[Résolu] Demande de désinfection de mon PC

Phileon · le 27 août 2011

[Dylav] Le sujet d'origine

Plantage Windows avec divers jeux [/Dylav]

Merci de votre aide

Voici le rapport ZHP Diag

Rapport de ZHPDiag v1.28.1343 par Nicolas Coolman, Update du 24/08/2011

Run by Ambroise at 27/08/2011 14:24:24

Web site : ZHPDiag Outil de diagnostic

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 6.0 v6.0 (Defaut)

---\\ Windows Product Information

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : 7QJB7

Windows License : OK

~ Windows Remaining Initializations Number : 3

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System Information

~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4094 MB (67% free)

System Restore: Activé (Enable)

System drive C: has 342 GB (74%) free of 459 GB

---\\ Logged in mode

~ Computer Name: DRAGON

~ User Name: Ambroise

~ All Users Names: UpdatusUser, HomeGroupUser$, Ambroise, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Ambroise\AppData\Roaming\

~ %Desktop% : C:\Users\Ambroise\Desktop\

~ %Favorites% : C:\Users\Ambroise\Favorites\

~ %LocalAppData% : C:\Users\Ambroise\AppData\Local\

~ %StartMenu% : C:\Users\Ambroise\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\system32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 342 Go of 459 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 226 Go of 459 Go)

E:\ CD-ROM drive (Free 0 Go of 0 Go)

F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ CD-ROM drive (Free 0 Go of 3 Go)

I:\ CD-ROM drive (Not Inserted)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

~ Scan Security Center in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.01/07/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.14/07/2009 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024]

[MD5.0732B49B250E306F7A6591029AF9885B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/08/2011 - 06:36:16.) -- C:\Windows\system32\wininet.dll [1389056]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.01/07/2011 - 14:25:30.) -- C:\Windows\system32\Winlogon.exe [390656]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128]

[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.13/07/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.01/07/2011 - 14:27:26.) -- C:\Windows\system32\sppcomapi.dll [232448]

[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.01/07/2011 - 14:07:20.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]

~ Scan Generic Processes in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes Favoris (My Favorites) : 3/30

~ Mes Documents (My Documents) : 56/1862

~ Mon Bureau (My Desktop) : 1/13

~ Menu demarrer (Programs) : 7/27

~ Scan Hidden Files in 00mn 01s

---\\ Processus lancés

[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.2552]

[MD5.CEA0461AAE4B8B6216F164501B1B5A10] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912] [PID.2564]

[MD5.D9CB30BF12B3670650C85637EA1AB6EA] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888] [PID.2680]

[MD5.EF533F9D1E4F51C783D4349A7C3F518F] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464] [PID.2768]

[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.2820]

[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.2920]

[MD5.1BEF98B2BD922836CCDD0F85620BC755] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe [74752] [PID.2936]

[MD5.8AF1980AD5BD21364A960299015DBEDD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [PID.4296]

[MD5.1BF14948A57A0AF81C07F797EC0978D6] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856] [PID.3556]

[MD5.F26208B3C13B48670E055BAD116D6438] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [669696] [PID.944]

[MD5.9BF7E58D9113CE15CF4F1E1B18CEFF83] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [379496] [PID.]

[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360] [PID.]

[MD5.1CF3866E09FFE13CF280D4DDFA9F7DCF] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480] [PID.]

[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.]

[MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.]

[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.]

[MD5.4E5C5D88EB0A8D21824D5A3EB7327E69] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464] [PID.]

~ Scan Processes Running in 00mn 35s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Ambroise\AppData\Roaming\Mozilla\Firefox\Profiles\at88vq2i.default\prefs.js

C:\Users\Ambroise\AppData\Roaming\Mozilla\Firefox\Profiles\at88vq2i.default\user.js (.not file.)

M3 - MFPP: Plugins - [Ambroise] -- C:\Users\Ambroise\AppData\Roaming\Mozilla\Firefox\Profiles\at88vq2i.default\searchplugins\daemon-search.xml

M0 - MFSP: prefs.js [Ambroise - at88vq2i.default] Webmail Numericable : une messagerie à consulter sur internet ou le mobile - Espace Client

M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\firefox@ghostery.com] [] Ghostery v2.5.3 (.Evidon, Inc..)

M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.5 (.Dave Garrett.)

M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.5 (.Michel Gutierrez.)

M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [] Vuze Remote Community Toolbar v3.6.0.10 (.Conduit Ltd..)

M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}] [] Cookies Manager+ v1.5.1 (.V@no.)

P2 - FPN:Firefox Plugin Navigator . (.Nullsoft, Inc. - Winamp Application Detector.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npwachk.dll

~ Scan Firefox Browser in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com

R0 - HKUS\S-1-5-21-4026131511-971476373-2256069414-1003-4026131511-971476373-2256069414-1000\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKUS\S-1-5-21-4026131511-971476373-2256069414-1003-4026131511-971476373-2256069414-1000\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R3 - URLSearchHook: Vuze Remote Toolbar [64Bits] - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

---\\ Redirection du fichier Hosts (O1)

~ Scan Hosts File in 00mn 00s

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Partner BHO Class [64Bits] - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} . (.Google Inc. - Partner application.) -- C:\ProgramData\Partner\Partner64.dll

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll

O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine [64Bits] - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Partner BHO Class [64Bits] - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} . (.Google Inc. - Partner application.) -- C:\ProgramData\Partner\Partner.dll

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Vuze Remote [64Bits] - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: DAEMON Tools Toolbar [64Bits] - {32099AAC-C132-4136-9E9A-4E364A424E17} . (.Pas de propriétaire - Toolbar Module.) -- C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

~ Scan Toolbar in 00mn 00s

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

O4 - HKLM\..\Wow6432Node\Run: [backupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

O4 - HKLM\..\Wow6432Node\Run: [EgisTecLiveUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-4026131511-971476373-2256069414-1003-4026131511-971476373-2256069414-1000\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-4026131511-971476373-2256069414-1003-4026131511-971476373-2256069414-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\7-Zip File Manager.lnk . (...) -- C:\Program Files (x86)\7-Zip\7zFM.exe (.not file.)

O4 - Global Startup: C:\Users\Ambroise\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\JDownloader.lnk . (.AppWork UG (haftungsbeschrÃ¤nkt).) -- C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\King's Bounty.lnk . (...) -- C:\Program Files (x86)\Nobilis\King's Bounty\kb.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\Revo Uninstaller.lnk . (.VS Revo Group.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\Sid Meiers Civilization V.lnk . (.Firaxis Games.) -- C:\Program Files (x86)\Sid Meier's Civilization V\Launcher.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\SIW.lnk . (.Topala Software Solutions.) -- C:\Program Files (x86)\SIW\siw.exe

O4 - Global Startup: C:\Users\Ambroise\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files (x86)\Vuze\Azureus.exe

O4 - Global Startup: C:\Users\Ambroise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk . (.Nullsoft, Inc..) -- C:\Program Files (x86)\Winamp\winamp.exe

~ Scan Global Startup in 00mn 00s

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~1\Office12\EXCEL.exe

O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll

~ Scan IE Menu Contextuel in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

~ Scan Winsock in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: DhcpNameServer = 89.2.0.1 89.2.0.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: DhcpNameServer = 89.2.0.1 89.2.0.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CS2\Services\Tcpip\..\{5B159DBA-C247-46A2-A731-21B5A9298F13}: DhcpNameServer = 89.2.0.1 89.2.0.2

~ Scan Domain in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll

O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: ms-itss [64Bits] - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

~ Scan Protocole Additionnel in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (...) - C:\Windows\system32\guard64.dll (.not file.)

~ Scan AppInit DLL in 00mn 00s

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdagent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: GRegService (Greg_Service) . (.Acer Incorporated - Global Registration Service.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: ForceWare IP service (nSvcIp) . (.Pas de propriétaire - NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NewTech Infosystems, Inc. - Backup Manager Module.) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

~ Scan Services in 00mn 00s

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[MD5.7F59E4F51DA9C9C6B29B881D8DD92400] [APT] [burn Notification] (.Acer.) -- C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe

~ Scan Scheduled Task in 00mn 05s

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys

O41 - Driver: (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys

O41 - Driver: (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys

O41 - Driver: (dtsoftbus01) . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys

O41 - Driver: (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver: (mwlPSDFilter) . (.Egis Technology Inc. - PSD Filter Driver.) - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

O41 - Driver: (mwlPSDNServ) . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

O41 - Driver: (mwlPSDVDisk) . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

---\\ Logiciels installés (O42)

O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

O42 - Logiciel: Acer Backup Manager - (.NewTech Infosystems.) [HKLM] -- InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}

O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM] -- Acer Screensaver

O42 - Logiciel: Acer Updater - (.Acer Incorporated.) [HKLM] -- {EE171732-BEB4-4576-887D-CB62727F01CA}

O42 - Logiciel: Acer eRecovery Management - (.Acer Incorporated.) [HKLM] -- {7F811A54-5A09-4579-90E1-C93498E230D9}

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: Backup Manager Advance - (.NewTech Infosystems.) [HKLM] -- {30075A70-B5D2-440B-AFA3-FB2021740121}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM] -- conduitEngine

O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite

O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar

O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect

O42 - Logiciel: Fallout 3 - (.Bethesda Softworks.) [HKLM] -- {974C4B12-4D02-4879-85E0-61C95CC63E9E}

O42 - Logiciel: Fallout New Vegas version 1.2 - (.Ozer1.) [HKLM] -- {D89C9418-F38F-4F31-8FC4-D658ADB3D963}_is1

O42 - Logiciel: Fallout New Vegas version 1.3.0.452 - (.Ozer1.) [HKLM] -- {6BB06A04-06C2-4C11-B099-F1702DEE72C0}_is1

O42 - Logiciel: Fallout New Vegas version 1.3.0.452 - (.Ozer1.) [HKLM] -- {A1FDB071-F067-496E-BA95-176988796014}_is1

O42 - Logiciel: Fallout New Vegas version 1.3.0.452 - (.Ozer1.) [HKLM] -- {F8D1477A-FA7F-4C9D-8C0F-F1401C865566}_is1

O42 - Logiciel: Fallout New Vegas version 1.4.0.525 - (.Ozer1.) [HKLM] -- {1A0C2FC4-BC94-4B99-99DD-B0B17AC56E01}_is1

O42 - Logiciel: Fallout New Vegas version 1.4.0.525 - (.Ozer1.) [HKLM] -- {729FD43C-9D19-4391-B153-8473B3A9B48F}_is1

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Identity Card - (.Acer Incorporated.) [HKLM] -- Identity Card

O42 - Logiciel: JDownloader 0.9 - (.AppWork GmbH.) [HKLM] -- 1489-3350-5074-6281

O42 - Logiciel: King’s Bounty: The Legend (Retirer seulement) - (.Nobilis.) [HKLM] -- {E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR

O42 - Logiciel: Microsoft Office Language Pack 2007 - French/Français - (.Microsoft Corporation.) [HKLM] -- OMUI.fr-fr

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

O42 - Logiciel: Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}

O42 - Logiciel: Mises à jour NVIDIA 1.4.28 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Firefox 6.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 6.0 (x86 fr)

O42 - Logiciel: NVIDIA 3D Vision Controller Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIA StereoUSB Driver

O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers

O42 - Logiciel: NVIDIA ForceWare Network Access Manager - (.Pas de propriétaire.) [HKLM] -- InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}

O42 - Logiciel: NVIDIA Logiciel système PhysX 9.10.0514 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX

O42 - Logiciel: NVIDIA Pilote 3D Vision 280.26 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision

O42 - Logiciel: NVIDIA Pilote audio HD : 1.2.23.3 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver

O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 280.19 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB

O42 - Logiciel: NVIDIA Pilote graphique 280.26 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver

O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo

O42 - Logiciel: Nero 9 Essentials - (.Nero AG.) [HKLM] -- {dcecd67a-83b9-491f-93bd-059cab7dff56}

O42 - Logiciel: PNOFNV 2.9 - (.PNOteurs Wiwiland.) [HKLM] -- WiwilandPNOFNV_is1

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Revo Uninstaller 1.92 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: SIW version 2011.07.07 - (.Topala Software Solutions.) [HKLM] -- {AB67580-257C-45FF-B8F4-C8C30682091A}_is1

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2509488) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{AD0DE453-0804-4495-9C91-33D0F9AA5463}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636

O42 - Logiciel: Security Update for Microsoft Office 2007 System (KB2541012) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD907315-705A-4475-A1A0-2A1245803E4D}

O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2541007) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A0173254-F442-4D04-9154-43FA157B83D0}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}

O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

O42 - Logiciel: Update for 2007 Microsoft Office System (KB2284654) - (.Microsoft.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523

O42 - Logiciel: Update for Microsoft Office 2007 Help for Common Features (KB963673) - (.Microsoft.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}

O42 - Logiciel: Update for Microsoft Office 2007 System (KB2539530) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB963678) - (.Microsoft.) [HKLM] -- {90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}

O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}

O42 - Logiciel: Update for Microsoft Office OneNote 2007 Help (KB963670) - (.Microsoft.) [HKLM] -- {90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}

O42 - Logiciel: Update for Microsoft Office Powerpoint 2007 Help (KB963669) - (.Microsoft.) [HKLM] -- {90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}

O42 - Logiciel: Update for Microsoft Office Script Editor Help (KB963671) - (.Microsoft.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

O42 - Logiciel: Update for Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}

O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226

O42 - Logiciel: Vuze Remote Toolbar - (.Vuze Remote.) [HKLM] -- Vuze_Remote Toolbar

O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp

O42 - Logiciel: eSobi v2 - (.esobi Inc..) [HKLM] -- InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}

---\\ HKCU & HKLM Software Keys

[HKCU\Software\7-Zip]

[HKCU\Software\Acer]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Conduit]

[HKCU\Software\AppDataLow\Software\Google]

[HKCU\Software\AppDataLow\Software\Vuze_Remote]

[HKCU\Software\AppDataLow\Software\conduitEngine]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow\Toolbar]

[HKCU\Software\AppDataLow]

[HKCU\Software\Avira]

[HKCU\Software\Azureus]

[HKCU\Software\CDDB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\ComodoGroup]

[HKCU\Software\Conduit]

[HKCU\Software\CrystalIdea Software]

[HKCU\Software\DT Soft]

[HKCU\Software\Google]

[HKCU\Software\IM Providers]

[HKCU\Software\JavaSoft]

[HKCU\Software\Katauri Interactive]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\Mozilla]

[HKCU\Software\NVIDIA Corporation]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\OEM]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Realtek]

[HKCU\Software\Safer Networking Limited]

[HKCU\Software\SecuROM]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\Valve]

[HKCU\Software\Winamp]

[HKCU\Software\Wow6432Node]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\ej-technologies]

[HKLM\Software\7-Zip]

[HKLM\Software\<company>]

[HKLM\Software\AGEIA Technologies]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Acer Incorporated]

[HKLM\Software\Acer]

[HKLM\Software\Adobe]

[HKLM\Software\America Online]

[HKLM\Software\Audible]

[HKLM\Software\Avira]

[HKLM\Software\Azureus]

[HKLM\Software\Bethesda Softworks]

[HKLM\Software\Bunndle]

[HKLM\Software\CDDB]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ComodoGroup]

[HKLM\Software\Conduit]

[HKLM\Software\DT Soft]

[HKLM\Software\Digital River]

[HKLM\Software\EgisTec Egis Software Update]

[HKLM\Software\EgisTec]

[HKLM\Software\Google]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Khronos]

[HKLM\Software\Macromedia]

[HKLM\Software\McAfeeInstaller]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NVIDIA Corporation]

[HKLM\Software\Nero]

[HKLM\Software\NewTech Infosystems]

[HKLM\Software\ODBC]

[HKLM\Software\OEM]

[HKLM\Software\OemSetup]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\SiteAdvisor]

[HKLM\Software\Sonic]

[HKLM\Software\TrendMicro]

[HKLM\Software\Uniblue]

[HKLM\Software\VideoLAN]

[HKLM\Software\Vuze_Remote]

[HKLM\Software\Waves Audio]

[HKLM\Software\Wow6432Node]

[HKLM\Software\X-AVCSD]

[HKLM\Software\ej-technologies]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/07/2011 - 14:09:18 - [4588532] ----D- C:\Program Files\7-Zip

O43 - CFD: 14/08/2009 - 20:11:22 - [17135344] ----D- C:\Program Files\Acer

O43 - CFD: 30/06/2011 - 19:06:58 - [244173] ----D- C:\Program Files\Acer Accessory Store

O43 - CFD: 03/07/2011 - 09:20:14 - [0] ----D- C:\Program Files\AVAST Software

O43 - CFD: 21/08/2011 - 20:30:06 - [8458144] ----D- C:\Program Files\CCleaner

O43 - CFD: 30/06/2011 - 19:37:18 - [75463056] ----D- C:\Program Files\Common Files

O43 - CFD: 30/06/2011 - 20:09:34 - [140588797] ----D- C:\Program Files\COMODO

O43 - CFD: 03/07/2011 - 03:44:08 - [90256916] ----D- C:\Program Files\DVD Maker

O43 - CFD: 30/06/2011 - 19:06:28 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 14/08/2009 - 20:12:44 - [638944] ----D- C:\Program Files\Google

O43 - CFD: 11/08/2011 - 03:22:14 - [6202112] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 14/07/2009 - 09:45:56 - [148931122] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 14/08/2009 - 20:03:42 - [1141694] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 23/08/2011 - 09:11:14 - [404434587] ----D- C:\Program Files\NVIDIA Corporation

O43 - CFD: 14/08/2009 - 19:49:34 - [12164256] ----D- C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 07:32:40 - [36813993] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 03/07/2011 - 03:44:02 - [4039680] ----D- C:\Program Files\Windows Defender

O43 - CFD: 03/07/2011 - 03:44:06 - [9224824] ----D- C:\Program Files\Windows Journal

O43 - CFD: 03/07/2011 - 03:44:08 - [6667776] ----D- C:\Program Files\Windows Mail

O43 - CFD: 03/07/2011 - 03:44:08 - [7687085] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 30/06/2011 - 19:06:28 - [12627636] ----D- C:\Program Files\Windows NT

O43 - CFD: 03/07/2011 - 03:44:06 - [5516056] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 03/07/2011 - 03:44:08 - [244736] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 03/07/2011 - 03:44:08 - [8355930] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 10/07/2011 - 10:04:16 - [62657295] ----D- C:\Program Files\Common Files\Microsoft Shared

O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 01/07/2011 - 04:38:50 - [12194291] ----D- C:\Program Files\Common Files\System

O43 - CFD: 14/08/2009 - 20:10:22 - [414388] ----D- C:\ProgramData\Acer

O43 - CFD: 01/07/2011 - 16:19:08 - [767] ----D- C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 04/07/2011 - 08:24:08 - [0] ----D- C:\ProgramData\AVAST Software

O43 - CFD: 30/06/2011 - 19:39:40 - [55303896] ----D- C:\ProgramData\Avira

O43 - CFD: 04/07/2011 - 08:48:58 - [22886] ----D- C:\ProgramData\BackupManager

O43 - CFD: 30/06/2011 - 19:06:28 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 27/07/2011 - 20:37:10 - [33986496] ----D- C:\ProgramData\Comodo

O43 - CFD: 26/08/2011 - 16:16:22 - [2067] ----D- C:\ProgramData\DAEMON Tools Lite

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 14/08/2009 - 20:27:32 - [0] ----D- C:\ProgramData\EgisTec

O43 - CFD: 14/08/2009 - 20:25:30 - [420] ----D- C:\ProgramData\eSobi

O43 - CFD: 30/06/2011 - 19:06:28 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 14/08/2009 - 20:12:46 - [522259] ----D- C:\ProgramData\Google

O43 - CFD: 30/06/2011 - 19:37:26 - [5114] ----D- C:\ProgramData\McAfee

O43 - CFD: 30/06/2011 - 19:06:28 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 21/08/2011 - 19:42:18 - [181684413] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 02/07/2011 - 11:26:32 - [122008] ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 30/06/2011 - 19:06:28 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 14/08/2009 - 20:20:14 - [11378166] ----D- C:\ProgramData\Nero

O43 - CFD: 27/08/2011 - 08:17:04 - [2757820] ----D- C:\ProgramData\NVIDIA

O43 - CFD: 23/08/2011 - 09:10:06 - [622897] ----D- C:\ProgramData\NVIDIA Corporation

O43 - CFD: 14/08/2009 - 20:27:32 - [141] ----D- C:\ProgramData\OEM

O43 - CFD: 14/08/2009 - 20:12:48 - [1516372] ----D- C:\ProgramData\Partner

O43 - CFD: 14/08/2009 - 20:17:46 - [36] ----D- C:\ProgramData\SiteAdvisor

O43 - CFD: 26/08/2011 - 06:22:32 - [31936566] ----D- C:\ProgramData\Spybot - Search & Destroy

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 02/07/2011 - 13:35:02 - [119] ----D- C:\ProgramData\Sun

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 26/08/2011 - 06:24:44 - [0] ----D- C:\ProgramData\WinZip

O43 - CFD: 01/07/2011 - 01:46:12 - [5931643] ----D- C:\Users\Ambroise\AppData\Roaming\Adobe

O43 - CFD: 03/07/2011 - 03:33:58 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\Avira

O43 - CFD: 26/08/2011 - 11:10:50 - [5037297] ----D- C:\Users\Ambroise\AppData\Roaming\Azureus

O43 - CFD: 26/08/2011 - 10:21:00 - [5392] ----D- C:\Users\Ambroise\AppData\Roaming\DAEMON Tools Lite

O43 - CFD: 15/07/2011 - 19:20:58 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\FreeOrion

O43 - CFD: 07/08/2011 - 13:45:18 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\Google

O43 - CFD: 30/06/2011 - 19:10:42 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\Identities

O43 - CFD: 30/06/2011 - 19:24:58 - [3468] ----D- C:\Users\Ambroise\AppData\Roaming\Macromedia

O43 - CFD: 14/07/2009 - 09:44:40 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\Media Center Programs

O43 - CFD: 25/08/2011 - 17:54:40 - [1898445] -S--D- C:\Users\Ambroise\AppData\Roaming\Microsoft

O43 - CFD: 30/06/2011 - 20:00:58 - [33520166] ----D- C:\Users\Ambroise\AppData\Roaming\Mozilla

O43 - CFD: 09/08/2011 - 19:20:42 - [43302] ----D- C:\Users\Ambroise\AppData\Roaming\Nero

O43 - CFD: 28/07/2011 - 17:01:04 - [151122] ----D- C:\Users\Ambroise\AppData\Roaming\Todae

O43 - CFD: 04/08/2011 - 13:43:28 - [1336436] ----D- C:\Users\Ambroise\AppData\Roaming\vlc

O43 - CFD: 25/08/2011 - 09:03:08 - [6329594] ----D- C:\Users\Ambroise\AppData\Roaming\Winamp

O43 - CFD: 04/07/2011 - 11:13:48 - [0] ----D- C:\Users\Ambroise\AppData\Roaming\WinRAR

O43 - CFD: 01/07/2011 - 01:46:32 - [23719424] ----D- C:\Users\Ambroise\AppData\Local\Adobe

O43 - CFD: 30/06/2011 - 19:06:40 - [0] -SH-D- C:\Users\Ambroise\AppData\Local\Application Data

O43 - CFD: 23/08/2011 - 14:00:30 - [38496] ----D- C:\Users\Ambroise\AppData\Local\Conduit

O43 - CFD: 02/08/2011 - 13:57:18 - [1157454] ----D- C:\Users\Ambroise\AppData\Local\Diagnostics

O43 - CFD: 30/06/2011 - 19:11:06 - [183] ----D- C:\Users\Ambroise\AppData\Local\EgisTec

O43 - CFD: 01/08/2011 - 09:43:26 - [0] ----D- C:\Users\Ambroise\AppData\Local\ElevatedDiagnostics

O43 - CFD: 10/07/2011 - 04:17:22 - [0] ----D- C:\Users\Ambroise\AppData\Local\Fallout3

O43 - CFD: 26/08/2011 - 14:39:02 - [703] ----D- C:\Users\Ambroise\AppData\Local\FalloutNV

O43 - CFD: 25/08/2011 - 13:21:34 - [163289] ----D- C:\Users\Ambroise\AppData\Local\Google

O43 - CFD: 30/06/2011 - 19:06:40 - [0] -SH-D- C:\Users\Ambroise\AppData\Local\Historique

O43 - CFD: 21/08/2011 - 19:42:16 - [154762639] ----D- C:\Users\Ambroise\AppData\Local\Microsoft

O43 - CFD: 30/06/2011 - 19:22:26 - [0] ----D- C:\Users\Ambroise\AppData\Local\Microsoft Help

O43 - CFD: 30/06/2011 - 20:00:42 - [98656623] ----D- C:\Users\Ambroise\AppData\Local\Mozilla

O43 - CFD: 26/08/2011 - 16:30:24 - [0] ----D- C:\Users\Ambroise\AppData\Local\My Games

O43 - CFD: 03/07/2011 - 04:23:00 - [0] ----D- C:\Users\Ambroise\AppData\Local\PackageAware

O43 - CFD: 27/08/2011 - 14:23:36 - [1287343] ----D- C:\Users\Ambroise\AppData\Local\Temp

O43 - CFD: 30/06/2011 - 19:06:40 - [0] -SH-D- C:\Users\Ambroise\AppData\Local\Temporary Internet Files

O43 - CFD: 26/07/2011 - 00:49:02 - [11560] ----D- C:\Users\Ambroise\AppData\Local\The_StealthNet_Team

O43 - CFD: 03/07/2011 - 04:15:36 - [1452722] ----D- C:\Users\Ambroise\AppData\Local\VirtualStore

O43 - CFD: 03/07/2011 - 07:19:54 - [37263914] ----D- C:\Program Files (x86)\Acer

O43 - CFD: 14/08/2009 - 20:24:54 - [688528031] ----D- C:\Program Files (x86)\Adobe

O43 - CFD: 30/06/2011 - 19:39:40 - [137856736] ----D- C:\Program Files (x86)\Avira

O43 - CFD: 09/08/2011 - 19:29:02 - [5947931375] ----D- C:\Program Files (x86)\Bethesda Softworks

O43 - CFD: 23/08/2011 - 09:08:22 - [545081734] ----D- C:\Program Files (x86)\Common Files

O43 - CFD: 23/08/2011 - 14:00:40 - [634976] ----D- C:\Program Files (x86)\Conduit

O43 - CFD: 23/08/2011 - 14:00:34 - [4468065] ----D- C:\Program Files (x86)\ConduitEngine

O43 - CFD: 09/08/2011 - 08:29:16 - [25647423] ----D- C:\Program Files (x86)\DAEMON Tools Lite

O43 - CFD: 09/08/2011 - 08:22:02 - [4003765] ----D- C:\Program Files (x86)\DAEMON Tools Toolbar

O43 - CFD: 03/07/2011 - 07:16:34 - [0] ----D- C:\Program Files (x86)\EgisTec

O43 - CFD: 14/08/2009 - 20:12:58 - [1683158] ----D- C:\Program Files (x86)\EgisTec Egis Software Update

O43 - CFD: 14/08/2009 - 20:25:24 - [21920374] ----D- C:\Program Files (x86)\eSobi

O43 - CFD: 26/08/2011 - 14:38:38 - [9039551871] ----D- C:\Program Files (x86)\Fallout New Vegas

O43 - CFD: 20/08/2011 - 12:59:22 - [57307958] ----D- C:\Program Files (x86)\Google

O43 - CFD: 23/08/2011 - 09:11:42 - [45573912] --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 11/08/2011 - 03:22:14 - [5153441] ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD: 02/07/2011 - 13:34:14 - [88550786] ----D- C:\Program Files (x86)\Java

O43 - CFD: 21/08/2011 - 17:16:46 - [59035232] ----D- C:\Program Files (x86)\JDownloader

O43 - CFD: 10/07/2011 - 10:04:28 - [9362570] ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

O43 - CFD: 30/06/2011 - 19:22:36 - [579279220] ----D- C:\Program Files (x86)\Microsoft Office

O43 - CFD: 14/08/2009 - 20:08:02 - [7791803] ----D- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant

O43 - CFD: 01/07/2011 - 03:39:48 - [38411899] ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 30/06/2011 - 19:22:50 - [657681] ----D- C:\Program Files (x86)\Microsoft Visual Studio 8

O43 - CFD: 01/07/2011 - 03:26:22 - [145421942] ----D- C:\Program Files (x86)\Microsoft Works

O43 - CFD: 03/07/2011 - 03:01:20 - [8167779] ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 19/08/2011 - 17:41:16 - [35681257] ----D- C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild

O43 - CFD: 01/07/2011 - 15:59:56 - [0] ----D- C:\Program Files (x86)\MSXML 4.0

O43 - CFD: 14/08/2009 - 20:21:06 - [382291613] ----D- C:\Program Files (x86)\Nero

O43 - CFD: 14/08/2009 - 20:02:02 - [236029528] ----D- C:\Program Files (x86)\NewTech Infosystems

O43 - CFD: 26/08/2011 - 10:48:10 - [5771751118] ----D- C:\Program Files (x86)\Nobilis

O43 - CFD: 23/08/2011 - 09:11:56 - [109379626] ----D- C:\Program Files (x86)\NVIDIA Corporation

O43 - CFD: 14/08/2009 - 19:49:26 - [3357289] ----D- C:\Program Files (x86)\Realtek

O43 - CFD: 14/07/2009 - 07:32:40 - [39159041] ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 26/08/2011 - 16:29:54 - [4842073379] ----D- C:\Program Files (x86)\Sid Meier's Civilization V

O43 - CFD: 25/08/2011 - 13:31:08 - [5957924] ----D- C:\Program Files (x86)\SIW

O43 - CFD: 03/07/2011 - 06:51:52 - [62761088] ----D- C:\Program Files (x86)\Spybot - Search & Destroy

O43 - CFD: 14/08/2009 - 19:49:38 - [0] --H-D- C:\Program Files (x86)\Temp

O43 - CFD: 02/07/2011 - 19:19:00 - [420334] ----D- C:\Program Files (x86)\Trend Micro

O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD: 29/07/2011 - 09:50:00 - [84898038] ----D- C:\Program Files (x86)\VideoLAN

O43 - CFD: 30/06/2011 - 20:07:08 - [6812742] ----D- C:\Program Files (x86)\VS Revo Group

O43 - CFD: 23/08/2011 - 14:00:56 - [21653611] ----D- C:\Program Files (x86)\Vuze

O43 - CFD: 23/08/2011 - 14:00:30 - [4549434] ----D- C:\Program Files (x86)\Vuze_Remote

O43 - CFD: 28/07/2011 - 17:01:26 - [41022493] ----D- C:\Program Files (x86)\Winamp

O43 - CFD: 28/07/2011 - 17:01:16 - [155364] ----D- C:\Program Files (x86)\Winamp Detect

O43 - CFD: 01/07/2011 - 04:38:50 - [524800] ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD: 30/06/2011 - 19:17:06 - [245112] ----D- C:\Program Files (x86)\Windows Live SkyDrive

O43 - CFD: 03/07/2011 - 03:44:14 - [6181376] ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD: 03/07/2011 - 03:44:14 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT

O43 - CFD: 03/07/2011 - 03:44:14 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 03/07/2011 - 03:44:14 - [189952] ----D- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 03/07/2011 - 03:44:14 - [5994626] ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 27/08/2011 - 14:25:16 - [4013380] ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD: 01/07/2011 - 15:58:36 - [16426975] ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 14/08/2009 - 20:24:50 - [31787256] ----D- C:\Program Files (x86)\Common Files\Adobe AIR

O43 - CFD: 14/08/2009 - 20:04:40 - [92976] ----D- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 14/08/2009 - 20:12:58 - [101672] ----D- C:\Program Files (x86)\Common Files\EgisTec

O43 - CFD: 14/08/2009 - 19:49:22 - [3989920] ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 02/07/2011 - 13:35:02 - [1258951] ----D- C:\Program Files (x86)\Common Files\Java

O43 - CFD: 01/07/2011 - 16:00:28 - [270694185] ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 14/08/2009 - 20:22:38 - [121337553] ----D- C:\Program Files (x86)\Common Files\Nero

O43 - CFD: 14/08/2009 - 19:54:36 - [354896] ----D- C:\Program Files (x86)\Common Files\Oberon Media

O43 - CFD: 28/07/2011 - 17:01:00 - [4780336] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine

O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 02/07/2011 - 11:25:32 - [44924023] ----D- C:\Program Files (x86)\Common Files\System

O43 - CFD: 30/06/2011 - 19:16:02 - [8226506] ----D- C:\Program Files (x86)\Common Files\Windows Live

~ Scan Program Folder in 00mn 08s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.2F177D00BAD52F98A08048DBBD625E7E] - 27/08/2011 - 13:01:34 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2019589]

O44 - LFC:[MD5.41821E8A098EEBD048888B760B732512] - 27/08/2011 - 07:21:26 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106190]

O44 - LFC:[MD5.21767E020C38DACF40F0754E72C6A085] - 27/08/2011 - 07:21:26 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130548]

O44 - LFC:[MD5.86BA7075C004B98145705F3054C11C43] - 27/08/2011 - 07:21:26 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [615810]

O44 - LFC:[MD5.CBD06ACA8D392816E0502BFA338370FA] - 27/08/2011 - 07:21:26 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704242]

O44 - LFC:[MD5.41821E8A098EEBD048888B760B732512] - 27/08/2011 - 07:21:26 RSHAD . (...) -- C:\Windows\system32\perfc009.dat [106190]

O44 - LFC:[MD5.21767E020C38DACF40F0754E72C6A085] - 27/08/2011 - 07:21:26 RSHAD . (...) -- C:\Windows\system32\perfc00C.dat [130548]

O44 - LFC:[MD5.86BA7075C004B98145705F3054C11C43] - 27/08/2011 - 07:21:26 RSHAD . (...) -- C:\Windows\system32\perfh009.dat [615810]

O44 - LFC:[MD5.CBD06ACA8D392816E0502BFA338370FA] - 27/08/2011 - 07:21:26 RSHAD . (...) -- C:\Windows\system32\perfh00C.dat [704242]

O44 - LFC:[MD5.B34FBC43067BE729D6893EBE72447DA1] - 27/08/2011 - 07:21:25 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.B34FBC43067BE729D6893EBE72447DA1] - 27/08/2011 - 07:21:25 RSHAD . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.3FA7D1E70F8A0BF95C2629A77FE07A8F] - 27/08/2011 - 07:17:03 ---A- . (...) -- C:\Windows\setupact.log [1364]

O44 - LFC:[MD5.40B23CE134EE130E19768333EF857651] - 27/08/2011 - 07:17:01 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.746EC22A0DBDE7F6A7C5CE942B0EFD54] - 26/08/2011 - 15:52:38 ---A- . (...) -- C:\Windows\MEMORY.DMP [354493127]

O44 - LFC:[MD5.CD5085A61C0B21803B5D9FFD8B699901] - 26/08/2011 - 15:22:43 ---A- . (...) -- C:\Windows\DirectX.log [516915]

O44 - LFC:[MD5.D055536EED50D1744078A9ADBDB681B3] - 25/08/2011 - 13:06:19 ---A- . (...) -- C:\Windows\PFRO.log [1526]

O44 - LFC:[MD5.B4D96D6EA77DFD5B045ED64B006E0BC9] - 23/08/2011 - 08:08:02 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\SysNative\nvhdagenco642040.dll [1426536]

O44 - LFC:[MD5.162D9085A523016919403CE49538BE7C] - 23/08/2011 - 08:08:02 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\SysNative\nvhdap64.dll [29288]

O44 - LFC:[MD5.B4D96D6EA77DFD5B045ED64B006E0BC9] - 23/08/2011 - 08:08:02 RSHAD . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco642040.dll [1426536]

O44 - LFC:[MD5.960E39A54E525DF58CB29193147DFFA1] - 23/08/2011 - 08:08:02 RSHAD . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda64v.sys [174184]

O44 - LFC:[MD5.162D9085A523016919403CE49538BE7C] - 23/08/2011 - 08:08:02 RSHAD . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap64.dll [29288]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/08/2011 - 07:52:54 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.D3D64CF7B2BCEAA34A270F45A3FFFB36] - 09/08/2011 - 07:29:14 RSHAD . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\drivers\dtsoftbus01.sys [270912]

O44 - LFC:[MD5.71308A15265B6A89E5B51C9635085562] - 03/08/2011 - 12:50:00 ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb [7383]

O44 - LFC:[MD5.2D4A51E3D0137B22466472D1420846A7] - 03/08/2011 - 12:50:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\SysNative\OpenCL.dll [67176]

O44 - LFC:[MD5.2D4A51E3D0137B22466472D1420846A7] - 03/08/2011 - 12:50:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [67176]

O44 - LFC:[MD5.CB0483F5C79EDA101AD603FEFADC0D78] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\SysNative\nvdispco64.dll [1519720]

O44 - LFC:[MD5.F8551FD67D84D446B6F903C5EF5BB887] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - Easy daemon API.) -- C:\Windows\SysNative\easyupdatusapiu64.dll [836200]

O44 - LFC:[MD5.09F7E98136C13B4C41CF0CA448B7BDAD] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\SysNative\nvgenco64.dll [1453160]

O44 - LFC:[MD5.F6A33FE1896951C81FBB06F89BB77CC8] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 280.26.) -- C:\Windows\SysNative\nvcuda.dll [7254632]

O44 - LFC:[MD5.F6A33FE1896951C81FBB06F89BB77CC8] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 280.26.) -- C:\Windows\system32\nvcuda.dll [7254632]

O44 - LFC:[MD5.1B887B61A5E001CDC7F733EDC1327F1D] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 280.2.) -- C:\Windows\SysNative\nvcuvid.dll [2532456]

O44 - LFC:[MD5.1B887B61A5E001CDC7F733EDC1327F1D] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 280.2.) -- C:\Windows\system32\nvcuvid.dll [2532456]

O44 - LFC:[MD5.3AF3DAC8DD7FF6B9FC90551642F46902] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 280.26.) -- C:\Windows\SysNative\nvcuvenc.dll [2222184]

O44 - LFC:[MD5.3AF3DAC8DD7FF6B9FC90551642F46902] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 280.26.) -- C:\Windows\system32\nvcuvenc.dll [2222184]

O44 - LFC:[MD5.D332D01F8B2FD019D2C817D7A0F809C4] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\SysNative\nvoglv64.dll [22470248]

O44 - LFC:[MD5.28EB9A79B9F2E1DB6D71C6B54D4B8664] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 280.26.) -- C:\Windows\SysNative\nvcompiler.dll [24692840]

O44 - LFC:[MD5.28EB9A79B9F2E1DB6D71C6B54D4B8664] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 280.26.) -- C:\Windows\system32\nvcompiler.dll [24692840]

O44 - LFC:[MD5.6B60F1B8D93EC46B022BF296068E181A] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 280.26.) -- C:\Windows\SysNative\nvwgf2umx.dll [8355944]

O44 - LFC:[MD5.1E3B29FA18FF1C4BDA24F8155A2FE656] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\SysNative\nvcpl.dll [6136936]

O44 - LFC:[MD5.5725A85AF50334E1A044A3A654580CED] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\SysNative\nvsvc64.dll [3021416]

O44 - LFC:[MD5.BB55747DE2E82AF47DDB4F82D95647C8] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\SysNative\nvsvcr.dll [2560616]

O44 - LFC:[MD5.39F933CA2798156B0B7A19D104B73B9A] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\SysNative\nvvsvc.exe [980072]

O44 - LFC:[MD5.AB55A7CEBC83D501BEC77EE2DE1BBEA6] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\SysNative\nvmctray.dll [117864]

O44 - LFC:[MD5.EBC20D6D895F8F3601E626B8088C93C7] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 280.26.) -- C:\Windows\SysNative\nvapi64.dll [2758760]

O44 - LFC:[MD5.A1F2BA9CB0B251032B1FB14A2BD33440] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 280.26.) -- C:\Windows\SysNative\nvd3dumx.dll [15064168]

O44 - LFC:[MD5.1882C512BF636EA6F7BE424200B86B5E] - 03/08/2011 - 12:50:00 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\SysNative\nvshext.dll [61544]

O44 - LFC:[MD5.71308A15265B6A89E5B51C9635085562] - 03/08/2011 - 12:50:00 RSHAD . (...) -- C:\Windows\system32\nvinfo.pb [7383]

O44 - LFC:[MD5.CB0483F5C79EDA101AD603FEFADC0D78] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco64.dll [1519720]

O44 - LFC:[MD5.F8551FD67D84D446B6F903C5EF5BB887] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - Easy daemon API.) -- C:\Windows\system32\easyupdatusapiu64.dll [836200]

O44 - LFC:[MD5.09F7E98136C13B4C41CF0CA448B7BDAD] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco64.dll [1453160]

O44 - LFC:[MD5.D332D01F8B2FD019D2C817D7A0F809C4] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv64.dll [22470248]

O44 - LFC:[MD5.6B60F1B8D93EC46B022BF296068E181A] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 280.26.) -- C:\Windows\system32\nvwgf2umx.dll [8355944]

O44 - LFC:[MD5.1E3B29FA18FF1C4BDA24F8155A2FE656] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [6136936]

O44 - LFC:[MD5.5725A85AF50334E1A044A3A654580CED] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\system32\nvsvc64.dll [3021416]

O44 - LFC:[MD5.BB55747DE2E82AF47DDB4F82D95647C8] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\system32\nvsvcr.dll [2560616]

O44 - LFC:[MD5.39F933CA2798156B0B7A19D104B73B9A] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\system32\nvvsvc.exe [980072]

O44 - LFC:[MD5.AB55A7CEBC83D501BEC77EE2DE1BBEA6] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [117864]

O44 - LFC:[MD5.EBC20D6D895F8F3601E626B8088C93C7] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 280.26.) -- C:\Windows\system32\nvapi64.dll [2758760]

O44 - LFC:[MD5.A1F2BA9CB0B251032B1FB14A2BD33440] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 280.26.) -- C:\Windows\system32\nvd3dumx.dll [15064168]

O44 - LFC:[MD5.CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [12909672]

O44 - LFC:[MD5.1882C512BF636EA6F7BE424200B86B5E] - 03/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [61544]

O44 - LFC:[MD5.E15B492959DFABC12AA4CA070B38F21A] - 15/02/2010 - 12:03:04 ---A- . (...) -- C:\Windows\SysNative\binkw32.dll [286208]

O44 - LFC:[MD5.E15B492959DFABC12AA4CA070B38F21A] - 15/02/2010 - 12:03:04 RSHAD . (...) -- C:\Windows\system32\binkw32.dll [286208]

O44 - LFC:[MD5.E1772920AD1CCA6C6657604AF1626320] - 30/08/2006 - 23:23:02 ---A- . (...) -- C:\Windows\SysNative\hook_fo1.dll [2584]

O44 - LFC:[MD5.E1772920AD1CCA6C6657604AF1626320] - 30/08/2006 - 23:23:02 RSHAD . (...) -- C:\Windows\system32\hook_fo1.dll [2584]

~ Scan Files in 00mn 42s

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{f5e8e397-c24f-11e0-a480-001f16f9e0cf}\AutoRun\command. (.SKIDROW - Pas de description.) -- H:\Installer.exe

~ Scan Keys in 00mn 00s

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

~ Scan Keys in 00mn 00s

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

~ Scan Keys in 00mn 00s

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 10/06/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]

O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]

O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 RSHAD . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]

O58 - SDL:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 13/07/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904]

O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 10/06/2009 - 02:52:20 RSHAD . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]

O58 - SDL:[MD5.540DAF1CEA6094886D72126FD7C33048] - 13/07/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008]

O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]

O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]

O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 30/06/2011 - 10:19:23 RSHAD . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]

O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 30/06/2011 - 10:19:23 RSHAD . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]

O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]

O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 14/07/2009 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]

O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 14/07/2009 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]

O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 RSHAD . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]

O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]

O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]

O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]

O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]

O58 - SDL:[MD5.6BBCC68D37D9B0C09100CDC2D16C8F8F] - 30/06/2011 - 09:38:06 RSHAD . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\system32\drivers\cmderd.sys [16016]

O58 - SDL:[MD5.0020E6598D80B92E4D8618554C4843AB] - 30/06/2011 - 09:38:07 RSHAD . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\system32\drivers\cmdGuard.sys [252344]

O58 - SDL:[MD5.7A2AF19B01BF433C23AC1111610ACF84] - 30/06/2011 - 09:38:08 RSHAD . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\system32\drivers\cmdhlp.sys [41712]

O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 RSHAD . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]

O58 - SDL:[MD5.D3D64CF7B2BCEAA34A270F45A3FFFB36] - 09/08/2011 - 07:29:14 RSHAD . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\drivers\dtsoftbus01.sys [270912]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 10/06/2009 - 02:47:48 RSHAD . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]

O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 14/07/2009 - 21:31:59 RSHAD . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 01/07/2011 - 14:33:35 RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [78720]

O58 - SDL:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 13/07/2011 - 07:41:26 RSHAD . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496]

O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 13/07/2009 - 02:48:04 RSHAD . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]

O58 - SDL:[MD5.FC863D6EC8FC977AC4BE6CA7DDC10DAE] - 30/06/2011 - 09:38:09 RSHAD . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\system32\drivers\inspect.sys [92688]

O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]

O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]

O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]

O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]

O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 10/06/2009 - 02:48:04 RSHAD . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]

O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]

O58 - SDL:[MD5.6FFECC25B39DC7652A0CEC0ADA9DB589] - 14/08/2009 - 12:15:30 RSHAD . (.Egis Technology Inc. - PSD Filter Driver.) -- C:\Windows\system32\drivers\mwlPSDFilter.sys [22576]

O58 - SDL:[MD5.0BEFE32CA56D6EE89D58175725596A85] - 14/08/2009 - 12:15:30 RSHAD . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) -- C:\Windows\system32\drivers\mwlPSDNserv.sys [20016]

O58 - SDL:[MD5.D43BC633B8660463E446E28E14A51262] - 14/08/2009 - 12:15:30 RSHAD . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) -- C:\Windows\system32\drivers\mwlPSDVDisk.sys [60464]

O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 13/07/2009 - 02:48:26 RSHAD . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]

O58 - SDL:[MD5.64DDD0DEE976302F4BD93E5EFCC2F013] - 14/08/2009 - 00:46:08 RSHAD . (.NewTech Infosystems, Inc. - NTI CD-ROM Filter Driver.) -- C:\Windows\system32\drivers\NTIDrvr.sys [18432]

O58 - SDL:[MD5.960E39A54E525DF58CB29193147DFFA1] - 23/08/2011 - 10:41:27 RSHAD . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda64v.sys [174184]

O58 - SDL:[MD5.CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0] - 23/08/2011 - 12:50:00 RSHAD . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 280.26.) -- C:\Windows\system32\drivers\nvlddmkm.sys [12909672]

O58 - SDL:[MD5.A85B4F2EF3A7304A5399EF0526423040] - 10/06/2009 - 21:35:35 RSHAD . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvm62x64.sys [408960]

O58 - SDL:[MD5.956A1F47826514C1EA0C295FE13C7377] - 14/08/2009 - 06:06:58 RSHAD . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvmf6264.sys [339360]

O58 - SDL:[MD5.0A92CB65770442ED0DC44834632F66AD] - 13/07/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352]

O58 - SDL:[MD5.AFDE3015BB8D76E26BEC3B287C5443A0] - 14/08/2009 - 20:07:36 RSHAD . (.NVIDIA Corporation - NVIDIA nForce SMU Microcontroller Driver.) -- C:\Windows\system32\drivers\nvsmu.sys [28704]

O58 - SDL:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 13/07/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272]

O58 - SDL:[MD5.7C7EEF51979658CE15BBC04F96A77D56] - 14/08/2009 - 12:09:24 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor64.sys [239136]

O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 10/06/2009 - 02:45:46 RSHAD . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]

O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 13/07/2009 - 02:45:45 RSHAD . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]

O58 - SDL:[MD5.BC64B75E8E0A0B8982AB773483164E72] - 14/08/2009 - 11:52:38 RSHAD . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [1831968]

O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 14/07/2009 - 21:37:19 RSHAD . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]

O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 10/06/2009 - 02:45:45 RSHAD . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]

O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 13/07/2009 - 02:45:46 RSHAD . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]

O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/07/2011 - 00:00:00 RSHAD . (...) -- C:\Windows\system32\drivers\sptd.sys [513080]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 02:45:55 RSHAD . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]

O58 - SDL:[MD5.2E22C1FD397A5A9FFEF55E9D1FC96C00] - 14/08/2009 - 00:46:08 RSHAD . (.NewTech Infosystems Corporation - NTI CDROM Filter Driver.) -- C:\Windows\system32\drivers\UBHelper.sys [16896]

O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 RSHAD . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]

O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 10/06/2009 - 02:45:55 RSHAD . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]

~ Scan Drivers in 00mn 01s

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ Scan ADS in 00mn 00s

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 18/04/2011 - C:\Windows\system32\DRIVERS\avgntflt.sys - No object(No service) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - 18/04/2011 - C:\Windows\system32\DRIVERS\avipbb.sys - No object(No service) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\cmdguard.sys - No object(No service) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\cmdhlp.sys - No object(No service) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\inspect.sys - No object(No service) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT

O64 - Services: CurCS - 02/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys - No object(No service) .(.Egis Technology Inc. - PSD Filter Driver.) - LEGACY_MWLPSDFILTER

O64 - Services: CurCS - 02/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys - No object(No service) .(.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - LEGACY_MWLPSDNSERV

O64 - Services: CurCS - 02/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys - No object(No service) .(.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - LEGACY_MWLPSDVDISK

O64 - Services: CurCS - ??/??/???? - C:\Windows\system32\Drivers\sptd.sys - No object (No service) .(...) - LEGACY_SPTD

~ Scan Services in 00mn 07s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Scan Keys in 00mn 00s

---\\ Search Browser Infection (O69)

O69 - SBI: prefs.js [Ambroise - at88vq2i.default] user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091

O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} [DefaultScope] - (DAEMON Search) - DAEMON-Search.com :: EXPLORE

~ Scan Keys in 00mn 00s

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.5C3EBAB9109BEFB0B769DE4D0C960601] [sPRF][26/08/2011] (.Sony DADC Austria AG - SecuROM DRM Dialog.) -- C:\Users\Ambroise\AppData\Local\Temp\drm_dialogs.dll [65536]

[MD5.9E280C5414648385F90931DB4750DDD1] [sPRF][26/08/2011] (.Sony DADC Austria AG - SecuROM dynamic-data module.) -- C:\Users\Ambroise\AppData\Local\Temp\drm_dyndata_7380006.dll [204800]

[MD5.3011BB10919C78C7669B0D07284BD8CB] [sPRF][17/01/2009] (.Bethesda Softworks - Fallout 3 Launcher.) -- C:\Users\Ambroise\Desktop\FalloutLauncher.exe [1546752]

[MD5.11B9F1E66EE67F0C765C5895A99755DD] [sPRF][29/07/2011] (...) -- C:\Users\Ambroise\Desktop\vlc-1.1.11-win32.exe [21073936]

~ Scan Files in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{43EB7B14-2AA5-4001-98CF-6E1B9FD5B9AF}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "{8278FCA5-4F16-4734-B380-737795573940}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "{CEB5E203-3633-4ECB-B5AB-1856D703F979}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files (x86)\Vuze\Azureus.exe

O87 - FAEL: "{03591552-B5D3-4275-AA64-2A3CB9A0C1AA}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files (x86)\Vuze\Azureus.exe

~ Scan Firewall in 00mn 00s

---\\ Scan Additionnel (O88)

Database Version : 8617 - (24/08/2011)

Clés trouvées (Keys found) : 19

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 9

Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO

[HKLM\Software\WOW6432Node\Classes\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO

[HKLM\Software\Classes\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000}] =>Trojan.BHO

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>Toolbar.Conduit

[HKCU\Software\Conduit] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\Conduit] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit

[HKLM\Software\WOW6432Node\conduitEngine] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.Agent

C:\Users\Ambroise\AppData\Local\Conduit =>Toolbar.Conduit

C:\Users\Ambroise\AppData\LocalLow\Conduit =>Toolbar.Conduit

C:\Users\Ambroise\AppData\LocalLow\ConduitEngine =>Toolbar.Conduit

C:\Users\Ambroise\AppData\LocalLow\Vuze_Remote =>Toolbar.Conduit

C:\Program Files (x86)\Conduit =>Toolbar.Conduit

C:\Program Files (x86)\ConduitEngine =>Toolbar.Conduit

C:\Program Files (x86)\DAEMON Tools Toolbar =>Toolbar.Agent

C:\Program Files (x86)\Vuze_Remote =>Toolbar.Conduit

~ Scan Additionnel in 00mn 07s

---\\ Recherche détournement de DNS routeur (O89)

Serveur : UnKnown

Address: 156.154.70.25

Nom : www.l.google.com

Addresses: 209.85.148.106

209.85.148.104

209.85.148.99

209.85.148.147

209.85.148.105

209.85.148.103

Aliases: www.google.fr

www.google.com

~ Scan DNS in 00mn 05s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 30/06/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 30/06/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 04/07/2011 2528096 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (cmdagent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

SR - | Auto 625184 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

SR - | Auto 14/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

SS - | Auto 20/08/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 20/08/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 14/08/2009 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 14/08/2009 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

SR - | Auto 207904 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

SR - | Auto 14/08/2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

SR - | Auto 23/08/2011 980072 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 23/08/2011 2255464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

SS - | Demand 14/08/2009 332272 | (Partner Service) . (.Google Inc..) - C:\ProgramData\Partner\Partner.exe

SR - | Auto 23/08/2011 379496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 14/08/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe

~ Scan Services in 00mn 06s

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

~ Scan MBR in 00mn 11s

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.gee k s tog

Run by Ambroise at 27/08/2011 14:26:53

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 16s

End of the scan (1152 lines in 02mn 29s)(0)

Dire que je trouve Hijackthis trop complexe pour moi, la le rapport est franchement lourd.

Merci encore

Modifié le 2 septembre 2011 par Phileon

tomtom95 · le 27 août 2011

Bonjour Phileon et bienvenue sur ZEB

Quelques conseils avant de commencer

S.T.P: n'utilise pas d'autre outils ou ne désinstalle pas des programmes
seulement ceux qui te sont notifier pour éviter tout problème .

Enregistre :toujours les outils sur ton bureau et désactive tes protections lors de utilisation des outils
Aprés Pense à réactiver tes protections à chaque fois

Bien lire les indications:
et si tu rencontre des problèmes n'hésiter pas à me le signaler avant d'effectuer une manip.

Désactiver TeaTimer de spybot qui ne sert à rien et peut faire échouer une désinfection:!
Affiche d'abord le Mode Avancé dans Spybot
Options Avancées :
menu Mode
-Mode Avancé. Une colonne de menus apparaît dans la partie gauche :
clique sur Outils
clique sur Résident
-Dans Résident :
décoche Résident "TeaTimer" pour le désactiver.
Si dans Spybot S&D tu as vacciné
Sur l'onglet "vaccination"
Clique sur "Vaccination" dans la colonne sur la gauche :
Clique sur annuler (la flèche bleue) pour annuler la vaccination.
IMPORTANT Il faut aussi savoir que Spybot utilise une technologie dépassée.
Si vous ajoutez à cela les problèmes causés par la vaccination qui ralentit le système et TeaTimer qui peut faire obstacle à une désinfection..... voir pour le désinstaller du pc

Désinstalle de ton pc tous tes logiciel de P2P source d'infections multiples.

Azureus PeerToPeer

Et les Toobars:

Toolbar.Conduit,et ce qui concerne ConduitEngine.

Télécharge sur le site AD-R (de C_XX) sur ton Bureau.

/!\ Ferme toutes applications en cours /!\
Double-clique sur le raccourci AD-R.exe (clique droit -> lancer en tant qu'administrateur sous Vista) qui est sur ton bureau pour lancer l'outil .
Au menu principal choisis l'option "Nettoyer" et tape sur [entrée] .

/!\ Laisse travailler l'outil et ne touche à rien /!\

Poste le rapport qui apparait à la fin .

( Le rapport est sauvegardé sous C:\Ad-report-clean-(date).log )

A+

Phileon · le 27 août 2011

Me revoilà,

Sauf erreur de ma part j'ai suivi les instructions :

Désinstallation des outils PEP via revo unstaller.(azureus et conduit engine).

Teatimer Décoché dans Spybot

Fléche bleu pour supprimer la vaccination du PC

Désactivation de toutes les icônes, en bas à droite de Windows seven, possible avant le lancement d'AD remover.

Spybot n'est même plus dans les process actifs en bas à droite de seven.

Les application sont toutes fermées et j'ai déconnecté internet physiquement avant de lancer AD-Remover.

Le rapport AD-Remorver est le suivant :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:13:57 le 27/08/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)

Ambroise@DRAGON (Acer Aspire X1301)

============== RECHERCHE ==============

Dossier trouvé: C:\Users\Ambroise\AppData\Local\Conduit

Dossier trouvé: C:\Users\Ambroise\AppData\LocalLow\Conduit

Dossier trouvé: C:\Program Files (x86)\Conduit

-- Fichier ouvert: C:\Users\Ambroise\AppData\Roaming\Mozilla\FireFox\Profiles\at88vq2i.default\Prefs.js --

Ligne trouvée: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", ...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2504091", ...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6....

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2504091&octid=...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"...

Ligne trouvée: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ambroise\\AppData\\Roaming\\Mozilla...

Ligne trouvée: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");

Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");

Ligne trouvée: user_pref("CommunityToolbar.globalUserId", "0713ce6d-25ad-472b-921a-28173e233f25");

Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Ligne trouvée: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 23 2011 15:51:1...

Ligne trouvée: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Ligne trouvée: user_pref("CommunityToolbar.notifications.locale", "en");

Ligne trouvée: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Ligne trouvée: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 27 2011 20:57:02 GMT+0200");

Ligne trouvée: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Ligne trouvée: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Ligne trouvée: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Ligne trouvée: user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Ligne trouvée: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Ligne trouvée: user_pref("CommunityToolbar.notifications.userId", "7b6fa07f-4253-4e52-8931-38759e86dbeb");

-- Fichier Fermé --

Clé trouvée: HKLM\Software\Classes\Conduit.Engine

Clé trouvée: HKCU\Software\Conduit

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)

HKLM_MozillaPlugins\@nvidia.com/3DVision (x)

HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Ambroise\AppData\Roaming\Mozilla\FireFox\Profiles\at88vq2i.default --

Extensions\firefox@ghostery.com (Ghostery)

Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)

Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Community Toolbar)

Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} (Cookies Manager+)

Prefs.js - browser.download.lastDir, D:

Prefs.js - browser.startup.homepage, hxxp://webmail.numericable.fr/ncn/auth/index.php

Prefs.js - browser.startup.homepage_override.buildID, 20110811165603

Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_x1301&r=17360611ln07973480k05bg7012l94

HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_x1301&r=17360611ln07973480k05bg7012l94

HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_x1301&r=17360611ln07973480k05bg7012l94

HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)

HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{97ACFE56-2917-4410-AE14-6C8655B83BDE} - C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)

HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)

HKLM_ElevationPolicy\{B0BE4960-6B24-4C43-938A-5DADF92F4E51} - C:\Users\Ambroise\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (?)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

BHO\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - "Partner BHO Class" (C:\ProgramData\Partner\Partner.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 27/08/2011 21:14:03 (7466 Octet(s))

Fin à: 21:14:47, 27/08/2011

============== E.O.F =============

tomtom95 · le 28 août 2011

Bonjour Phileon

•Double-clique sur le raccourci AD-R.exe (clique droit -> lancer en tant qu'administrateur ) pour lancer l'outil .

•Au menu principal choisis l'option "Nettoyer" et tape sur [entrée] .

Post le rapport Ad-report-clean-(date).log

A+

Phileon · le 28 août 2011

Bonjour,

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 07:44:41 le 28/08/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)

Ambroise@DRAGON (Acer Aspire X1301)

============== ACTION(S) ==============

Dossier supprimé: C:\Users\Ambroise\AppData\Local\Conduit

Dossier supprimé: C:\Users\Ambroise\AppData\LocalLow\Conduit

(!) -- Fichiers temporaires supprimés.

-- Fichier ouvert: C:\Users\Ambroise\AppData\Roaming\Mozilla\FireFox\Profiles\at88vq2i.default\Prefs.js --

Ligne supprimée: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", ...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2504091", ...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6....

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2504091&octid=...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"...

Ligne supprimée: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ambroise\\AppData\\Roaming\\Mozilla...

Ligne supprimée: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");

Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");

Ligne supprimée: user_pref("CommunityToolbar.globalUserId", "0713ce6d-25ad-472b-921a-28173e233f25");

Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Ligne supprimée: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 23 2011 15:51:1...

Ligne supprimée: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Ligne supprimée: user_pref("CommunityToolbar.notifications.locale", "en");

Ligne supprimée: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Ligne supprimée: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 27 2011 20:57:02 GMT+0200");

Ligne supprimée: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Ligne supprimée: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Ligne supprimée: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Ligne supprimée: user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Ligne supprimée: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Ligne supprimée: user_pref("CommunityToolbar.notifications.userId", "7b6fa07f-4253-4e52-8931-38759e86dbeb");

-- Fichier Fermé --

Clé supprimée: HKLM\Software\Classes\Conduit.Engine

Clé supprimée: HKCU\Software\Conduit

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)

HKLM_MozillaPlugins\@nvidia.com/3DVision (x)

HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Ambroise\AppData\Roaming\Mozilla\FireFox\Profiles\at88vq2i.default --

Extensions\firefox@ghostery.com (Ghostery)

Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)

Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Community Toolbar)

Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} (Cookies Manager+)

Prefs.js - browser.download.lastDir, D:

Prefs.js - browser.startup.homepage, hxxp://webmail.numericable.fr/ncn/auth/index.php

Prefs.js - browser.startup.homepage_override.buildID, 20110811165603

Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)

HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{97ACFE56-2917-4410-AE14-6C8655B83BDE} - C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)

HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)

HKLM_ElevationPolicy\{B0BE4960-6B24-4C43-938A-5DADF92F4E51} - C:\Users\Ambroise\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (x)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

BHO\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - "Partner BHO Class" (C:\ProgramData\Partner\Partner.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 1 Fichier(s)

C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 28/08/2011 07:44:47 (7602 Octet(s))

C:\Ad-Report-SCAN[1].txt - 27/08/2011 21:14:03 (7604 Octet(s))

Fin à: 07:45:53, 28/08/2011

============== E.O.F ==============

tomtom95 · le 28 août 2011

Bonjour Phileon

Ok trés bien la suite : :super:

Télécharge sur le site UsbFix (de C_XX- El Desaparecido) sur ton Bureau.

Lance l'installation avec les paramètres par défaut.
IMPORTANT : Branche tes sources de données externes à ton PC (clé USB,disque dur externe,etc...) sans les ouvrir /!\
Double-clique sur le raccourci UsbFix sur ton Bureau.(ou sous seven ,fais un clic droit > Exécuter en tant qu'administrateur)
Choisis l'option .Recherche
Laisse travailler l'outil.
Poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

Ensuite:

/!\Branche tes sources de données externes à ton PC (clé USB,disque dur externe,carte SD,etc...) sans les ouvrir /!\
Double-clique sur le raccourci UsbFix présent sur ton Bureau.fais un clic droit Exécuter en tant qu'administrateur)
Choisis l'option (Suppression).
Ton Bureau disparaîtra et le PC redémarrera.
Au redémarrage
UsbFix scannera ton PC
laisse travailler l'outil.
Ensuite
poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

Puis refait une analyse avec ZHPDiag stp.

héberger le fichier contenant les rapports ici http://cjoint.com/

Indique ensuite dans ta prochaine réponse l'adresse d'hébergement de ce rapport pour que je puisse le télécharger et l'analyser.

A+

Phileon · le 29 août 2011

j’espère que le week-end a été agréable,

Voici le rapport USB Fix option recherche Mon lien

Voici le rapport USB Fix option suppression antivir, comodo et spy bot en fonctionnement Mon lien

Voici le rapport USB Fix option suppression protections désactivées Mon lien

Enfin le rapport ZHP Diag Mon lien

Une fois que la désinfection sera terminée, je supprimerai Spybot pour le remplacer par Malwarebyte + Spywareblaster. Je pense conserver USB Fix.

Je contrôle la validité des liens.

tomtom95 · le 29 août 2011

Bonsoir Phileon

Oui merci le week-end est bien loin maintenant,on attend le prochain

Ferme toutes les applications ouvertes
Désactive tes défenses (anti-virus,anti-spyware)
Double-clique sur ZHPFix
Pour Vista et seven
fais un clique droit sur l'icône et exécute en tant qu'administrateur

Un raccourci installé par ZHPDiag sur le Bureau

Sélectionne et surligne correctement avec la souris et "Clique droit > "Copier" ou "Ctrl+C"
ces lignes ci dessous :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
M2 - MFEP: prefs.js [Ambroise - at88vq2i.default\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [] Vuze Remote Community Toolbar v3.6.0.10 (.Conduit Ltd..)
R3 - URLSearchHook: (no name) [64Bits] - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (...) (No version) -- (.not file.)
O2 - BHO: Partner BHO Class [64Bits] - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} . (.Google Inc. - Partner application.) -- C:\ProgramData\Partner\Partner64.dll
O2 - BHO: Partner BHO Class [64Bits] - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} . (.Google Inc. - Partner application.) -- C:\ProgramData\Partner\Partner.dll
O42 - Logiciel: Vuze Remote Toolbar - (.Vuze Remote.) [HKLM] -- Vuze_Remote Toolbar
[HKCU\Software\AppDataLow\Software\Vuze_Remote]
[HKLM\Software\Vuze_Remote]
[HKLM\Software\McAfeeInstaller]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\WOW6432Node\Classes\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\Classes\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000}]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17}
O43 - CFD: 03/07/2011 - 09:20:14 - [0] ----D- C:\Program Files\AVAST Software
O43 - CFD: 04/07/2011 - 08:24:08 - [0] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 30/06/2011 - 19:37:26 - [5114] ----D- C:\ProgramData\McAfee
O43 - CFD: 14/08/2009 - 20:12:48 - [1516372] ----D- C:\ProgramData\Partner
O43 - CFD: 26/08/2011 - 11:10:50 - [5037297] ----D- C:\Users\Ambroise\AppData\Roaming\Azureus
O43 - CFD: 10/07/2011 - 04:17:22 - [0] ----D- C:\Users\Ambroise\AppData\Local\Fallout3
O43 - CFD: 23/08/2011 - 14:00:56 - [21653611] ----D- C:\Program Files (x86)\Vuze
O43 - CFD: 23/08/2011 - 14:00:30 - [4549434] ----D- C:\Program Files (x86)\Vuze_Remote
O69 - SBI: prefs.js [Ambroise - at88vq2i.default] user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091

FirewallRaz
EmptyTemp
EmptyFlash
Clique successivement sur l'icône H (pour effacer le rapport qui s'est affiché) puis sur l'icône de la "malette cachée par la feuille" .
Vérifie que toutes les lignes que je t'ai demandé de copier sont dans la fenêtre.
Et seulement ces lignes
Puis clique sur le bouton [OK]
A ce moment apparaîtra au début de chaque ligne
une petite case vide. [ ]
Ensuite clique sur Tous puis sur Nettoyer
Valide par Oui la désinstallation des programmes si demandé
Laisse l'outil travailler. Si un redémarrage est demandé accepte et redémarre le PC
Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.

Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPFix\ZHPFixReport.txt

Télécharge

Temp File Cleaner (TFC) de Old Timer :

•Enregistre-le sur le Bureau
•Enregistre (sauvegarde) tous tes travaux en cours et ferme les applications - quitte-les définitivement (l'outil les fermera de toute façon automatiquement)
•Double-clique sur TFC.exe (sous Vista - Windows 7 clique droit
"exécuter en tant qu'administrateur)
•Clique sur Start
•Laisse l'outil travailler (cela prend de quelques secondes à quelques minutes)
•Si l'outil demande à redémarrer :
Clique sur Yes
•Si l'outil ne propose pas le redémarrage
redémarrer manuellement.
Dans la barre de TFC il va y avoir un chiffre noté en rouge
indique le moi.

Télécharge la dernier version MalwareByte's sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Branche tes supports externes sur le pc (Clé USB,Disque Dur,etc..)
Sans les ouvrirs
Exécute maintenant MalwareByte's Anti-Malware.Clique droit sur l'icône et "Exécuter en tant qu'administrateur"
sélectionne "Exécuter un examen complet".
Coche toutes les cases des lecteurs
Afin de lancer la recherche clique sur"Rechercher".
Une fois le scan terminé une fenêtre s'ouvre clique sur OK.
Si des infections sont présentes
clique sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression accepte en cliquant sur Ok.

A+

Phileon · le 30 août 2011

Bonjour,

Toutes les manips se sont bien passées sauf que j'ai loupé le chiffre noté en rouge avec TFC.

Le rapport ZHD Fix

Le rapport MalewareByte's

Serait il possible d'avoir un commentaire sur les points importants sur ce qui a été modifié/fixé...

Je dois avouer que même en partant du rapport ZHD Fix et en faisant des recherches sur le oueb, je ne parviens pas à visualiser ce qui se passe.

:-? Je suis un utilisateur curieux mais j'ai la comprennette lente.

A bientôt

tomtom95 · le 30 août 2011

Bonjour Phileon

Une petite synthèse sur tes infections:

Tu étais infecté par plusieurs bêbêtes: Trojan.USB, Trojan.BHO, Spyware.BHO,

Les sources de tes infections sont liées à tes divers logiciels téléchargés en P2P, et les Toobars néfaste.et les sites visités.

Quelques Exemples : DAEMON Tools Lite, installe le logiciel espion SaveNow

Toolbar: Conduit Engine, installe, des adware = spyware, ce sont des logiciels espions

Azureus PeerToPeer, etc sont sources d'infections multiples, logiciel crackers etc..

Les infections de tes supports externe (clé USB non protéger) qui ce promène de pc, en pc, ou le stockage d'exécutables télécharger infecté. :evil:

Autres problèmes Trop vouloir booster, optimiser sont pc, narrange rien :roll: (ACCELERATED_GRAPHICS)

Sur tout sur un Windows 7 Home Premium Edition, 64-bit.

Tu as un nombre de RAM suffisant Total RAM: 4094 MB

Et un espace disque aussi System drive C: has 342 GB (74%) free of 459 GB

Pour ne pas avoir besoin doptimiseur supplémentaire.

Pour répondre sur ton changement de protection.

1) On va supprimer les outils utilisé à la fin, mais tu ne garderas pas USBFix, :tsss:

pourquoi :ce n'est pas un utilitaire de nettoyage,

Cette outil à une fonction bien précise, mal utilisé, il risque de fait plus de dégâts que de rétablir tes problèmes.

En plus les outils sont mis régulièrement a jour par leurs créateurs. Donc il ne sert à rien de le garder.

Pour te protections résident que tu as, antivir pour lantivirus, comodo bien configuré comme par-feu, et Malwarbyte sont bien suffisant.

Tous cela bien mise à jour, et avec un scanne régulier c'est très bien. Bien sûr mettre aussi jour sont pc Windows Update minimise les failles de sécurité.

Multiplier trop de protection, ne changeras rien, le plus grand risque pour ton pc c'est celui qui ce trouve derrière le clavier (donc toi). :lol:

Maintenant comment ce comporte ton pc ?

Si tous est Ok on va finir, je vais te donné les dernières consignes.

A+

Modifié le 30 août 2011 par tomtom95

Connexion

Pas encore inscrit ?

[Résolu] Demande de désinfection de mon PC

Messages recommandés

Phileon

tomtom95

Phileon

tomtom95

Phileon

tomtom95

Phileon

tomtom95

Phileon

tomtom95

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer