.exe   [1169224]
[MD5.885F90697A42F998EC919A143BFAE5CD] - (.Pinball Corporation. - ClickPotato Search assistant.) -- C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLiteSA.exe   [742192]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe   [11322880]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin   [11314688]
[MD5.711FD53E441255983C0AB014E2F107F4] - (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe   [233936]
[MD5.904E13BA41AF2E353A32CF351CA53639] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe   [748336]
[MD5.59E2A529D9ABCFA2024153A05FE693A1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Users\Amélie\Desktop\ZHPDiag\ZHPDiag.exe   [644608]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110414200035.dll
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [rundll32] . (...) -- C:\Users\Amélie\AppData\Local\Temp\rundll32 .exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [DellSupportCenter] . (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [ClickPotatoLiteSA] . (.Pinball Corporation. - ClickPotato Search assistant.) -- C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLiteSA.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [Launcher] . (.Softthinks - VistaLauncher.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exeam Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (.not file.)
O4 - HKLM\..\Wow6432Node\RunOnce: [STToasterLauncher] . (.Pas de propriétaire - ToasterLauncher.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\Run: [rundll32] . (...) -- C:\Users\Amélie\AppData\Local\Temp\rundll32 .exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (...)  -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk . (...)  -- C:\Program Files (x86)\Dell\DellDock\DellDock.exe (.not file.)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk . (...)  -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CS1\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CS2\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service:  (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service:  (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service:  (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service:  (DockLoginService) . (.Stardock Corporation - Dock Login Service.) - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service:  (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service:  (McMPFSvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service:  (mcmscsvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McNaiAnn) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McNASvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McODS) . (.McAfee, Inc. - McAfee VirusScan On-Demand Scan.) - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service:  (McOobeSv) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McProxy) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McShield) . (.McAfee, Inc. - McAfee On-Access Scanner service.) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
O23 - Service:  (mfefire) . (.McAfee, Inc. - McAfee Core Firewall Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service:  (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service:  (SftService) . (.SoftThinks SAS - SoftThinks Agent Service.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service:  (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc. - SupportSoft Agent Service.) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service:  (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service:  (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe
O23 - Service:  (wltrysvc) . (...) - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)



---\\ Tâches planifiées en automatique (O39)
[MD5.1F83CB91A9830038DBE7CD1BA1921205] [APT] [Administrator - Start WLAN Tray Applet] (.Dell Inc..) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (mfenlfk) . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - C:\Windows\System32\DRIVERS\mfenlfk.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver:  (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM][64Bits] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Photoshop CS5 Portable - (.Adobe.) [HKLM][64Bits] -- {61172A5D-60AA-43BE-958F-90451024E768}_is1
O42 - Logiciel: Adobe Reader 9.1.2 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A91000000001}
O42 - Logiciel: Advanced Audio FX Engine - (.Creative Technology Ltd.) [HKLM][64Bits] -- Advanced Audio FX Engine
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {71E015CC-52DA-4536-AF0C-C643BA1E45FB}
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
O42 - Logiciel: ClickPotato - (.Pinball Corporation..) [HKLM][64Bits] -- ClickPotatoLiteSA
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dell DataSafe Local Backup - (.Dell.) [HKLM][64Bits] -- {0ED7EE95-6A97-47AA-AD73-152C08A15B04}
O42 - Logiciel: Dell Dock - (.Stardock Corporation.) [HKLM][64Bits] -- Dell Dock
O42 - Logiciel: Dell Edoc Viewer - (.Dell Inc.) [HKLM] -- {8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}
O42 - Logiciel: Dell Support Center (Logiciel de support) - (.Dell.) [HKLM][64Bits] -- {E3BFEE55-39E2-4BE0-B966-89FE583822C1}
O42 - Logiciel: Dell Touchpad - (.ALPS ELECTRIC CO., LTD..) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}
O42 - Logiciel: Dell Webcam Central - (.Creative Technology Ltd.) [HKLM][64Bits] -- Dell Webcam Central
O42 - Logiciel: Dell Wireless WLAN Card Utility - (.Dell Inc..) [HKLM] -- Dell Wireless WLAN Card Utility
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Java(TM) 6 Update 22 (64-bit) - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F86416022FF}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: Live! Cam Avatar Creator - (.Creative Technology Ltd.) [HKLM][64Bits] -- {65D0C510-D7B6-4438-9FC8-E6B91115AB0D}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: McAfee Security Center - (.McAfee, Inc..) [HKLM][64Bits] -- MSC
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM][64Bits] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: O42 - Logiciel: eBay - (.eBay Inc..) [HKLM][64Bits] -- {A8B88634-7F90-402F-B66A-86429755F6A5} - (.Pas de propriétaire.) [HKLM][64Bits] -- {A9668246-FB70-4103-A1E3-66C9BC2EFB49}
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM][64Bits] -- {05653DE1-6567-40C6-B930-39D399B64369}
O42 - Logiciel: Quickset64 - (.Dell Inc..) [HKLM] -- {87CF757E-C1F1-4D22-865C-00C6950B5258}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Roxio Burn - (.Roxio.) [HKLM][64Bits] -- {A33E7B0C-B99C-4EC9-B702-8A328B161AF9}
O42 - Logiciel: Roxio Burn - (.Roxio.) [HKLM][64Bits] -- {B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
O42 - Logiciel: VLC media player 1.1.9 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: WIDCOMM Bluetooth Software - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: eBay - (.eBay Inc..) [HKLM][64Bits] -- {A8B88634-7F90-402F-B66A-86429755F6A5}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Alps]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\ShoppingReport2]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Broadcom]
[HKCU\Software\Brother]
[HKCU\Software\Classes]
[HKCU\Software\Creative Tech]
[HKCU\Software\DC3_FEXEC]
[HKCU\Software\Dell]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\McAfee]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Softonic]
[HKCU\Software\SupportSoft]
[HKCU\Software\Widcomm]
[HKCU\Software\Wow6432Node]
[HKCU\Software\clickpotatolitesa]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\Alps]
[HKLM\Software\BcmSetup]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\ClickPotatoLite]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Creative]
[HKLM\Software\DELL]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\Dell]
[HKLM\Software\Google]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\McAfee]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\SRS Labs]
[HKLM\Software\SoftThinks]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\SupportSoft]
[HKLM\Software\VideoLAN]
[HKLM\Software\Widcomm]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/04/2011 - 19:09:26 - [169666578] ----D- C:\Program Files\AVAST Software
O43 - CFD: 30/01/2011 - 06:27:40 - [103444714] ----D- C:\Program Files\Common Files
O43 - CFD: 30/01/2011 - 06:22:56 - [45260949] ----D- C:\Program Files\Dell
O43 - CFD: 30/01/2011 - 06:00:48 - [14167234] ----D- C:\Program Files\Dell Inc
O43 - CFD: 30/01/2011 - 07:49:54 - [17507100] ----D- C:\Program Files\DellTPad
O43 - CFD: 14/07/2009 - 17:35:28 - [90257428] ----D- C:\Program Files\DVD Maker
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 16/04/2011 - 09:58:24 - [6202240] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 30/01/2011 - 06:00:38 - [80648844] ----D- C:\Program Files\Java
O43 - CFD: 30/01/2011 - 06:28:42 - [229912555] ----D- C:\Program Files\mcafee
O43 - CFD: 30/01/2011 - 06:27:38 - [2505805] ----D- C:\Program Files\mcafee.com
O43 - CFD: 14/07/2009 - 17:35:26 - [149236786] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 29/01/2011 - 22:53:54 - [12692992] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [36253865] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 30/01/2011 - 06:04:50 - [148002168] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 14/07/2009 - 17:24:10 - [4039168] ----D- C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 17:35:28 - [9224824] ----D- C:\Program Files\Windows Journal
O43 - CFD: 30/01/2011 - 06:16:54 - [7755583] ----D- C:\Program Files\Windows Live
O43 - CFD: 16/04/2011 - 09:43:44 - [6667264] ----D- C:\Program Files\Windows Mail
O43 - CFD: 30/01/2011 - 07:49:16 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/04/2011 - 13:20:32 - [12627124] ----D- C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 17:24:10 - [5516568] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 17:24:10 - [7191662] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 30/01/2011 - 06:27:40 - [30856659] ----D- C:\Program Files\Common Files\mcafee
O43 - CFD: 15/04/2011 - 10:10:24 - [59966614] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 17:24:10 - [12009971] ----D- C:\Program Files\Common Files\System
O43 - CFD: 26/04/2011 - 21:41:58 - [0] ----D- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
O43 - CFD: 30/01/2011 - 06:21:28 - [769] ----D- C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 30/01/2011 - 06:41:46 - [188] ----D- C:\ProgramData\ATI
O43 - CFD: 14/04/2011 - 19:09:26 - [5744512] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 28/04/2011 - 10:34:18 - [3109337] ----D- C:\ProgramData\ClickPotatoLiteSA
O43 - CFD: 14/04/2011 - 14:29:00 - [11402] ----D- C:\ProgramData\Creative
O43 - CFD: 14/04/2011 - 13:27:12 - [1722756] ----D- C:\ProgramData\Dell
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 30/01/2011 - 06:33:08 - [3552773] ----D- C:\ProgramData\Macrovision
O43 - CFD: 14/04/2011 - 14:28:10 - [33232329] ----D- C:\ProgramData\McAfee
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 14/04/2011 - 21:11:06 - [1235901340] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 30/01/2011 - 06:22:42 - [0] ----D- C:\ProgramData\PCDr
O43 - CFD: 30/01/2011 - 06:33:16 - [5785] ----D- C:\ProgramData\Sonic
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 30/01/2011 - 06:00:22 - [189] ----D- C:\ProgramData\Sun
O43 - CFD: 30/01/2011 - 06:22:44 - [6222951] ----D- C:\ProgramData\SupportSoft
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 30/01/2011 - 06:33:20 - [11492018] ----D- C:\ProgramData\Uninstall
O43 - CFD: 28/04/2011 - 22:25:44 - [8845980] -S--D- C:\Users\Amélie\AppData\Roaming\Microsoft
O43 - CFD: 27/04/2011 - 21:28:56 - [2501312] ----D- C:\Users\Amélie\AppData\Roaming\Adobe
O43 - CFD: 14/04/2011 - 13:27:40 - [0] ----D- C:\Users\Amélie\AppData\Roaming\ATI
O43 - CFD: 21/04/2011 - 17:23:50 - [0] R---D- C:\Users\Amélie\AppData\Roaming\Brother
O43 - CFD: 26/04/2011 - 21:41:58 - [0] ----D- C:\Users\Amélie\AppData\Roaming\ClickPotatoLite
O43 - CFD: 14/04/2011 - 14:29:00 - [402] ----D- C:\Users\Amélie\AppData\Roaming\Creative
O43 - CFD: 14/04/2011 - 13:27:56 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Dell
O43 - CFD: 14/04/2011 - 13:26:58 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Identities
O43 - CFD: 14/04/2011 - 13:50:02 - [6183] ----D- C:\Users\Amélie\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 17:35:06 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Media Center Programs
O43 - CFD: 15/04/2011 - 22:55:30 - [1508337] ----D- C:\Users\Amélie\AppData\Roaming\OpenOffice.org
O43 - CFD: 14/04/2011 - 13:27:42 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Roxio
O43 - CFD: 22/04/2011 - 13:00:54 - [510191357] ----D- C:\Users\Amélie\Appdata\Local\Microsoft
O43 - CFD: 27/04/2011 - 22:16:34 - [184997] ----D- C:\Users\Amélie\Appdata\Local\Adobe
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Application Data
O43 - CFD: 14/04/2011 - 13:27:40 - [59950] ----D- C:\Users\Amélie\Appdata\Local\ATI
O43 - CFD: 14/04/2011 - 13:27:40 - [0] ----D- C:\Users\Amélie\Appdata\Local\Broadcom
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Historique
O43 - CFD: 28/04/2011 - 10:29:52 - [2026] ----D- C:\Users\Amélie\Appdata\Local\SoftThinks
O43 - CFD: 14/04/2011 - 13:27:46 - [325] ----D- C:\Users\Amélie\Appdata\Local\Stardock_Corporation
O43 - CFD: 14/04/2011 - 13:27:38 - [4235772] ----D- C:\Users\Amélie\Appdata\Local\SupportSoft
O43 - CFD: 28/04/2011 - 22:25:48 - [35687948] ----D- C:\Users\Amélie\Appdata\Local\Temp
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Temporary Internet Files
O43 - CFD: 16/04/2011 - 09:49:06 - [300318] ----D- C:\Users\Amélie\Appdata\Local\VirtualStore
O43 - CFD: 28/04/2011 - 10:30:58 - [45056] ----D- C:\Users\Amélie\Appdata\Local\Windows Live
O43 - CFD: 27/04/2011 - 21:27:30 - [633785912] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 30/01/2011 - 06:03:12 - [86040640] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 30/01/2011 - 06:07:42 - [3598306] ----D- C:\Program Files (x86)\Cisco
O43 - CFD: 26/04/2011 - 21:41:58 - [1650773] ----D- C:\Program Files (x86)\ClickPotatoLite
O43 - CFD: 15/04/2011 - 09:07:38 - [329182313] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 30/01/2011 - 06:09:38 - [14953390] ----D- C:\Program Files (x86)\Creative
O43 - CFD: 30/01/2011 - 06:08:38 - [114688] ----D- C:\Program Files (x86)\Creative Live! Cam
O43 - CFD: 28/04/2011 - 10:30:10 - [219443830] ----D- C:\Program Files (x86)\Dell DataSafe Local Backup
O43 - CFD: 30/01/2011 - 06:22:34 - [105421026] ----D- C:\Program Files (x86)\Dell Support Center
O43 - CFD: 30/01/2011 - 06:09:30 - [264797136] ----D- C:\Program Files (x86)\Dell Webcam
O43 - CFD: 30/01/2011 - 06:27:36 - [934781] ----D- C:\Program Files (x86)\eBay
O43 - CFD: 30/01/2011 - 06:29:58 - [20261272] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 30/01/2011 - 06:08:08 - [12901959] ----D- C:\Program Files (x86)\Intel
O43 - CFD: 16/04/2011 - 09:58:24 - [5154168] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 15/04/2011 - 10:14:34 - [180805475] ----D- C:\Program Files (x86)\Java
O43 - CFD: 14/04/2011 - 13:20:48 - [432909] ----D- C:\Program Files (x86)\McAfee
O43 - CFD: 30/01/2011 - 06:27:40 - [428064] ----D- C:\Program Files (x86)\mcafee.com
O43 - CFD: 14/04/2011 - 13:52:32 - [0] ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 30/01/2011 - 06:32:26 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 21/04/2011 - 09:07:04 - [38388859] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 30/01/2011 - 06:17:54 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 16/04/2011 - 09:52:02 - [15715] ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 15/04/2011 - 10:15:38 - [370627109] ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD: 14/07/2009 - 07:32:40 - [38597377] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 30/01/2011 - 06:33:06 - [13525265] ----D- C:\Program Files (x86)\Roxio
O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 26/04/2011 - 23:20:22 - [82679395] ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 14/07/2009 - 17:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 16/04/2011 - 02:18:22 - [177028360] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 16/04/2011 - 09:43:42 - [6180864] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 30/01/2011 - 07:49:16 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 14/07/2009 - 17:24:10 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 14/07/2009 - 17:24:10 - [5994114] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 27/04/2011 - 21:28:12 - [4605470] ----D- C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 30/01/2011 - 06:01:48 - [3668633] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 15/04/2011 - 09:07:38 - [1247175] ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 30/01/2011 - 06:28:42 - [3653351] ----D- C:\Program Files (x86)\Common Files\mcafee
O43 - CFD: 30/01/2011 - 06:30:36 - [21191290] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 30/01/2011 - 06:08:10 - [166332] ----D- C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 30/01/2011 - 06:33:08 - [305088] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 30/01/2011 - 06:09:32 - [4221400] ----D- C:\Program Files (x86)\Common Files\Reallusion
O43 - CFD: 30/01/2011 - 06:33:08 - [6470778] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 30/01/2011 - 06:33:08 - [372019] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 30/01/2011 - 06:22:28 - [7526487] ----D- C:\Program Files (x86)\Common Files\supportsoft
O43 - CFD: 14/07/2009 - 17:24:10 - [10102259] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 30/01/2011 - 06:11:34 - [224545546] ----D- C:\Program Files (x86)\Common Files\Windows Live



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.220000000000000000000000A8EF1800] - 28/04/2011 - 21:18:52 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [2011571]
O44 - LFC:[MD5.CF77E58C6C796DFD5C7650FE0AFA211F] - 28/04/2011 - 20:15:36 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]
O44 - LFC:[MD5.1D7BA9095309BF00DBC4FEDBF7FFC832] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI   [1549700]
O44 - LFC:[MD5.E86C11FB6B5D2F257F8DC4196B208976] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat   [106388]
O44 - LFC:[MD5.32E6A5139968E5B59E31034FE9B7994C] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat   [130754]
O44 - LFC:[MD5.214E528064ECE0F3F26F77F36BD4D3C8] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat   [616008]
O44 - LFC:[MD5.54EED1F3AEFF9B9D27AD10AA205DFC97] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat   [704480]
O44 - LFC:[MD5.21B0D5541913D57F3D46AE5967861F84] - 28/04/2011 - 09:34:35 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [14240]
O44 - LFC:[MD5.21B0D5541913D57F3D46AE5967861F84] - 28/04/2011 - 09:34:35 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [14240]
O44 - LFC:[MD5.44B80BD81817CBAFDED60B8D17B9E7FC] - 28/04/2011 - 09:29:03 ---A- . (...) -- C:\Windows\setupact.log   [22735]
O44 - LFC:[MD5.32ADA6252048D2FCB1006AB598160D1B] - 28/04/2011 - 09:26:52 ---A- . (...) -- C:\Windows\PFRO.log   [13236]
O44 - LFC:[MD5.C6D9924A98FFF222C3EFB48B18FF944C] - 21/04/2011 - 16:22:35 ---A- . (...) -- C:\Windows\BRPP2KA.INI   [27]
O44 - LFC:[MD5.96AB5888BC087FACFDB69D0956738724] - 21/04/2011 - 16:22:35 ---A- . (...) -- C:\Windows\BRWMARK.INI   [434]
O44 - LFC:[MD5.446C0D7AA4BA022B43BA37E78A40105B] - 16/04/2011 - 08:58:04 ---A- . (...) -- C:\Windows\IE9_main.log   [4679]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 16/04/2011 - 08:55:30 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [72822]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 16/04/2011 - 08:55:22 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf   [72822]
O44 - LFC:[MD5.849E40A172A4F6B115EB2605EC9CFD24] - 16/04/2011 - 08:45:02 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT   [292872]
O44 - LFC:[MD5.DFC565E821037C72788DA4EF7B522834] - 15/04/2011 - 09:14:50 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\deployJava1.dll   [472808]
O44 - LFC:[MD5.8F443F9726349802839C7C0D1C8C904F] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\java.exe   [145184]
O44 - LFC:[MD5.A27AD8C3D4F0518F3E59CA1C9C5C0D18] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\javaw.exe   [145184]
O44 - LFC:[MD5.47E0BEDC36A30141133728B604A8F11D] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\Windows\System32\javaws.exe   [157472]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll   [46080]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll   [34304]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll   [367104]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll   [294912]
O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/04/2011 - 18:10:08 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe   [238968]
O44 - LFC:[MD5.0439C6170F7F6355BB5275C9CAA6050F] - 14/04/2011 - 18:09:29 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr   [40648]
O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/04/2011 - 18:09:29 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe   [190016]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 14/04/2011 - 11:04:40 ---A- . (...) -- C:\Windows\SysNative\license.rtf   [53560]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 14/04/2011 - 11:04:40 ---A- . (...) -- C:\Windows\System32\license.rtf   [53560]



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys   [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys   [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys   [15440]
O58 - SDL:[MD5.EC7EBAB00A4D8448BAB68D1E49B4BEB9] - 11/03/2011 - 07:22:41 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys   [107904]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys   [194128]
O58 - SDL:[MD5.DB27766102C7BF7E95140A2AA81D042E] - 11/03/2011 - 07:22:40 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys   [27008]
O58 - SDL:[MD5.8655A2983A86D6675135B1FF6892055D] - 22/06/2010 - 06:07:24 ---A- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\system32\drivers\Apfiltr.sys   [304760]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys   [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys   [97856]
O58 - SDL:[MD5.F810E3EA3D1F3C3BA26F2F4719BDCA4F] - 23/02/2011 - 14:54:58 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys   [22360]
O58 - SDL:[MD5.3687FD9CEDF56D3B9F18923F4E14F3F9] - 23/02/2011 - 14:55:05 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys   [64344]
O58 - SDL:[MD5.E99E48596B35E5D5240104BCD61B3471] - 23/02/2011 - 14:55:13 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys   [31064]
O58 - SDL:[MD5.84AD8FB3FD2EFA52D8599A0028BBB6FE] - 23/02/2011 - 14:57:01 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys   [505176]
O58 - SDL:[MD5.8CBA6CC5DCA9E3829F1792BF98F06901] - 23/02/2011 - 14:57:04 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys   [280408]
O58 - SDL:[MD5.184248F2DED7B1641C7F3B30381BAA2A] - 23/02/2011 - 14:55:53 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys   [53592]
O58 - SDL:[MD5.FB7602C5C508BE281368AAE0B61B51C6] - 30/09/2009 - 17:34:32 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys   [121872]
O58 - SDL:[MD5.52679612D742BF74CA1BA6AB86DDF431] - 22/01/2010 - 18:13:24 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys   [6233088]
O58 - SDL:[MD5.414E0788920A8C856032BE2CBF29F984] - 22/01/2010 - 17:07:56 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys   [161280]
O58 - SDL:[MD5.52679612D742BF74CA1BA6AB86DDF431] - 22/01/2010 - 18:13:24 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys   [6233088]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys   [270848]
O58 - SDL:[MD5.E001DD475A7C27EBE5A0DB45C11BAD71] - 17/07/2009 - 17:06:00 ---A- . (.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver.) -- C:\Windows\system32\drivers\bcm42rly.sys   [22520]
O58 - SDL:[MD5.F4CD5F52850BF2C978DE178F256BA372] - 17/07/2009 - 17:06:00 ---A- . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\Windows\system32\drivers\BCMWL664.SYS   [2769400]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys   [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys   [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys   [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys   [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys   [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys   [14720]
O58 - SDL:[MD5.6BCFDC2B5B7F66D484486D4BD4B39A6B] - 01/07/2009 - 21:46:52 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\system32\drivers\btwaudio.sys   [98344]
O58 - SDL:[MD5.82DC8B7C626E526681C1BEBED2BC3FF9] - 01/07/2009 - 21:46:48 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\system32\drivers\btwavdt.sys   [132648]
O58 - SDL:[MD5.6149301DC3F81D6F9667A3FBAC410975] - 08/04/2009 - 00:33:08 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\system32\drivers\btwl2cap.sys   [35104]
O58 - SDL:[MD5.28E105AD3B79F440BF94780F507BF66A] - 01/07/2009 - 21:46:40 ---A- . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\system32\drivers\btwrchid.sys   [21160]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys   [468480]
O58 - SDL:[MD5.E02C9CDB15F13DE4EB2FF67660E62317] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) -- C:\Windows\system32\drivers\cfwids.sys   [62800]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys   [17488]
O58 - SDL:[MD5.4CE9F703D1DD69FB656D1953E9C88103] - 28/05/2009 - 17:49:00 ---A- . (.Creative Technology Ltd. - Advanced Audio FX Driver (64-bit).) -- C:\Windows\system32\drivers\CtAudDrv.sys   [224768]
O58 - SDL:[MD5.ED5CF92396A62F4C15110DCDB5E854D9] - 15/06/2009 - 20:06:42 ---A- . (.Creative Technology Ltd. - Video Class Upper Filter Driver (64-bit).) -- C:\Windows\system32\drivers\CtClsFlt.sys   [172704]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys   [3286016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.B6AC71AAA2B10848F57FC49D55A651AF] - 17/09/2009 - 20:54:00 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\system32\drivers\HECIx64.sys   [56344]
O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys   [77888]
O58 - SDL:[MD5.B75E45C564E944A2657167D197AB29DA] - 11/03/2011 - 07:23:00 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys   [410496]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys   [44112]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys   [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys   [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys   [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys   [115776]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys   [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys   [284736]
O58 - SDL:[MD5.C1556CA9695FCD6BBD23D75D402FD43D] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Access Protection Filter Driver.) -- C:\Windows\system32\drivers\mfeapfk.sys   [121248]
O58 - SDL:[MD5.8857EE8B49F3338FC1FAD476BFCCA146] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- C:\Windows\system32\drivers\mfeavfk.sys   [190136]
O58 - SDL:[MD5.9B090B2C6D84F4E392B3E5FF168929DA] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Driver Cleaning Driver.) -- C:\Windows\system32\drivers\mfeclnk.sys   [9984]
O58 - SDL:[MD5.19C44295F6BF085C83352D48397F7870] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- C:\Windows\system32\drivers\mfefirek.sys   [441328]
O58 - SDL:[MD5.5F915E20AB56121C41C6BF9A91A83BDA] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Link Driver.) -- C:\Windows\system32\drivers\mfehidk.sys   [529128]
O58 - SDL:[MD5.23AE332E32FF615CA5E5224C8D91AF11] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) -- C:\Windows\system32\drivers\mfenlfk.sys   [75032]
O58 - SDL:[MD5.9C7A9273E345F8D653394B5C542BF86A] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Code Analysis Driver.) -- C:\Windows\system32\drivers\mferkdet.sys   [94864]
O58 - SDL:[MD5.3140B2C56D7119BA314F68FC785683F0] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) -- C:\Windows\system32\drivers\mfewfpk.sys   [283360]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys   [51264]
O58 - SDL:[MD5.A4D9C9A608A97F59307C2F2600EDC6A4] - 11/03/2011 - 07:23:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys   [148352]
O58 - SDL:[MD5.6C1D5F70E7A6A3FD1C90D840EDC048B9] - 11/03/2011 - 07:23:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys   [166272]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys   [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys   [128592]
O58 - SDL:[MD5.3B01789EE4EAEE97F5EB46B711387D5E] - 20/08/2009 - 17:05:00 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys   [239616]
O58 - SDL:[MD5.697C927E0DE2ABAF1A5F455033F687CD] - 03/02/2010 - 02:36:58 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys   [2263584]
O58 - SDL:[MD5.502B316947EA887CDDD325D4745EB7D0] - 17/07/2009 - 04:14:00 ---A- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7.) -- C:\Windows\system32\drivers\RtsUStor.sys   [220672]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys   [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys   [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys   [80464]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys   [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys   [161872]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\atipmdag.sys - amdkmdag(amdkmdag)  .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWFSBLK.sys - (.not file.) - aswFsBlk (aswFsBlk)  .(...) - LEGACY_ASWFSBLK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\system32\drivers\aswMonFlt.sys - aswMonFlt(aswMonFlt)  .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr)  .(...) - LEGACY_ASWRDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSNX.sys - (.not file.) - aswSnx (aswSnx)  .(...) - LEGACY_ASWSNX
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSP.sys - (.not file.) - aswSP (aswSP)  .(...) - LEGACY_ASWSP
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi)  .(...) - LEGACY_ASWTDI
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\BCM42RLY.sys - BCM42RLY(BCM42RLY)  .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Pr.) - LEGACY_BCM42RLY
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep)  .(...) - LEGACY_BEEP
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\cfwids.sys - McAfee Inc. cfwids(cfwids)  .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat)  .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec)  .(...) - LEGACY_FS_REC
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfeapfk.sys - McAfee Inc. mfeapfk(mfeapfk)  .(.McAfee, Inc. - Access Protection Filter Driver.) - LEGACY_MFEAPFK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfeavfk.sys - McAfee Inc. mfeavfk(mfeavfk)  .(.McAfee, Inc. - Anti-Virus File System Filter Driver.) - LEGACY_MFEAVFK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfeavfk01)  .(...) - LEGACY_MFEAVFK01
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfeavfk02)  .(...) - LEGACY_MFEAVFK02
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfefirek.sys - McAfee Inc. mfefirek(mfefirek)  .(.McAfee, Inc. - McAfee Core Firewall Engine Driver.) - LEGACY_MFEFIREK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfefirek01)  .(...) - LEGACY_MFEFIREK01
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfehidk.sys - McAfee Inc. mfehidk(mfehidk)  .(.McAfee, Inc. - McAfee Link Driver.) - LEGACY_MFEHIDK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfehidk01)  .(...) - LEGACY_MFEHIDK01
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\mfenlfk.sys - McAfee NDIS Light Filter(mfenlfk)  .(.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - LEGACY_MFENLFK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mferkdet.sys - McAfee Inc. mferkdet(mferkdet)  .(.McAfee, Inc. - McAfee Code Analysis Driver.) - LEGACY_MFERKDET
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfewfpk.sys - McAfee Inc. mfewfpk(mfewfpk)  .(.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - LEGACY_MFEWFPK
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs)  .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy)  .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs)  .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs)  .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null)  .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv)  .(...) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr)  .(...) - LEGACY_SPLDR



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {5D4C9D53-3960-4BFA-B3B5-FE459A520A07} [DefaultScope] - (Google) - http://www.google.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.A8D666FCE8EFD0788FA0DF14FB3491B4] [SPRF] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amélie\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe   [885536]
[MD5.19CEE58DC4BD63D4AB21E3EC055EDF71] [SPRF] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\Amélie\AppData\Local\Temp\MSN83C2.exe   [468232]
[MD5.1CBD16E8E752F9E877206E66FAF23459] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Amélie\AppData\Local\Temp\rundll32 .exe   [1199104]
[MD5.86E0FC3A8107C10FCA5CF63AAB259A14] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Amélie\AppData\Local\Temp\sai8B13.exe   [20533281]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{D8567662-4CDF-4C1E-B096-E88DFA3A71AB}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{CE64FFB3-5E46-4F73-99F6-7389020FEF6E}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Mesh Operating Environment.) -- C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
O87 - FAEL: "{877B51E0-9EBB-440D-8154-66FB7637F3C6}" | In - Public - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{74058109-BC26-48B5-801A-01D9BC757B15}" | In - Public - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{B854901E-DDCE-4492-9B83-E12BF0DCEB7A}" | In - Private - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{44C03C6E-915A-4C65-83E6-B0340BF94440}" | In - Private - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe



---\\ Scan Additionnel (O88)
Database Version : 6367 - (28/04/2011)
Number of Keys Founds (Clés trouvées) : 56
Number of Directories Founds  (Dossiers trouvés) : 4

[HKCR\ClickPotatoLiteAx.Info]   =>Adware.ClickPotato
[HKCR\ClickPotatoLiteAx.Info.1]   =>Adware.ClickPotato
[HKCR\ClickPotatoLiteAX.UserProfiles]   =>Adware.ClickPotato
[HKCR\ClickPotatoLiteAX.UserProfiles.1]   =>Adware.ClickPotato
[HKCR\MenuButtonIE.ButtonIE]   =>Adware.ClickPotato
[HKCR\MenuButtonIE.ButtonIE.1]   =>Adware.ClickPotato
[HKLM\Software\Classes\clickpotatoliteax.info]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\clickpotatoliteax.info]   =>Adware.ClickPotato
[HKLM\Software\Classes\clickpotatoliteax.info.1]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\clickpotatoliteax.info.1]   =>Adware.ClickPotato
[HKLM\Software\Classes\clickpotatoliteax.userprofiles]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\clickpotatoliteax.userprofiles]   =>Adware.ClickPotato
[HKLM\Software\Classes\clickpotatoliteax.userprofiles.1]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\clickpotatoliteax.userprofiles.1]   =>Adware.ClickPotato
[HKLM\Software\Classes\MenuButtonIE.ButtonIE]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\MenuButtonIE.ButtonIE]   =>Adware.ClickPotato
[HKLM\Software\Classes\MenuButtonIE.ButtonIE.1]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\MenuButtonIE.ButtonIE.1]   =>Adware.ClickPotato
[HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}]   =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}]   =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}]   =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258c9770-1713-4021-8d7e-1f184a2bd754}]   =>Adware.SmartShopper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258c9770-1713-4021-8d7e-1f184a2bd754}]   =>Adware.SmartShopper
[HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}]   =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}]   =>Adware.ClickPotato
[HKCR\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}]   =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}]   =>Adware.ClickPotato
[HKCR\Interface\{618aad04-921f-44c2-be38-c0818af69861}]   =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{618aad04-921f-44c2-be38-c0818af69861}]   =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}]   =>Adware.Hotbar
[HKCR\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}]   =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}]   =>Adware.ClickPotato
[HKCR\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}]   =>Adware.ClickPotato
[HKLM\Software\Classes\Wow6432Node\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}]   =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}]   =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7}]   =>Adware.Softomate
[HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}]   =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}]   =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}]   =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}]   =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}]   =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}]   =>Adware.ClickPotato
[HKCR\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337}]   =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337}]   =>Adware.Hotbar
[HKCR\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}]   =>Adware.ClickPotato
[HKLM\Software\Classes\Wow6432Node\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}]   =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}]   =>Adware.ClickPotato
[HKCR\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKCR\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb}]   =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb}]   =>Adware.Hotbar
[HKLM\Software\ClickPotatoLite]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\ClickPotatoLite]   =>Adware.ClickPotato
[HKCU\Software\DC3_FEXEC]   =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA]   =>Adware.ClickPotato
C:\ProgramData\2aca5cc3-0f83-453d-a079-1076fe1a8b65   =>Adware.Seekmo
C:\ProgramData\ClickPotatoLiteSA   =>Adware.ClickPotato
C:\Users\Amélie\AppData\Roaming\ClickPotatoLite   =>Adware.ClickPotato
C:\Program Files (x86)\ClickPotatoLite   =>Adware.ClickPotato



---\\ Recherche détournement de DNS routeur (O89)
Serveur :   neufbox
Address:  192.168.1.1
Nom :    www.l.google.com
Addresses:  209.85.229.104
     209.85.229.147
     209.85.229.99
Aliases:  www.google.fr
     www.google.com



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 18/11/2009 0 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 23/02/2011 42184 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/08/2009 868128 |  (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 09/06/2009 155648 |  (DockLoginService) . (.Stardock Corporation.) - C:\Program Files\Dell\DellDock\DockLogin.exe
SR - | Auto 30/09/2009 268824 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/03/2010 355440 |  (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 07/10/2010 509416 |  (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 10/03/2010 355440 |  (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 13/10/2010 200056 |  (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 13/10/2010 245352 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SS - | Auto 13/10/2010 149032 |  (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
SR - | Auto 21/08/2010 689472 |  (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 21/05/2009 206064 |  (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
SR - | Auto 30/09/2009 2320920 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 17/07/2009 33280 |  (wltrysvc) . (...) - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Amélie at 28/04/2011 22:26:52

device: opened successfully
user: error reading MBR

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Amélie at 28/04/2011 22:26:54

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



End of the scan (963 lines in 00mn 55s)(0)


merci d'avance ! :oops:
Dernière édition par Ask to Old Man le 01 Mai 2011 08:45, édité 1 fois.
Raison: Sujet résolu. Titre actualisé.
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 


Re: VIRUS msn...

Message le 28 Avr 2011 21:58

Bonsoir Amélie et bienvenue sur PC-I !! :)

Tu est très infecter... Perdons pas de temps au boulot !

Télécharge puis installe :

Image Image par Marcin Kleczynski

*** Met-le à jour(très important ) , puis coche, "Exécuter un examen complet"

*** Si une infection est trouvée, coche la case à coté et valide avec l’Onglet Supprimer la sélection

*** Après la suppression , l'outil va surement te demander de redémarrer l'ordinateur -->accepte<--

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) ? cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.


Poste le rapport final.

Ps:Au cas ou tu n'a pas le rapport suite à une erreur de manipulation ; relance Malwarebytes puis rends toi dans l'onglet "rapports/Logs" selectionne le dernier puis Copier/Coller dans ta réponse ;)

Ensuite :::

Image • Télécharge AD-Remover (de C_XX) sur ton Bureau.
/!\ Déconnecte toi et ferme toutes les applications en cours /!\
• Double-clique sur l'icône AD-Remover
• Au menu principal, clique sur "Nettoyer"
• Confirme le lancement de l'analyse et laisse l'outil travailler
• Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-Clean.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Voila j'attends donc le rapport de : Malwarebytes et AD-REMOVER

Bonne soirée !! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS msn...

Message le 28 Avr 2011 22:01

merci, je fais tout ça de ce pas!
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 28 Avr 2011 22:05

Prend bien ton temps de bien lire les procédures... ;)
Je te laisse travailler....
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS msn...

Message le 28 Avr 2011 22:09

c'est en cours d'analyse, ça detecte deja 27 fichiers infectés !
je comprend pas ce pc n'a même pas encore 15jours!
mon antivirus est-il defectueux?
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 28 Avr 2011 22:21

Sa m'étonne pas ;)

Il peut être pas à jours ; puis tu à plusieurs antivirus et compagnies sur le pc....
Ensuite sa dépends aussi de ton surf , tu dois surement aller sur des sites qui faut pas ou même cliquer n'importe ou et sur n'importe quoi .. Il faut faire attention à ton surf...
Breff je vais t'expliquer tous cela en fin de désinfection et ainsi tu pourras me poser toutes les questions que tu veux ... :)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS msn...

Message le 28 Avr 2011 23:02

voila le 1er rapport :
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6467

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

28/04/2011 23:56:41
mbam-log-2011-04-28 (23-56-41).txt

Type d'examen: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Elément(s) analysé(s): 264050
Temps écoulé: 50 minute(s), 50 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 5400 -> Unloaded process successfully.
c:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> 5208 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Amélie\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Delete on reboot.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> Delete on reboot.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Amélie\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MN3LLMJ9\VLCSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
c:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 28 Avr 2011 23:10

et le second:
Code: Tout sélectionner
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 00:03:18 le 29/04/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium   (X64)
Amélie@AMÉLIE-PC (Dell Inc. Inspiron 1764)
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Clé supprimée: HKLM\Software\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Clé supprimée: HKLM\Software\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Clé supprimée: HKCU\Software\AppDataLow\Software\ShoppingReport2


============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0B11C30C-7149-4331-BE3C-BBC8C36AA091} - "?" (?)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Envoyer à Bluetooth" (c:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110414200035.dll)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 29/04/2011 00:03:26 (3006 Octet(s))

Fin à: 00:04:30, 29/04/2011
 
============== E.O.F ==============


merci encore
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 28 Avr 2011 23:15

Ok , impeccable :D

Tu peut relancer AD-REMOVER et le désinstaller

Nous allons effectuer un Scan avec NOD32

*** Scan en ligne -> Image

_->Cliquez sur le bouton Image

_->Accepter les conditions d’utilisation, pour cela, cochez la case « Oui, j’accepte les termes du contrat de licence »
_->Cliquez ensuite sur le bouton Start
_->Acceptez l’installation de l’ActiveX NOD32
_->Le téléchargement des définitions virales s’effectuent, cela peut prendre du temps selon la vitesse de connexion.
_->Cocher la case "Supprimer les menaces détectées"
_->Clique sur le bouton Démarrer pour lancer le scan
_->Le scan du PC se lance, les menaces détectées apparaissent dans la liste en dessous de la barre de progression.
_->Laissez l’analyse s’effectuer entièrement
_->Cliquer sur le bouton « liste des menaces » permettant d’exporter la liste dans un fichier texte
_->Enregistrer celui-ci sur votre bureau par exemple

Poste moi le rapport ;)

Puis peut tu me refaire un ZHPDiag comme tu la fais la première fois stp...

Merci , Je vais au lit .
Je regarderais les rapports demain ainsi je te donnerais le reste de la procédure si tu à fais se que j'ai demander... ;)

Bonne nuit
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS msn...

Message le 28 Avr 2011 23:22

merci, bonne nuit, je posterai tout ca demain :)
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 29 Avr 2011 08:33

Bonjour !
voila le rapport de NOD32:
Code: Tout sélectionner
C:\Users\Amélie\AppData\Local\Temp\rundll32 .exe   une variante de MSIL/Kryptik.H cheval de troie   nettoyé par suppression - mis en quarantaine
C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe   une variante de MSIL/Kryptik.H cheval de troie   nettoyé par suppression - mis en quarantaine



et voila le nouveau rapport de ZHP :
Code: Tout sélectionner
Rapport de ZHPDiag v1.27.193 par Nicolas Coolman, Update du 28/04/2011
Run by Amélie at 29/04/2011 09:16:31
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3956 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 109 GB (75%) free of 145 GB

---\\ Logged in mode
Computer Name: AMÉLIE-PC
User Name: Amélie
All Users Names: Amélie, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=
%LocalAppData%=
%StartMenu%=

---\\ DOS/Devices
A:\ Hard drive, Flash drive, Thumb drive (Free 137 Go of 138 Go)
C:\ Hard drive, Flash drive, Thumb drive (Free 109 Go of 145 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK



---\\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/04/2011 08:55:33.) -- C:\Windows\system32\wininet.dll [1126912]



---\\ Processus lancés
[MD5.80B62FF105908EC9E4B072AFB1CFC824] - (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe   [409744]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe   [11322880]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin   [11314688]
[MD5.0647EF247A5D0402E74FE89F5F6A8A11] - (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe   [498160]
[MD5.00D1FB0073B4A8BD2989EA8FF4CC792B] - (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe   [206064]
[MD5.2E9A1A6555C20424FC6DCC3AF21F4D68] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3451496]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [249064]
[MD5.59E2A529D9ABCFA2024153A05FE693A1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Users\Amélie\Desktop\ZHPDiag\ZHPDiag.exe   [644608]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110414200035.dll
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [DellSupportCenter] . (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-989431337-3330428235-1482280456-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (...)  -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk . (...)  -- C:\Program Files (x86)\Dell\DellDock\DellDock.exe (.not file.)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk . (...)  -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amélie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F74FE1-7DF0-4BD0-ADBD-53EEC3AECA80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CS1\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CS2\Services\Tcpip\..\{9998D264-2E5E-462F-8965-A436B55CF794}: DhcpDomain = CD-DL.TEST
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service:  (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service:  (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service:  (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service:  (DockLoginService) . (.Stardock Corporation - Dock Login Service.) - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service:  (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service:  (McMPFSvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service:  (mcmscsvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McNaiAnn) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McNASvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McODS) . (.McAfee, Inc. - McAfee VirusScan On-Demand Scan.) - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service:  (McOobeSv) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McProxy) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service:  (McShield) . (.McAfee, Inc. - McAfee On-Access Scanner service.) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
O23 - Service:  (mfefire) . (.McAfee, Inc. - McAfee Core Firewall Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service:  (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service:  (SftService) . (.SoftThinks SAS - SoftThinks Agent Service.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service:  (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc. - SupportSoft Agent Service.) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service:  (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service:  (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe
O23 - Service:  (wltrysvc) . (...) - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)



---\\ Tâches planifiées en automatique (O39)
[MD5.1F83CB91A9830038DBE7CD1BA1921205] [APT] [Administrator - Start WLAN Tray Applet] (.Dell Inc..) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (mfenlfk) . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - C:\Windows\System32\DRIVERS\mfenlfk.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver:  (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM][64Bits] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Photoshop CS5 Portable - (.Adobe.) [HKLM][64Bits] -- {61172A5D-60AA-43BE-958F-90451024E768}_is1
O42 - Logiciel: Adobe Reader 9.1.2 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A91000000001}
O42 - Logiciel: Advanced Audio FX Engine - (.Creative Technology Ltd.) [HKLM][64Bits] -- Advanced Audio FX Engine
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {71E015CC-52DA-4536-AF0C-C643BA1E45FB}
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dell DataSafe Local Backup - (.Dell.) [HKLM][64Bits] -- {0ED7EE95-6A97-47AA-AD73-152C08A15B04}
O42 - Logiciel: Dell Dock - (.Stardock Corporation.) [HKLM][64Bits] -- Dell Dock
O42 - Logiciel: Dell Edoc Viewer - (.Dell Inc.) [HKLM] -- {8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}
O42 - Logiciel: Dell Support Center (Logiciel de support) - (.Dell.) [HKLM][64Bits] -- {E3BFEE55-39E2-4BE0-B966-89FE583822C1}
O42 - Logiciel: Dell Touchpad - (.ALPS ELECTRIC CO., LTD..) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}
O42 - Logiciel: Dell Webcam Central - (.Creative Technology Ltd.) [HKLM][64Bits] -- Dell Webcam Central
O42 - Logiciel: Dell Wireless WLAN Card Utility - (.Dell Inc..) [HKLM] -- Dell Wireless WLAN Card Utility
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Java(TM) 6 Update 22 (64-bit) - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F86416022FF}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: Live! Cam Avatar Creator - (.Creative Technology Ltd.) [HKLM][64Bits] -- {65D0C510-D7B6-4438-9FC8-E6B91115AB0D}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: McAfee Security Center - (.McAfee, Inc..) [HKLM][64Bits] -- MSC
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM][64Bits] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: O42 - Logiciel: eBay - (.eBay Inc..) [HKLM][64Bits] -- {A8B88634-7F90-402F-B66A-86429755F6A5} - (.Pas de propriétaire.) [HKLM][64Bits] -- {A9668246-FB70-4103-A1E3-66C9BC2EFB49}
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM][64Bits] -- {05653DE1-6567-40C6-B930-39D399B64369}
O42 - Logiciel: Quickset64 - (.Dell Inc..) [HKLM] -- {87CF757E-C1F1-4D22-865C-00C6950B5258}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Roxio Burn - (.Roxio.) [HKLM][64Bits] -- {A33E7B0C-B99C-4EC9-B702-8A328B161AF9}
O42 - Logiciel: Roxio Burn - (.Roxio.) [HKLM][64Bits] -- {B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
O42 - Logiciel: VLC media player 1.1.9 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: WIDCOMM Bluetooth Software - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: [HKLM\Software\DirectDrawEx] - (.Pas de propriétaire.) [HKLM][64Bits] -- ESET Online Scanner
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: eBay - (.eBay Inc..) [HKLM][64Bits] -- {A8B88634-7F90-402F-B66A-86429755F6A5}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Alps]
[HKCU\Software\AppDataLow\LastScanTime]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Broadcom]
[HKCU\Software\Brother]
[HKCU\Software\Classes]
[HKCU\Software\Creative Tech]
[HKCU\Software\DC3_FEXEC]
[HKCU\Software\Dell]
[HKCU\Software\ESET]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\McAfee]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Softonic]
[HKCU\Software\SupportSoft]
[HKCU\Software\Widcomm]
[HKCU\Software\Wow6432Node]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\Alps]
[HKLM\Software\BcmSetup]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Creative]
[HKLM\Software\DELL]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\Dell]
[HKLM\Software\Eset]
[HKLM\Software\Google]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\McAfee]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\SRS Labs]
[HKLM\Software\SoftThinks]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\SupportSoft]
[HKLM\Software\VideoLAN]
[HKLM\Software\Widcomm]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/04/2011 - 19:09:26 - [169767459] ----D- C:\Program Files\AVAST Software
O43 - CFD: 30/01/2011 - 06:27:40 - [103444714] ----D- C:\Program Files\Common Files
O43 - CFD: 30/01/2011 - 06:22:56 - [45260949] ----D- C:\Program Files\Dell
O43 - CFD: 30/01/2011 - 06:00:48 - [14167234] ----D- C:\Program Files\Dell Inc
O43 - CFD: 30/01/2011 - 07:49:54 - [17507100] ----D- C:\Program Files\DellTPad
O43 - CFD: 14/07/2009 - 17:35:28 - [90257428] ----D- C:\Program Files\DVD Maker
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 16/04/2011 - 09:58:24 - [6202240] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 30/01/2011 - 06:00:38 - [80648844] ----D- C:\Program Files\Java
O43 - CFD: 30/01/2011 - 06:28:42 - [229912555] ----D- C:\Program Files\mcafee
O43 - CFD: 30/01/2011 - 06:27:38 - [2505805] ----D- C:\Program Files\mcafee.com
O43 - CFD: 14/07/2009 - 17:35:26 - [149236786] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 29/01/2011 - 22:53:54 - [12692992] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [36253865] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 30/01/2011 - 06:04:50 - [148002168] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 14/07/2009 - 17:24:10 - [4039168] ----D- C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 17:35:28 - [9224824] ----D- C:\Program Files\Windows Journal
O43 - CFD: 30/01/2011 - 06:16:54 - [7755583] ----D- C:\Program Files\Windows Live
O43 - CFD: 16/04/2011 - 09:43:44 - [6667264] ----D- C:\Program Files\Windows Mail
O43 - CFD: 30/01/2011 - 07:49:16 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/04/2011 - 13:20:32 - [12627124] ----D- C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 17:24:10 - [5516568] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 17:24:10 - [7191662] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 30/01/2011 - 06:27:40 - [30856659] ----D- C:\Program Files\Common Files\mcafee
O43 - CFD: 15/04/2011 - 10:10:24 - [59966614] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 17:24:10 - [12009971] ----D- C:\Program Files\Common Files\System
O43 - CFD: 30/01/2011 - 06:21:28 - [769] ----D- C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 30/01/2011 - 06:41:46 - [188] ----D- C:\ProgramData\ATI
O43 - CFD: 14/04/2011 - 19:09:26 - [6707315] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 14/04/2011 - 14:29:00 - [11402] ----D- C:\ProgramData\Creative
O43 - CFD: 14/04/2011 - 13:27:12 - [1722756] ----D- C:\ProgramData\Dell
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 30/01/2011 - 06:33:08 - [3552773] ----D- C:\ProgramData\Macrovision
O43 - CFD: 28/04/2011 - 23:02:30 - [6609893] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 14/04/2011 - 14:28:10 - [32535119] ----D- C:\ProgramData\McAfee
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 14/04/2011 - 21:11:06 - [1236697878] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 14/04/2011 - 13:20:32 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 30/01/2011 - 06:22:42 - [0] ----D- C:\ProgramData\PCDr
O43 - CFD: 30/01/2011 - 06:33:16 - [5785] ----D- C:\ProgramData\Sonic
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 30/01/2011 - 06:00:22 - [189] ----D- C:\ProgramData\Sun
O43 - CFD: 30/01/2011 - 06:22:44 - [6256611] ----D- C:\ProgramData\SupportSoft
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 30/01/2011 - 06:33:20 - [11492018] ----D- C:\ProgramData\Uninstall
O43 - CFD: 29/04/2011 - 09:16:24 - [7808246] -S--D- C:\Users\Amélie\AppData\Roaming\Microsoft
O43 - CFD: 27/04/2011 - 21:28:56 - [2501312] ----D- C:\Users\Amélie\AppData\Roaming\Adobe
O43 - CFD: 14/04/2011 - 13:27:40 - [0] ----D- C:\Users\Amélie\AppData\Roaming\ATI
O43 - CFD: 21/04/2011 - 17:23:50 - [0] R---D- C:\Users\Amélie\AppData\Roaming\Brother
O43 - CFD: 14/04/2011 - 14:29:00 - [402] ----D- C:\Users\Amélie\AppData\Roaming\Creative
O43 - CFD: 14/04/2011 - 13:27:56 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Dell
O43 - CFD: 14/04/2011 - 13:26:58 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Identities
O43 - CFD: 14/04/2011 - 13:50:02 - [5559] ----D- C:\Users\Amélie\AppData\Roaming\Macromedia
O43 - CFD: 28/04/2011 - 23:02:48 - [6175085] ----D- C:\Users\Amélie\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 17:35:06 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Media Center Programs
O43 - CFD: 15/04/2011 - 22:55:30 - [1508390] ----D- C:\Users\Amélie\AppData\Roaming\OpenOffice.org
O43 - CFD: 14/04/2011 - 13:27:42 - [0] ----D- C:\Users\Amélie\AppData\Roaming\Roxio
O43 - CFD: 22/04/2011 - 13:00:54 - [429165797] ----D- C:\Users\Amélie\Appdata\Local\Microsoft
O43 - CFD: 27/04/2011 - 22:16:34 - [184997] ----D- C:\Users\Amélie\Appdata\Local\Adobe
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Application Data
O43 - CFD: 14/04/2011 - 13:27:40 - [59950] ----D- C:\Users\Amélie\Appdata\Local\ATI
O43 - CFD: 14/04/2011 - 13:27:40 - [0] ----D- C:\Users\Amélie\Appdata\Local\Broadcom
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Historique
O43 - CFD: 28/04/2011 - 23:58:58 - [2026] ----D- C:\Users\Amélie\Appdata\Local\SoftThinks
O43 - CFD: 14/04/2011 - 13:27:46 - [325] ----D- C:\Users\Amélie\Appdata\Local\Stardock_Corporation
O43 - CFD: 14/04/2011 - 13:27:38 - [4301776] ----D- C:\Users\Amélie\Appdata\Local\SupportSoft
O43 - CFD: 29/04/2011 - 09:16:26 - [30378973] ----D- C:\Users\Amélie\Appdata\Local\Temp
O43 - CFD: 14/04/2011 - 13:20:42 - [0] -SH-D- C:\Users\Amélie\Appdata\Local\Temporary Internet Files
O43 - CFD: 16/04/2011 - 09:49:06 - [300318] ----D- C:\Users\Amélie\Appdata\Local\VirtualStore
O43 - CFD: 28/04/2011 - 22:31:38 - [45056] ----D- C:\Users\Amélie\Appdata\Local\Windows Live
O43 - CFD: 27/04/2011 - 21:27:30 - [633785912] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 30/01/2011 - 06:03:12 - [86040640] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 30/01/2011 - 06:07:42 - [3598306] ----D- C:\Program Files (x86)\Cisco
O43 - CFD: 15/04/2011 - 09:07:38 - [329182313] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 30/01/2011 - 06:09:38 - [14953390] ----D- C:\Program Files (x86)\Creative
O43 - CFD: 30/01/2011 - 06:08:38 - [114688] ----D- C:\Program Files (x86)\Creative Live! Cam
O43 - CFD: 28/04/2011 - 23:59:22 - [219050638] ----D- C:\Program Files (x86)\Dell DataSafe Local Backup
O43 - CFD: 30/01/2011 - 06:22:34 - [105421026] ----D- C:\Program Files (x86)\Dell Support Center
O43 - CFD: 30/01/2011 - 06:09:30 - [264797136] ----D- C:\Program Files (x86)\Dell Webcam
O43 - CFD: 30/01/2011 - 06:27:36 - [934781] ----D- C:\Program Files (x86)\eBay
O43 - CFD: 29/04/2011 - 00:18:24 - [111269438] ----D- C:\Program Files (x86)\ESET
O43 - CFD: 30/01/2011 - 06:29:58 - [20261272] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 30/01/2011 - 06:08:08 - [12901959] ----D- C:\Program Files (x86)\Intel
O43 - CFD: 16/04/2011 - 09:58:24 - [5154168] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 15/04/2011 - 10:14:34 - [180805475] ----D- C:\Program Files (x86)\Java
O43 - CFD: 14/04/2011 - 13:20:48 - [432909] ----D- C:\Program Files (x86)\McAfee
O43 - CFD: 30/01/2011 - 06:27:40 - [428064] ----D- C:\Program Files (x86)\mcafee.com
O43 - CFD: 14/04/2011 - 13:52:32 - [0] ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 30/01/2011 - 06:32:26 - [6423243] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 21/04/2011 - 09:07:04 - [38388859] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 30/01/2011 - 06:17:54 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 16/04/2011 - 09:52:02 - [15715] ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 15/04/2011 - 10:15:38 - [370627109] ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD: 14/07/2009 - 07:32:40 - [38597377] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 30/01/2011 - 06:33:06 - [13525265] ----D- C:\Program Files (x86)\Roxio
O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 26/04/2011 - 23:20:22 - [82679395] ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 14/07/2009 - 17:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 16/04/2011 - 02:18:22 - [177028360] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 16/04/2011 - 09:43:42 - [6180864] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 30/01/2011 - 07:49:16 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 14/07/2009 - 17:24:10 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 14/07/2009 - 17:24:10 - [5994114] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 27/04/2011 - 21:28:12 - [4605470] ----D- C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 30/01/2011 - 06:01:48 - [3668633] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 15/04/2011 - 09:07:38 - [1247175] ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 30/01/2011 - 06:28:42 - [3653351] ----D- C:\Program Files (x86)\Common Files\mcafee
O43 - CFD: 30/01/2011 - 06:30:36 - [21191290] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 30/01/2011 - 06:08:10 - [166332] ----D- C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 30/01/2011 - 06:33:08 - [305088] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 30/01/2011 - 06:09:32 - [4221400] ----D- C:\Program Files (x86)\Common Files\Reallusion
O43 - CFD: 30/01/2011 - 06:33:08 - [6470778] ----D- C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 30/01/2011 - 06:33:08 - [372019] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 30/01/2011 - 06:22:28 - [7526487] ----D- C:\Program Files (x86)\Common Files\supportsoft
O43 - CFD: 14/07/2009 - 17:24:10 - [10102259] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 30/01/2011 - 06:11:34 - [224545546] ----D- C:\Program Files (x86)\Common Files\Windows Live



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A10FEA3276813E1C44C50D4826F73C3A] - 29/04/2011 - 08:15:27 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [14240]
O44 - LFC:[MD5.A10FEA3276813E1C44C50D4826F73C3A] - 29/04/2011 - 08:15:27 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [14240]
O44 - LFC:[MD5.210000000000000000000000A8EF1800] - 29/04/2011 - 08:11:51 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [2049277]
O44 - LFC:[MD5.55B2CE80799C75C4D16090A7BBA719C2] - 29/04/2011 - 08:07:41 ---A- . (...) -- C:\Windows\setupact.log   [22903]
O44 - LFC:[MD5.F86146514B5F971B90159A27CAEE277A] - 29/04/2011 - 08:07:40 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]
O44 - LFC:[MD5.1DE395856BFEE5BED1548973063E5FE7] - 28/04/2011 - 22:58:21 ---A- . (...) -- C:\Windows\PFRO.log   [13786]
O44 - LFC:[MD5.1D7BA9095309BF00DBC4FEDBF7FFC832] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI   [1549700]
O44 - LFC:[MD5.E86C11FB6B5D2F257F8DC4196B208976] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat   [106388]
O44 - LFC:[MD5.32E6A5139968E5B59E31034FE9B7994C] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat   [130754]
O44 - LFC:[MD5.214E528064ECE0F3F26F77F36BD4D3C8] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat   [616008]
O44 - LFC:[MD5.54EED1F3AEFF9B9D27AD10AA205DFC97] - 28/04/2011 - 17:30:55 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat   [704480]
O44 - LFC:[MD5.C6D9924A98FFF222C3EFB48B18FF944C] - 21/04/2011 - 16:22:35 ---A- . (...) -- C:\Windows\BRPP2KA.INI   [27]
O44 - LFC:[MD5.96AB5888BC087FACFDB69D0956738724] - 21/04/2011 - 16:22:35 ---A- . (...) -- C:\Windows\BRWMARK.INI   [434]
O44 - LFC:[MD5.446C0D7AA4BA022B43BA37E78A40105B] - 16/04/2011 - 08:58:04 ---A- . (...) -- C:\Windows\IE9_main.log   [4679]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 16/04/2011 - 08:55:30 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [72822]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 16/04/2011 - 08:55:22 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf   [72822]
O44 - LFC:[MD5.849E40A172A4F6B115EB2605EC9CFD24] - 16/04/2011 - 08:45:02 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT   [292872]
O44 - LFC:[MD5.DFC565E821037C72788DA4EF7B522834] - 15/04/2011 - 09:14:50 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\deployJava1.dll   [472808]
O44 - LFC:[MD5.8F443F9726349802839C7C0D1C8C904F] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\java.exe   [145184]
O44 - LFC:[MD5.A27AD8C3D4F0518F3E59CA1C9C5C0D18] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\javaw.exe   [145184]
O44 - LFC:[MD5.47E0BEDC36A30141133728B604A8F11D] - 15/04/2011 - 09:14:49 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\Windows\System32\javaws.exe   [157472]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll   [46080]
O44 - LFC:[MD5.8BD25A34DA5E53AE115977DD1E15AB3C] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll   [34304]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll   [367104]
O44 - LFC:[MD5.EFC5353E4F513DEF55ED7B7872363957] - 15/04/2011 - 08:12:40 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll   [294912]
O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/04/2011 - 18:10:08 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe   [238968]
O44 - LFC:[MD5.0439C6170F7F6355BB5275C9CAA6050F] - 14/04/2011 - 18:09:29 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr   [40648]
O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/04/2011 - 18:09:29 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe   [190016]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 14/04/2011 - 11:04:40 ---A- . (...) -- C:\Windows\SysNative\license.rtf   [53560]
O44 - LFC:[MD5.EDCB1DFDE6D5935856EB25517B633DAC] - 14/04/2011 - 11:04:40 ---A- . (...) -- C:\Windows\System32\license.rtf   [53560]



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys   [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys   [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys   [15440]
O58 - SDL:[MD5.EC7EBAB00A4D8448BAB68D1E49B4BEB9] - 11/03/2011 - 07:22:41 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys   [107904]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys   [194128]
O58 - SDL:[MD5.DB27766102C7BF7E95140A2AA81D042E] - 11/03/2011 - 07:22:40 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys   [27008]
O58 - SDL:[MD5.8655A2983A86D6675135B1FF6892055D] - 22/06/2010 - 06:07:24 ---A- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\system32\drivers\Apfiltr.sys   [304760]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys   [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys   [97856]
O58 - SDL:[MD5.F810E3EA3D1F3C3BA26F2F4719BDCA4F] - 23/02/2011 - 14:54:58 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys   [22360]
O58 - SDL:[MD5.3687FD9CEDF56D3B9F18923F4E14F3F9] - 23/02/2011 - 14:55:05 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys   [64344]
O58 - SDL:[MD5.E99E48596B35E5D5240104BCD61B3471] - 23/02/2011 - 14:55:13 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys   [31064]
O58 - SDL:[MD5.84AD8FB3FD2EFA52D8599A0028BBB6FE] - 23/02/2011 - 14:57:01 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys   [505176]
O58 - SDL:[MD5.8CBA6CC5DCA9E3829F1792BF98F06901] - 23/02/2011 - 14:57:04 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys   [280408]
O58 - SDL:[MD5.184248F2DED7B1641C7F3B30381BAA2A] - 23/02/2011 - 14:55:53 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys   [53592]
O58 - SDL:[MD5.FB7602C5C508BE281368AAE0B61B51C6] - 30/09/2009 - 17:34:32 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys   [121872]
O58 - SDL:[MD5.52679612D742BF74CA1BA6AB86DDF431] - 22/01/2010 - 18:13:24 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys   [6233088]
O58 - SDL:[MD5.414E0788920A8C856032BE2CBF29F984] - 22/01/2010 - 17:07:56 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys   [161280]
O58 - SDL:[MD5.52679612D742BF74CA1BA6AB86DDF431] - 22/01/2010 - 18:13:24 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys   [6233088]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys   [270848]
O58 - SDL:[MD5.E001DD475A7C27EBE5A0DB45C11BAD71] - 17/07/2009 - 17:06:00 ---A- . (.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver.) -- C:\Windows\system32\drivers\bcm42rly.sys   [22520]
O58 - SDL:[MD5.F4CD5F52850BF2C978DE178F256BA372] - 17/07/2009 - 17:06:00 ---A- . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\Windows\system32\drivers\BCMWL664.SYS   [2769400]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys   [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys   [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys   [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys   [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys   [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys   [14720]
O58 - SDL:[MD5.6BCFDC2B5B7F66D484486D4BD4B39A6B] - 01/07/2009 - 21:46:52 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\system32\drivers\btwaudio.sys   [98344]
O58 - SDL:[MD5.82DC8B7C626E526681C1BEBED2BC3FF9] - 01/07/2009 - 21:46:48 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\system32\drivers\btwavdt.sys   [132648]
O58 - SDL:[MD5.6149301DC3F81D6F9667A3FBAC410975] - 08/04/2009 - 00:33:08 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\system32\drivers\btwl2cap.sys   [35104]
O58 - SDL:[MD5.28E105AD3B79F440BF94780F507BF66A] - 01/07/2009 - 21:46:40 ---A- . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\system32\drivers\btwrchid.sys   [21160]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys   [468480]
O58 - SDL:[MD5.E02C9CDB15F13DE4EB2FF67660E62317] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) -- C:\Windows\system32\drivers\cfwids.sys   [62800]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys   [17488]
O58 - SDL:[MD5.4CE9F703D1DD69FB656D1953E9C88103] - 28/05/2009 - 17:49:00 ---A- . (.Creative Technology Ltd. - Advanced Audio FX Driver (64-bit).) -- C:\Windows\system32\drivers\CtAudDrv.sys   [224768]
O58 - SDL:[MD5.ED5CF92396A62F4C15110DCDB5E854D9] - 15/06/2009 - 20:06:42 ---A- . (.Creative Technology Ltd. - Video Class Upper Filter Driver (64-bit).) -- C:\Windows\system32\drivers\CtClsFlt.sys   [172704]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys   [3286016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.B6AC71AAA2B10848F57FC49D55A651AF] - 17/09/2009 - 20:54:00 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\system32\drivers\HECIx64.sys   [56344]
O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys   [77888]
O58 - SDL:[MD5.B75E45C564E944A2657167D197AB29DA] - 11/03/2011 - 07:23:00 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys   [410496]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys   [44112]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys   [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys   [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys   [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys   [115776]
O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20/12/2010 - 17:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys   [24152]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys   [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys   [284736]
O58 - SDL:[MD5.C1556CA9695FCD6BBD23D75D402FD43D] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Access Protection Filter Driver.) -- C:\Windows\system32\drivers\mfeapfk.sys   [121248]
O58 - SDL:[MD5.8857EE8B49F3338FC1FAD476BFCCA146] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- C:\Windows\system32\drivers\mfeavfk.sys   [190136]
O58 - SDL:[MD5.9B090B2C6D84F4E392B3E5FF168929DA] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Driver Cleaning Driver.) -- C:\Windows\system32\drivers\mfeclnk.sys   [9984]
O58 - SDL:[MD5.19C44295F6BF085C83352D48397F7870] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- C:\Windows\system32\drivers\mfefirek.sys   [441328]
O58 - SDL:[MD5.5F915E20AB56121C41C6BF9A91A83BDA] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Link Driver.) -- C:\Windows\system32\drivers\mfehidk.sys   [529128]
O58 - SDL:[MD5.23AE332E32FF615CA5E5224C8D91AF11] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) -- C:\Windows\system32\drivers\mfenlfk.sys   [75032]
O58 - SDL:[MD5.9C7A9273E345F8D653394B5C542BF86A] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - McAfee Code Analysis Driver.) -- C:\Windows\system32\drivers\mferkdet.sys   [94864]
O58 - SDL:[MD5.3140B2C56D7119BA314F68FC785683F0] - 13/10/2010 - 21:28:54 ---A- . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) -- C:\Windows\system32\drivers\mfewfpk.sys   [283360]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys   [51264]
O58 - SDL:[MD5.A4D9C9A608A97F59307C2F2600EDC6A4] - 11/03/2011 - 07:23:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys   [148352]
O58 - SDL:[MD5.6C1D5F70E7A6A3FD1C90D840EDC048B9] - 11/03/2011 - 07:23:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys   [166272]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys   [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys   [128592]
O58 - SDL:[MD5.3B01789EE4EAEE97F5EB46B711387D5E] - 20/08/2009 - 17:05:00 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys   [239616]
O58 - SDL:[MD5.697C927E0DE2ABAF1A5F455033F687CD] - 03/02/2010 - 02:36:58 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys   [2263584]
O58 - SDL:[MD5.502B316947EA887CDDD325D4745EB7D0] - 17/07/2009 - 04:14:00 ---A- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7.) -- C:\Windows\system32\drivers\RtsUStor.sys   [220672]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys   [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys   [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys   [80464]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys   [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys   [161872]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 17:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys   [38224]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\atipmdag.sys - amdkmdag(amdkmdag)  .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWFSBLK.sys - (.not file.) - aswFsBlk (aswFsBlk)  .(...) - LEGACY_ASWFSBLK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\system32\drivers\aswMonFlt.sys - aswMonFlt(aswMonFlt)  .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr)  .(...) - LEGACY_ASWRDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSNX.sys - (.not file.) - aswSnx (aswSnx)  .(...) - LEGACY_ASWSNX
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSP.sys - (.not file.) - aswSP (aswSP)  .(...) - LEGACY_ASWSP
O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi)  .(...) - LEGACY_ASWTDI
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\BCM42RLY.sys - BCM42RLY(BCM42RLY)  .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Pr.) - LEGACY_BCM42RLY
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep)  .(...) - LEGACY_BEEP
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\cfwids.sys - McAfee Inc. cfwids(cfwids)  .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat)  .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec)  .(...) - LEGACY_FS_REC
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfeapfk.sys - McAfee Inc. mfeapfk(mfeapfk)  .(.McAfee, Inc. - Access Protection Filter Driver.) - LEGACY_MFEAPFK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfeavfk.sys - McAfee Inc. mfeavfk(mfeavfk)  .(.McAfee, Inc. - Anti-Virus File System Filter Driver.) - LEGACY_MFEAVFK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfeavfk01)  .(...) - LEGACY_MFEAVFK01
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfeavfk02)  .(...) - LEGACY_MFEAVFK02
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfefirek.sys - McAfee Inc. mfefirek(mfefirek)  .(.McAfee, Inc. - McAfee Core Firewall Engine Driver.) - LEGACY_MFEFIREK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfefirek01)  .(...) - LEGACY_MFEFIREK01
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfehidk.sys - McAfee Inc. mfehidk(mfehidk)  .(.McAfee, Inc. - McAfee Link Driver.) - LEGACY_MFEHIDK
O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfehidk01)  .(...) - LEGACY_MFEHIDK01
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\mfenlfk.sys - McAfee NDIS Light Filter(mfenlfk)  .(.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - LEGACY_MFENLFK
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mferkdet.sys - McAfee Inc. mferkdet(mferkdet)  .(.McAfee, Inc. - McAfee Code Analysis Driver.) - LEGACY_MFERKDET
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\drivers\mfewfpk.sys - McAfee Inc. mfewfpk(mfewfpk)  .(.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - LEGACY_MFEWFPK
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs)  .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy)  .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs)  .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs)  .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null)  .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv)  .(...) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr)  .(...) - LEGACY_SPLDR



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0B11C30C-7149-4331-BE3C-BBC8C36AA091} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {5D4C9D53-3960-4BFA-B3B5-FE459A520A07} [DefaultScope] - (Google) - http://www.google.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.A8D666FCE8EFD0788FA0DF14FB3491B4] [SPRF] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amélie\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe   [885536]
[MD5.19CEE58DC4BD63D4AB21E3EC055EDF71] [SPRF] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\Amélie\AppData\Local\Temp\MSN83C2.exe   [468232]
[MD5.86E0FC3A8107C10FCA5CF63AAB259A14] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Amélie\AppData\Local\Temp\sai8B13.exe   [20533281]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{D8567662-4CDF-4C1E-B096-E88DFA3A71AB}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{CE64FFB3-5E46-4F73-99F6-7389020FEF6E}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Mesh Operating Environment.) -- C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
O87 - FAEL: "{877B51E0-9EBB-440D-8154-66FB7637F3C6}" | In - Public - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{74058109-BC26-48B5-801A-01D9BC757B15}" | In - Public - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{B854901E-DDCE-4492-9B83-E12BF0DCEB7A}" | In - Private - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
O87 - FAEL: "{44C03C6E-915A-4C65-83E6-B0340BF94440}" | In - Private - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe



---\\ Scan Additionnel (O88)
Database Version : 6502 - (28/04/2011)
Number of Keys Founds (Clés trouvées) : 4
Number of Directories Founds  (Dossiers trouvés) : 0

[HKCR\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]   =>Adware.ClickPotato
[HKCU\Software\DC3_FEXEC]   =>



---\\ Recherche détournement de DNS routeur (O89)
Serveur :   neufbox
Address:  192.168.1.1
Nom :    www.l.google.com
Addresses:  209.85.229.147
     209.85.229.99
     209.85.229.104
Aliases:  www.google.fr
     www.google.com



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 18/11/2009 0 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 23/02/2011 42184 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/08/2009 868128 |  (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 09/06/2009 155648 |  (DockLoginService) . (.Stardock Corporation.) - C:\Program Files\Dell\DellDock\DockLogin.exe
SR - | Auto 30/09/2009 268824 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/03/2010 355440 |  (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 07/10/2010 509416 |  (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 10/03/2010 355440 |  (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 13/10/2010 200056 |  (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 13/10/2010 245352 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SS - | Auto 13/10/2010 149032 |  (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
SR - | Auto 21/08/2010 689472 |  (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 21/05/2009 206064 |  (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
SR - | Auto 30/09/2009 2320920 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 17/07/2009 33280 |  (wltrysvc) . (...) - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Amélie at 29/04/2011 09:18:22

device: opened successfully
user: error reading MBR

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Amélie at 29/04/2011 09:18:24

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



End of the scan (895 lines in 01mn 52s)(0)
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 29 Avr 2011 09:41

Bonjour , :)


***Dans "Programmes" tu as ZHPDiag , cliques dessus pour le lancer
Lorsque la fenêtre de l'interface sera ouverte clique sur cette icône --> Image
Une nouvelle interface va se présenter (tu seras sur ZHPFix), dans celle-ci applique cette procédure :

• Dans la fenêtre d'application (blanche et vierge) copie et colle ceci dedans :

[HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}]
[HKCU\Software\AppDataLow\LastScanTime]
[MD5.86E0FC3A8107C10FCA5CF63AAB259A14] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\Amélie\AppData\Local\Temp\sai8B13.exe [20533281]
EmptyFlash
Emptytemp



• En haut dans la barre de commandes clique sur --> H
pour activer les lignes Helpers.

***Clique sur "OK", puis sur "Tous", et pour terminer le lancement sur "Nettoyer".
Ne touche pas au pc pendant que ZHPFix travail , risque de plantage du logiciel.
Une fois le Scan terminer , tu obtiendras un rapport de nettoyage.
Poste-moi le rapport.

Ensuite ::


-Télécharge la mise à jours JaVa ici -> http://www.java.com/fr/download/windows ... w.java.com
-Va dans "Démarre"->Tous les programmes->"Windows Update" ; effectue La/Les mises à jours.

Voici la liste de tous les Antivirus que ton pc possède:

McAfee Security Center.
Avast®Antivirus
Network Associates®McAfee VirusScan
Network Associates®McAfee Internet Security Suite
Network Associate®Internet Security Suite
ESET Online Scanner
Microsoft Windows Defender


Je vais donc te demander de tous supprimer via "Ajout et suppression des programmes" sauf Avast®Antivirus .
Tu peut garder Malwarebytes , il te seras très utile prochainement...

Je te conseil fortement de changer de Mot de passe msn en y mettant un à 8 chiffres ex: alex1234

Voila , à tout :wink:
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS msn...

Message le 29 Avr 2011 09:50

merci pour tte ces manip.

voila le nouveau rapport:
Code: Tout sélectionner
Rapport de ZHPFix 1.12.3279 par Nicolas Coolman, Update du 27/04/2011
Fichier d'export Registre : C:\ZHPExportRegistry-29-04-2011-10-47-43.txt
Run by Amélie at 29/04/2011 10:47:43
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Processus mémoire ==========
C:\Users\Amélie\AppData\Local\Temp\sai8B13.exe [20533281]  => Supprimé et mis en quarantaine

========== Clé(s) du Registre ==========
HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}  => Clé supprimée avec succès
HKCU\Software\AppDataLow\LastScanTime  => Clé supprimée avec succès

========== Dossier(s) ==========
Dossiers temporaires Windows supprimés: 145

========== Fichier(s) ==========
Fichiers temporaires Windows supprimés : 319


========== Récapitulatif ==========
1 : Processus mémoire
2 : Clé(s) du Registre
1 : Dossier(s)
1 : Fichier(s)


End of the scan


je fais le reste tout de suite
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 29 Avr 2011 11:06

voila tout est ok!
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Re: VIRUS msn...

Message le 29 Avr 2011 12:13

il y a t'il encore quelque chose a effectuer?

et pour les conseils que tu devais me donner je suis preneuse ;)
le petit frere de mon conjoint n'a desormais plus le droit d'acces sur ce pc. c'est lui que je soupçonne pour les sites bizarres qui m'auraient causer tous ces virus... grrr

merci mille fois en tout cas!
amelie034
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 28 Avr 2011 21:34
 

Suivante


Sujets similaires

Message [Réglé] Votre avis sur les disques durs "INN®" (ou Innovtec)
Bonjour à tousFaisant des recherches sur le net en vue d'acheter un disque dur externe de 6 ou 8 To, je suis tombé sur des annonces - sur le site Cdiscount de la marque Innovtec et, vu les tarifs affichés, je m'interroge sur la qualité du produit.Par exemple, celui-ci : https://www.cdiscount.com/inf ...
Réponses: 8

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 10

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 34

Message [Réglé] Clé usb qui s'affiche pas
Bonjour a tous ,Tout d'abord désolé si je me suis trompé de section.Voila j'ai un collègue qui m'a passé une clé usb avec une vidéo dessus pour que je change le formas et que la clé puisse lire la vidéo sur sa télé. Jusqu'à la tout va bien mais une fois que je met la clé dans mon ordi ( Windows 11 ) ...
Réponses: 13

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.