Mes fichiers s'envolent... Help

[Sydou]

http://www.cijoint.fr/cjlink.php?file=cj201108/cij9oQPryW.doc
Bonjour, comme vous vous en doutez j’ai besoin d’aide…

En démarrant mon ordinateur ce matin, mon écran était totalement noir, j’ai redémarrer mon ordi en mode sans échec avec prise en charge réseau, puis j’ai fait une restauration du système.
Mon ordi a redémarré, mon fond des écran a réapparu, mais pas toutes les icones… Les applications comme word, picasa etc… sont toujours là, pas les fichiers. En cherchant un peu la quasi totalités des fichiers ont disparu, ceux qui restent sont des dossiers, vides quand je les ouvrent. Cependant, en recherchant dans mon ordi un fichier, j’arrive à trouver un raccourci de ce fichier, et j’arrive aussi à l’ouvrir, je peux aussi retrouver les dossiers mais ils restent vides à l’ouverture… Tout ça pour dire que mes fichiers n’ont peut être pas totalement disparus et que s’ils sont récupérables… =S ce serait génial !

Je précise aussi que depuis un mois une fenêtre « microsoft removal tool malicious software » s’ouvre à chaque démarrage, ne sachant pas ce que c’était je ne l’ai jamais ouvert ; après la restauration j’ai cherché sur internet, apparemment c’est une sorte d’antivirus de Microsoft, en désespoir de cause j’ai donné mon accord pour l’utiliser : sans effets.

J’utilise aussi régulièrement spybot search and destroy mais il ne m’a été d’aucune aide…


En esperant que vous ayez une solution... Merci d'avance

[flo-91]

Salut,

Bienvenue sur sos malware
Tu sembles être infecté par un rogue et d'autres trojans, on va s'en occuper, fais ceci :

Démarre en mode sans échec avec prise en charge réseau si le mode normal ne fontionne pas, pour t'aider :

https://sos-malware.forums-actifs.com/t61-demarrer-en-mode-sans-echec

/!\ Utilisateur de VISTA et SEVEN : il faudrait déactiver l’UAC juste le temps de désinfection de votre pc, Vous le réactiverez plus tard :

Tuto : http://www.commentcamarche.net/faq/sujet-8343-vista-desactiver-l-uac



>Navilog<

>Telecharge et installe Navilog1 ici :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

>Double-clique sur navilog1.exe présent sur ton bureau

>Sélectionne la langue désirée dans le menu puis valide le choix par la touche « entrer »

>Petit message d’avertissement, appuie sur une touche pour passe à la suite

>un nouveau avertissement, appuie sur une touche pour suivre

>Vérification de l’installation de Navilog1 : si tout est bon, appuie sur une touche pour continuer

>Choisir option 1 : recherche/désinfection automatique

>La recherche va se lancer automatiquement et peut durée quelques minutes, patiente

>Une fois l’analyse terminée, appuie sur une touche pour que ton pc puisse redémarrer

>Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patiente quelques instants.

>Un rapport est gèneré par l'outil. Il se trouve à cette emplacement :

XP : demarrer/poste de travail/c:/cleannavi.txt
Vista : logo « demarrer »/ordinateur/c:/ cleannavi.txt

>Poste le rapport

[Sydou]

Voilà le rapport cleannavi :

Fix Navipromo version 4.1.0 commencé le 28/08/2011 13:22:57,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 20.04.2011 à 09h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Sydney ( Administrator )
BOOT : Fail-safe with network boot




C:\ (Local Disk) - NTFS - Total:218 Go (Free:10 Go)
E:\ (Local Disk) - NTFS - Total:14 Go (Free:8 Go)
F:\ (CD or DVD)


Recherche executée en mode sans échec

Nettoyage executé en mode sans échec


c:\progra~2\micros~1\windows\startm~1\programs\Live-Player supprimé !
c:\users\sydney\appdata\local\virtua~1\progra~1\Live-Player supprimé !
C:\Windows\prefetch\axlhfr*.pf supprimé !
C:\Users\Sydney\AppData\Local\axlhfr.exe supprimé !
C:\Users\Sydney\AppData\Local\ejqffuci.bat supprimé !


Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Sydney\AppData\Local\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 28/08/2011 13:24:24,38 ***

[flo-91]

Ok, passe à la suite :



Télécharge AdwCleaner ici (merci à Xplode) :

https://sos-malware.forums-actifs.com/t166-adwcleaner#567

Lance AdwCleaner
Clique sur le bouton [Suppression/Nettoyage]
Patiente...
Poste le rapport qui apparait à la fin de l'analyse.
Il se trouve également à C:\AdwCleaner[SX] (où X est un chiffre)

[Sydou]

Recherche Adw cleaner :
# AdwCleaner v1.3 - Rapport créé le 28/08/2011 à 17:25:56
# Mis à jour le 23/08/11 à 17h par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : Sydney - PC-DE-SYDNEY (Administrateur)
# Exécuté depuis : C:\Users\Sydney\Desktop\adwcleaner.exe
# Option [Recherche]


***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Users\Sydney\AppData\Roaming\Babylon
Dossier Présent : C:\Program Files\Conduit

***** [Registre] *****

Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v

Fichier : C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1147 octets] - [28/08/2011 17:25:56]

########## EOF - C:\AdwCleaner[R1].txt - [1275 octets] ##########






Suppression Adwcleaner :
# AdwCleaner v1.3 - Rapport créé le 28/08/2011 à 17:26:21
# Mis à jour le 23/08/11 à 17h par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : Sydney - PC-DE-SYDNEY (Administrateur)
# Exécuté depuis : C:\Users\Sydney\Desktop\adwcleaner.exe
# Option [Suppression]


***** [KillNav] *****

# iexplore.exe [PID:4404] -> Tué

***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Sydney\AppData\Roaming\Babylon
Dossier Supprimé : C:\Program Files\Conduit

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v

Fichier : C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1276 octets] - [28/08/2011 17:25:56]
AdwCleaner[S1].txt - [1192 octets] - [28/08/2011 17:26:21]

########## EOF - C:\AdwCleaner[S1].txt - [1320 octets] ##########

[flo-91]

Tres bien, voici la suite :

La suite :

• Télécharge Malwarebytes
  
  
• Voici un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
  
  
• Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
  
  
• Lance une analyse complète en cliquant sur "Exécuter un examen complet"
  
  
• Sélectionne tous les disques pour analyser et clique sur "Lancer l'examen"
  
  
• L'analyse peut durer un bon moment.....
  
  
• Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
  
  
• Si des infections sont trouvées : vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
  
  
• Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
  

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée


[b]

[Sydou]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7594

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

28/08/2011 20:43:19
mbam-log-2011-08-28 (20-43-19).txt

Type d'examen: Examen complet (C:\|E:\|F:\|)
Elément(s) analysé(s): 397992
Temps écoulé: 2 heure(s), 14 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Sydney\AppData\Roaming\Adobe\plugs\mmc205530942.txt (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Sydney\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Sydney\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

[flo-91]

Ok, ton pc va un peu mieux ?
Reposte un nouveau rapport ZHPDIAG stp.

[Sydou]

Pas de changement visibles...
En fait, quand je lance une recherche sur mon ordi, je peux retrouver les fichiers, les ouvrir, de même l'espace utilisé de mon ordinateur n'a pas changé, c'est comme si tout était là, mais était devenu invisible...

On me dit que redemarrer avec le Cd d'installation de vista sa peut peut-etre marcher... ?

Vvoici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201108/cijpnq6949.txt

[flo-91]

Ok, donc tu peux démarrer en mode normal mais lancer des programmes via les raccourcis de ton bureau c'est impossible c'est ça ?

On va essayer ceci :


>Télécharge Combofix ici et enregistre le sur ton bureau :

https://sos-malware.forums-actifs.com/t168-combofix


# Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.

# Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

#Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.

#Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.

#Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.

#Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.

#Poste ce rapport.

[Sydou]

ComboFix 11-08-28.01 - Sydney 29/08/2011 10:52:24.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3581.2358 [GMT 2:00]
Lancé depuis: c:\users\Sydney\Desktop\Antivirus\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sydney\AppData\Local\axlhfr.dat
c:\users\Sydney\AppData\Local\axlhfr_nav.dat
c:\users\Sydney\AppData\Local\axlhfr_navps.dat
c:\users\Sydney\AppData\Roaming\Adobe\plugs
c:\users\Sydney\AppData\Roaming\Adobe\shed
c:\users\Sydney\Documents\~WRL0001.tmp
c:\users\Sydney\Documents\~WRL0004.tmp
c:\users\Sydney\Documents\~WRL0379.tmp
c:\users\Sydney\Documents\~WRL1168.tmp
c:\users\Sydney\Documents\~WRL1283.tmp
c:\users\Sydney\Documents\~WRL2097.tmp
c:\users\Sydney\Documents\~WRL2607.tmp
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-07-28 au 2011-08-29 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-29 09:02 . 2011-08-29 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-28 15:47 . 2011-08-28 15:47 -------- d-----w- c:\users\Sydney\AppData\Roaming\Malwarebytes
2011-08-28 15:47 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 15:47 . 2011-08-28 15:47 -------- d-----w- c:\programdata\Malwarebytes
2011-08-28 15:46 . 2011-08-28 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-28 15:46 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 11:22 . 2011-08-28 11:24 -------- d---a-w- C:\Navilog1
2011-08-28 11:22 . 2011-08-28 11:22 -------- d-----w- c:\program files\Navilog1
2011-08-27 14:33 . 2011-08-28 21:03 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-08-27 14:24 . 2011-08-28 21:03 -------- d-----w- C:\ZHP
2011-08-27 14:23 . 2011-08-28 21:05 -------- d-----w- c:\program files\ZHPDiag
2011-08-11 05:37 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 11:11 . 2010-01-26 11:50 90 ----a-w- c:\users\Sydney\AppData\Local\alxdoc.bat
2011-07-25 20:35 . 2011-07-25 20:35 2174 ----a-w- c:\users\Sydney\AppData\Local\ojedaxub.dll
2011-06-02 12:59 . 2011-07-13 08:38 2042368 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-10 39408]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-31 23:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 11:13]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 11:13]
.
2011-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 11:32]
.
2011-07-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 11:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4ADFA_frFR344FR344
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.pucuy.com/
uInternet Settings,ProxyServer = www-cache.ujf-grenoble.fr:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\program files\myBabylon_English4\tbmyBa.dll
BHO-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\program files\myBabylon_English4\tbmyBa.dll
Toolbar-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\program files\myBabylon_English4\tbmyBa.dll
WebBrowser-{FC600575-3013-4E8E-941C-4B00DAFCE730} - c:\program files\myBabylon_English4\tbmyBa.dll
HKLM-Run-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
AddRemove-Babylon - c:\program files\Babylon\Babylon-Pro\Utils\uninstbb.exe
AddRemove-myBabylon_English4 Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-29 11:04
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,e8,3c,82,15,fe,b5,46,9a,38,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,e8,3c,82,15,fe,b5,46,9a,38,58,\
.
Heure de fin: 2011-08-29 11:07:22
ComboFix-quarantined-files.txt 2011-08-29 09:07
.
Avant-CF: 7 788 523 520 octets libres
Après-CF: 8 039 682 048 octets libres
.
- - End Of File - - D538439F6BA2250C0FE2B4964410B230

[flo-91]

Ok, reposte un nouveau rapport ZHPDIAG stp.

[Sydou]

http://www.cijoint.fr/cjlink.php?file=cj201108/cijm9Iaohz.doc

[Sydou]

Mon ordi a eu un pti souci... J'avais plus que mon fond d'écran, la seule icone etait celle de internet explorer, plus rien dans la barre de menu... J'ai lancer un redemmarage, et la c'est exactement pareil qauf que mon fonc d'écran est noir...

[Sydou]

Mon ordi me signale des erreurs critiques, ainsi que "pc repair":
"Hard drive doesn't respond to system commands -critical error
Boot sector of the hard drive disk is damaged - critical error
Read time of hard drive clusters less than 500ms - critical error
Bad sectors on hard drive or damaged file allocation table
35% of Hdd space is unreadable - critical error"

Defaillance du disque dur, défaillance de la memoire ram...

[Sydou]

Après toutes ces alertes j'ai redemarré mon ordi, ecran tj noir mais plus d'alertes incessantes sur la defaillance du disque dur...

[Sydou]

Pc repair n'a reussi à enlever aucune des erreurs, fenetre Pc repair impossible à fermer, nouvelles alertes de defaillance, tout est vide : bureau, barre de menu... Je peux retrouver les éléments uniquement en fesant une recherche.
Je t'envoie le nouveau rapport ZHPdiag morceau par morceau, même si j'enregistre le rapport il est introuvable par ci joint.... :

Rapport de ZHPDiag v1.28.1343 par Nicolas Coolman, Update du 24/08/2011
Run by Sydney at 29/08/2011 12:40:43
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19088 (Defaut)

---\\ Windows Product Information
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : B9HD2
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3581 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 8 GB (3%) free of 218 GB

---\\ Logged in mode
~ Computer Name: PC-DE-SYDNEY
~ User Name: Sydney
~ All Users Names: Sydney, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Sydney\AppData\Roaming\
~ %Desktop% : C:\Users\Sydney\Desktop\
~ %Favorites% : C:\Users\Sydney\Favorites\
~ %LocalAppData% : C:\Users\Sydney\AppData\Local\
~ %StartMenu% : C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 218 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 15 Go)
F:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.01/04/2009 - 02:18:40.) -- C:\Windows\Explorer.exe [2927104]
[MD5.4B555106290BD117334E9A08761C035A] - (....) (.02/11/2006 - 10:45:37.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/06/2011 - 07:08:58.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\Windows\system32\Winlogon.exe [314880]
[MD5.0D83C87A801A3DFCD1BF73893FE7518C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 01:58:37.) -- C:\Windows\system32\drivers\atapi.sys [21560]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\drivers\ntfs.sys [1081912]
[MD5.95F5FF73B076576C41740F1A842B9B57] - (....) (.21/01/2008 - 09:33:40.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3850/3850 (Modified)
~ Mes musiques (My Musics) : 3950/3950 (Modified)
~ Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 87/87 (Modified)
~ Mes Documents (My Documents) : 67630/67630 (Modified)
~ Mon Bureau (My Desktop) : 323/323 (Modified)
~ Menu demarrer (Programs) : 30/30 (Modified)
~ Scan Hidden Files in 00mn 36s



---\\ Processus lancés
[MD5.58D9C70B01DBF2DEAEA787A1D7C869BB] - (.Stardock Corporation - Dell Dock.) -- C:\Program Files\Dell\DellDock\DellDock.exe [1295656] [PID.3508]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3784]
[MD5.97DCEB849B1537E9090135A0982E322D] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [200704] [PID.856]
[MD5.B6E8EF7E1ED1EA0FC37B9710B3196DCE] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [483420] [PID.3396]
[MD5.9405B452064BFA6A0F78E2F177A988A4] - (.McAfee, Inc. - McAfee Integrated Security Platform.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe [582992] [PID.3580]
[MD5.4B36C7D9710C60EA7725685753BBFA5C] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Windows\System32\WLTRAY.EXE [3810304] [PID.3516]
[MD5.2521D0C1B65ACB7752CA365F538949E4] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712] [PID.3336]
[MD5.186C9D39541CC0DFFCC454F79AA0B0BF] - (.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296] [PID.3632]
[MD5.3917664C26B4344768C288BBA6FEFCB6] - (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064] [PID.3880]
[MD5.80638A0BD43E0E10BBA267C2F2590E04] - (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [485208] [PID.924]
[MD5.22E458A5DC55A961DC22AC8824E8E6B7] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1848648] [PID.3152]
[MD5.FF473648E7B1B37C7F3249A6549FAC72] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [150016] [PID.2520]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.3776]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [PID.1236]
[MD5.F21E12716F97300532E6CD9EB7CEC280] - (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe [1735760] [PID.3500]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.]
[MD5.EF1ECB9DF42AF6BF7514BB5EBC5C59EC] - (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968] [PID.4064]
[MD5.D1EA7694103F5D5CF11148F9B3864C45] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1004544] [PID.1212]
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.2360]
[MD5.353B8DBA8CAE37A30DFA998223C8C03C] - (.Pas de propriétaire - DCOM Manager.) -- C:\ProgramData\HOlUOeGnVcEi.exe [454144] [PID.3460]
[MD5.B3353D24F65E3520199E68FFC50BC667] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [46376] [PID.3768]
[MD5.359937EFD1763DF9F8B8D166BD4CC022] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.2224]
[MD5.B3F1E7ED7AECB1D4B8D24A3734B2C641] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [40960] [PID.4208]
[MD5.ED65737D70FDEAC29F738E77D2496EE5] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\internet explorer\iexplore.exe [638232] [PID.4504]
[MD5.A29E6A21171B933348EB1FEAB2FF1D73] - (.Microsoft Corporation - Windows Live Toolbar User Elevation Helper.) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe [224600] [PID.5012]
[MD5.85D374F30A2015D795B1E8D1258866D4] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe [116280] [PID.5064]
[MD5.02800372FA7F33E4042DA92D362D6573] - (.McAfee, Inc. - McAfee User Interface Manager.) -- c:\PROGRA~1\mcafee\msc\mcuimgr.exe [265040] [PID.4424]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5892]
[MD5.395D67AE2515207BD663D1EB5D5B4B96] - (.Microsoft Corporation - Microsoft Word for Windows.) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE [8441907] [PID.2656]
[MD5.C7C01CB2D7D7DEFEEF5F95EF930E083C] - (...) -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe [412160] [PID.4960]
[MD5.F26208B3C13B48670E055BAD116D6438] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [669696] [PID.5796]
[MD5.8CD951D018BB9C012BBCF0320895D01E] - (.Microsoft Corporation - Utilitaire Attribute.) -- C:\Windows\system32\attrib.exe [16384] [PID.3900]
[MD5.740B9B4140CACCD0513D999EAB488E48] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [724992] [PID.]
[MD5.CB2449150A5EA17CAA0B94363D9440CC] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746] [PID.]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.]
[MD5.DB29915209770D8B59654345EC2D943A] - (.Stardock Corporation - Dock Login Service.) -- C:\Program Files\Dell\DellDock\DockLogin.exe [155648] [PID.]
[MD5.8F9AE85FB8FD7DAC24BA540C53E8CFA9] - (...) -- C:\Windows\System32\WLTRYSVC.EXE [26112] [PID.]
[MD5.F601CCE598C078B8F83D21CD56C42401] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Co.) -- C:\Windows\System32\bcmwltry.exe [2809856] [PID.]
[MD5.087B04CA45E2F059A55709B0B8F95EA9] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920] [PID.]
[MD5.7B96206E4BDD2FE582F0DBC46F5F410E] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.]
[MD5.8CF3DA0BE6094C34D7C4A85493E60547] - (.McAfee, Inc. - McAfee Proxy Service Module.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [359248] [PID.]
[MD5.33734ABFA52EC8D096A1254D645E9B4F] - (.McAfee, Inc. - On-Access Scanner service.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704] [PID.]
[MD5.346F30F1FF73553AA466F4AE7948DA00] - (.McAfee, Inc. - McAfee Personal Firewall Service.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe [856864] [PID.]
[MD5.A05DE3535884270B8D292DCBDD6DED20] - (.McAfee, Inc. - McAfee Anti-Spam Server.) -- C:\Program Files\McAfee\MSK\MskSrver.exe [23880] [PID.]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- C:\Windows\system32\RUNDLL32.EXE [44544] [PID.]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.]
[MD5.CB3A8976DE2F65349322DA7627CEA223] - (.McAfee, Inc. - McAfee Services.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976] [PID.]
[MD5.FD47DF2BCC3544DF65B01AD6B6062430] - (.McAfee, Inc. - McAfee SystemGuards Service.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624] [PID.]
[MD5.C69E71E00B30B60556D3E096699BD423] - (.McAfee, Inc. - McAfee Network Agent.) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2458128] [PID.]
[MD5.777115C9CC675BD98127660712D2F784] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968] [PID.]
~ Scan Processes Running in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Picasa2\npPicasa2.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Picasa2\npPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8051.1204] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com
R0 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: (no name) - {fc600575-3013-4e8e-941c-4b00dafce730} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.ujf-grenoble.fr:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} . (...) -- c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {fc600575-3013-4e8e-941c-4b00dafce730} Clé orpheline
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {fc600575-3013-4e8e-941c-4b00dafce730} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [mcagent_exe] . (.McAfee, Inc. - McAfee Integrated Security Platform.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [PDVDDXSrv] . (.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Run: [Dell Webcam Central] . (.Creative Technology Ltd. - Dell Webcam Central Application.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
O4 - HKLM\..\Run: [dellsupportcenter] . (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] . (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HOlUOeGnVcEi] . (.Pas de propriétaire - DCOM Manager.) -- C:\ProgramData\HOlUOeGnVcEi.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2776261661-2114604540-1354454023-1000\..\Run: [HOlUOeGnVcEi] . (.Pas de propriétaire - DCOM Manager.) -- C:\ProgramData\HOlUOeGnVcEi.exe
~ Scan Application in 00mn 00s

[Sydou]

---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Ares.lnk . (.Ares Development Group.) -- C:\Program Files\Ares\Ares.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\Sydney\Documents
O4 - Global Startup: C:\Users\Sydney\Desktop\Images - Raccourci.lnk . (...) -- C:\Users\Sydney\Pictures
O4 - Global Startup: C:\Users\Sydney\Desktop\Microsoft Word.lnk . (...) -- C:\Windows\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\wordicon.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Musique - Raccourci.lnk . (...) -- C:\Users\Sydney\Music
O4 - Global Startup: C:\Users\Sydney\Desktop\PC Repair.lnk . (...) -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Picasa2\Picasa3.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\Sydney\Desktop\Sydney - Raccourci.lnk . (...) -- C:\Users\Sydney
O4 - Global Startup: C:\Users\Sydney\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Repair.lnk . (...) -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\Windows\system32\GPhotos.scr
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll
O8 - Extra context menu item: Translate this web page with Babylon - (.not file.) - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O8 - Extra context menu item: Translate with Babylon - (.not file.) - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Envoyer à OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO
O9 - Extra button: &Envoyer à OneNote - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (.not file.)
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpDomain = dartybox.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpDomain = dartybox.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{AEBC6041-39FD-4EF7-A29D-CD0DD5ED7901}: DhcpDomain = dartybox.com
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems - Citrix Online GoToAssist.) -- C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
~ Scan Winlogon in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Andrea ST Filters Service (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dock Login Service (DockLoginService) . (.Stardock Corporation - Dock Login Service.) - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee Services (mcmscsvc) . (.McAfee, Inc. - McAfee Services.) - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) . (.McAfee, Inc. - McAfee Network Agent.) - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) . (.McAfee, Inc. - McAfee Proxy Service Module.) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) . (.McAfee, Inc. - On-Access Scanner service.) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) . (.McAfee, Inc. - McAfee Personal Firewall Service.) - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) . (.McAfee, Inc. - McAfee Anti-Spam Server.) - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc. - SupportSoft Agent Service.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe
O23 - Service: Marvell Yukon Service (yksvc) - Clé orpheline
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
~ Scan Desktop Component in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\McDefragTask.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\McQcTask.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.4B36C7D9710C60EA7725685753BBFA5C] [APT] [Launch BCM WLAN Tray] (.Dell Inc..) -- C:\Windows\system32\WLTRAY.exe
[MD5.A83C216B5BD558F63A1959A711CEE5A8] [APT] [McQcTask] (.McAfee, Inc..) -- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
~ Scan Scheduled Task in 00mn 04s

[Sydou]

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) - C:\Windows\system32\drivers\mfehidk.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\system32\DRIVERS\mouclass.sys
O41 - Driver: (MPFP) . (.McAfee, Inc. - McAfee Personal Firewall Plus Driver.) - C:\Windows\system32\Drivers\Mpfp.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\system32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\system32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Tcpip) . (.Microsoft Corporation - TCP/IP Driver.) - C:\Windows\system32\drivers\tcpip.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Advanced Audio FX Engine - (.Pas de propriétaire.) [HKLM] -- Advanced Audio FX Engine
O42 - Logiciel: ArcSoft Panorama Maker 4 - (.ArcSoft.) [HKLM] -- {D45E8C45-B601-4A80-AFD8-E16338744DE1}
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: Canon IJ Network Scan Utility - (.Pas de propriétaire.) [HKLM] -- Canon_IJ_Network_Scan_UTILITY
O42 - Logiciel: Canon IJ Network Tool - (.Pas de propriétaire.) [HKLM] -- Canon_IJ_Network_UTILITY
O42 - Logiciel: Canon MP Navigator EX 2.0 - (.Pas de propriétaire.) [HKLM] -- MP Navigator EX 2.0
O42 - Logiciel: Canon MP620 series MP Drivers - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series
O42 - Logiciel: Canon Utilities Easy-PhotoPrint EX - (.Pas de propriétaire.) [HKLM] -- Easy-PhotoPrint EX
O42 - Logiciel: Canon Utilities My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter
O42 - Logiciel: Canon Utilities Solution Menu - (.Pas de propriétaire.) [HKLM] -- CanonSolutionMenu
O42 - Logiciel: Capture NX 2 - (.NIKON CORPORATION.) [HKLM] -- Capture NX 2
O42 - Logiciel: Dell Touchpad - (.Alps Electric.) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}
O42 - Logiciel: Dell Webcam Central - (.Pas de propriétaire.) [HKLM] -- Dell Webcam Central
O42 - Logiciel: Dell Wireless WLAN Card Utility - (.Dell Inc..) [HKLM] -- Broadcom 802.11 Application
O42 - Logiciel: Enregistrement utilisateur de Canon MP620 series - (.Pas de propriétaire.) [HKLM] -- Enregistrement utilisateur de Canon MP620 series
O42 - Logiciel: GIMP 2.6.11 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1
O42 - Logiciel: GoToAssist 8.0.0.514 - (.Pas de propriétaire.) [HKLM] -- GoToAssist
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: HP Customer Participation Program 12.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 12.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4 - (.HP.) [HKLM] -- {0812B697-3B0A-4392-B975-E415FC16C71E}
O42 - Logiciel: HP Photosmart Essential 3.5 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: HP Smart Web Printing 4.60 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Integrated Webcam Driver (1.00.02.0825) - (.Pas de propriétaire.) [HKLM] -- Creative OA009
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Live! Cam Avatar Creator - (.Creative Technology Ltd.) [HKLM] -- {65D0C510-D7B6-4438-9FC8-E6B91115AB0D}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: McAfee SecurityCenter - (.McAfee, Inc..) [HKLM] -- MSC
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: PowerDVD - (.Dell.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: Roxio Creator DE - (.Roxio.) [HKLM] -- {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2509488) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{AD0DE453-0804-4495-9C91-33D0F9AA5463}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office 2007 System (KB2541012) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD907315-705A-4475-A1A0-2A1245803E4D}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2541007) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A0173254-F442-4D04-9154-43FA157B83D0}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office 2007 System (KB2539530) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
O42 - Logiciel: VLC media player 1.0.5 - (.VideoLAN Team.) [HKLM] -- VLC media player

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\Adobe]
[HKCU\Software\Alps]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\myBabylon_English4]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\ArcSoft]
[HKCU\Software\Ares]
[HKCU\Software\Babylon]
[HKCU\Software\Broadcom]
[HKCU\Software\Canon]
[HKCU\Software\Caphyon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Creative Tech]
[HKCU\Software\CyberLink]
[HKCU\Software\Dell Computer Corporation]
[HKCU\Software\Dell]
[HKCU\Software\DeterministicNetworks]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Help]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\Home]
[HKCU\Software\IDT]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MPMAN]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\McAfee]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nikon]
[HKCU\Software\Novell]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Roxio]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\SupportPrinters]
[HKCU\Software\SupportSoft]
[HKCU\Software\Sysinternals]
[HKCU\Software\System Image Utility]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Alps]
[HKLM\Software\America Online]
[HKLM\Software\ArcSoft]
[HKLM\Software\Babylon]
[HKLM\Software\BcmSetup]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\Canon]
[HKLM\Software\Cisco Systems]
[HKLM\Software\Citrix]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Creative]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\Dell]
[HKLM\Software\DeterministicNetworks]
[HKLM\Software\Digital River]
[HKLM\Software\DivXNetworks]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ICE]
[HKLM\Software\IDT]
[HKLM\Software\Image Manipulation]
[HKLM\Software\Importer]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfee]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nikon]
[HKLM\Software\ODBC]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\SRS Labs]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sonic]
[HKLM\Software\SupportSoft]
[HKLM\Software\Swearware]
[HKLM\Software\Themes]
[HKLM\Software\Trumpet Section]
[HKLM\Software\VideoLAN]
[HKLM\Software\WOW6432Node]
[HKLM\Software\myBabylon_English4]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/04/2009 - 00:54:18 - [213121205] --H-D- C:\Program Files\Adobe
O43 - CFD: 10/09/2009 - 07:48:06 - [15206225] --H-D- C:\Program Files\ArcSoft
O43 - CFD: 31/08/2009 - 13:31:44 - [4243850] --H-D- C:\Program Files\Ares
O43 - CFD: 01/04/2009 - 00:53:38 - [28] --H-D- C:\Program Files\ATI Technologies
O43 - CFD: 14/03/2010 - 11:43:20 - [8206722] --H-D- C:\Program Files\Bhelpuri
O43 - CFD: 22/09/2009 - 20:28:56 - [312996299] --H-D- C:\Program Files\Canon
O43 - CFD: 22/09/2009 - 20:15:22 - [28697986] --H-D- C:\Program Files\CanonBJ
O43 - CFD: 03/09/2009 - 22:48:44 - [57441] --H-D- C:\Program Files\Cisco Systems
O43 - CFD: 01/04/2009 - 01:03:36 - [3553384] --H-D- C:\Program Files\Citrix
O43 - CFD: 29/08/2011 - 10:57:16 - [941771907] --H-D- C:\Program Files\Common Files
O43 - CFD: 01/04/2009 - 00:56:36 - [12996526] --H-D- C:\Program Files\Creative
O43 - CFD: 25/08/2009 - 17:02:50 - [151552] --H-D- C:\Program Files\Creative Live! Cam
O43 - CFD: 01/04/2009 - 01:06:32 - [42328948] --H-D- C:\Program Files\CyberLink
O43 - CFD: 30/08/2009 - 22:39:16 - [30565540] --H-D- C:\Program Files\Dell
O43 - CFD: 01/04/2009 - 00:47:28 - [13957262] --H-D- C:\Program Files\Dell Inc
O43 - CFD: 01/04/2009 - 01:08:08 - [74920361] --H-D- C:\Program Files\Dell Support Center
O43 - CFD: 25/08/2009 - 17:04:40 - [221280491] --H-D- C:\Program Files\Dell Webcam
O43 - CFD: 01/04/2009 - 03:25:04 - [12274456] --H-D- C:\Program Files\DellTPad
O43 - CFD: 19/02/2011 - 18:33:44 - [8012987] --H-D- C:\Program Files\Enigma Software Group
O43 - CFD: 08/05/2011 - 12:56:06 - [145209312] --H-D- C:\Program Files\GIMP-2.0
O43 - CFD: 19/02/2011 - 18:17:54 - [104284651] --H-D- C:\Program Files\Google
O43 - CFD: 01/10/2009 - 10:39:08 - [0] --H-D- C:\Program Files\Hewlett-Packard
O43 - CFD: 01/10/2009 - 10:57:50 - [187773905] --H-D- C:\Program Files\HP
O43 - CFD: 31/03/2009 - 19:30:24 - [21906540] --H-D- C:\Program Files\IDT
O43 - CFD: 10/09/2009 - 07:48:02 - [25040761] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 01/04/2009 - 00:52:00 - [39007042] --H-D- C:\Program Files\Intel
O43 - CFD: 17/06/2011 - 23:47:16 - [4628865] --H-D- C:\Program Files\Internet Explorer
O43 - CFD: 01/04/2009 - 00:46:38 - [89106193] --H-D- C:\Program Files\Java
O43 - CFD: 28/08/2011 - 17:47:04 - [6953191] --H-D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 25/08/2009 - 18:59:58 - [132412647] --H-D- C:\Program Files\McAfee
O43 - CFD: 01/04/2009 - 01:02:18 - [2010282] --H-D- C:\Program Files\McAfee.com
O43 - CFD: 01/04/2009 - 01:16:30 - [832488] --H-D- C:\Program Files\Microsoft
O43 - CFD: 14/02/2010 - 22:09:06 - [173218] --H-D- C:\Program Files\Microsoft FrontPage
O43 - CFD: 02/11/2006 - 14:37:36 - [92807095] --H-D- C:\Program Files\Microsoft Games
O43 - CFD: 14/02/2010 - 22:07:08 - [499775269] --H-D- C:\Program Files\Microsoft Office
O43 - CFD: 01/04/2009 - 01:27:52 - [7791803] --H-D- C:\Program Files\Microsoft Office Suite Activation Assistant
O43 - CFD: 17/06/2011 - 23:49:32 - [38411899] --H-D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 01/04/2009 - 01:19:52 - [1829877] --H-D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 01/04/2009 - 01:20:54 - [2188837] --H-D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 14/02/2010 - 22:09:46 - [5897045] --H-D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 27/08/2011 - 14:03:28 - [145421942] --H-D- C:\Program Files\Microsoft Works
O43 - CFD: 01/04/2009 - 01:26:34 - [8152064] --H-D- C:\Program Files\Microsoft.NET
O43 - CFD: 13/08/2010 - 20:13:54 - [99168366] --H-D- C:\Program Files\Movie Maker
O43 - CFD: 02/11/2006 - 14:37:36 - [25757] --H-D- C:\Program Files\MSBuild
O43 - CFD: 13/09/2009 - 08:29:24 - [0] --H-D- C:\Program Files\MSXML 4.0
O43 - CFD: 28/08/2011 - 13:22:10 - [0] --H-D- C:\Program Files\Navilog1
O43 - CFD: 10/09/2009 - 08:08:58 - [76593543] --H-D- C:\Program Files\Nikon
O43 - CFD: 09/06/2010 - 19:28:42 - [3688680] --H-D- C:\Program Files\PhotoFiltre
O43 - CFD: 14/05/2011 - 11:08:24 - [99302417] --H-D- C:\Program Files\Picasa2
O43 - CFD: 02/11/2006 - 14:37:36 - [37804801] --H-D- C:\Program Files\Reference Assemblies
O43 - CFD: 01/04/2009 - 01:01:56 - [18684027] --H-D- C:\Program Files\Roxio
O43 - CFD: 11/05/2011 - 22:21:12 - [54862318] --H-D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 17/03/2010 - 19:15:48 - [77850462] --H-D- C:\Program Files\VideoLAN
O43 - CFD: 21/01/2008 - 04:35:20 - [1016832] --H-D- C:\Program Files\Windows Calendar
O43 - CFD: 21/01/2008 - 04:35:16 - [2760704] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 21/01/2008 - 04:35:10 - [4492240] --H-D- C:\Program Files\Windows Defender
O43 - CFD: 21/01/2008 - 04:35:16 - [7084664] --H-D- C:\Program Files\Windows Journal
O43 - CFD: 01/04/2009 - 01:21:10 - [136765907] --H-D- C:\Program Files\Windows Live
O43 - CFD: 01/04/2009 - 01:15:52 - [245112] --H-D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 13/01/2011 - 17:40:06 - [9119592] --H-D- C:\Program Files\Windows Mail
O43 - CFD: 22/11/2010 - 07:38:26 - [4495082] --H-D- C:\Program Files\Windows Media Player
O43 - CFD: 25/08/2009 - 17:03:14 - [7945486] --H-D- C:\Program Files\Windows NT
O43 - CFD: 21/01/2008 - 04:35:16 - [13464738] --H-D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 25/08/2009 - 17:03:14 - [6511482] --H-D- C:\Program Files\Windows Sidebar
O43 - CFD: 29/08/2011 - 12:41:26 - [4122287] --H-D- C:\Program Files\ZHPDiag
O43 - CFD: 11/05/2011 - 21:56:10 - [6281214] --H-D- C:\Program Files\Common Files\Adobe
O43 - CFD: 22/09/2009 - 20:23:22 - [560] --H-D- C:\Program Files\Common Files\CANON
O43 - CFD: 01/04/2009 - 01:26:40 - [92976] --H-D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 01/10/2009 - 10:39:08 - [473621] --H-D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 01/10/2009 - 10:39:10 - [5665956] --H-D- C:\Program Files\Common Files\HP
O43 - CFD: 10/09/2009 - 07:49:50 - [9968410] --H-D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 01/04/2009 - 01:02:30 - [8453553] --H-D- C:\Program Files\Common Files\McAfee
O43 - CFD: 13/01/2011 - 09:35:44 - [460749025] --H-D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 10/09/2009 - 07:52:22 - [4177705] --H-D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 02/11/2009 - 20:51:08 - [61781703] --H-D- C:\Program Files\Common Files\Nikon
O43 - CFD: 01/04/2009 - 01:00:26 - [3971920] --H-D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 01/04/2009 - 00:56:26 - [4279184] --H-D- C:\Program Files\Common Files\Reallusion
O43 - CFD: 01/04/2009 - 01:00:28 - [32201859] --H-D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] --H-D- C:\Program Files\Common Files\Services
O43 - CFD: 01/04/2009 - 01:00:28 - [1088248] --H-D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] --H-D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 01/04/2009 - 01:08:04 - [7466215] --H-D- C:\Program Files\Common Files\supportsoft
O43 - CFD: 01/04/2009 - 01:01:56 - [733760] --H-D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 14/02/2010 - 22:09:18 - [53171132] --H-D- C:\Program Files\Common Files\System
O43 - CFD: 01/04/2009 - 01:08:56 - [240110429] --H-D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 11/05/2011 - 21:56:08 - [50310703] --H-D- C:\ProgramData\Adobe
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 03/10/2009 - 22:25:10 - [61525] --H-D- C:\ProgramData\Babylon
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 22/09/2009 - 20:20:00 - [19640015] --H-D- C:\ProgramData\CanonBJ
O43 - CFD: 22/09/2009 - 20:50:58 - [115] --H-D- C:\ProgramData\CanonIJEGV
O43 - CFD: 30/08/2009 - 21:45:26 - [3346453] --H-D- C:\ProgramData\Creative
O43 - CFD: 27/08/2011 - 14:02:50 - [3014142] --H-D- C:\ProgramData\Dell
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 10/09/2009 - 08:13:02 - [820] --H-D- C:\ProgramData\EnterNHelp
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 10/09/2009 - 21:10:56 - [539892] --H-D- C:\ProgramData\Google
O43 - CFD: 27/08/2011 - 14:02:48 - [17910045] --H-D- C:\ProgramData\HP
O43 - CFD: 26/04/2010 - 14:01:54 - [8988] --H-D- C:\ProgramData\HP Product Assistant
O43 - CFD: 13/10/2009 - 13:11:24 - [267] --H-D- C:\ProgramData\HPSSUPPLY
O43 - CFD: 01/04/2009 - 00:59:30 - [225] --H-D- C:\ProgramData\InstallShield
O43 - CFD: 28/08/2011 - 17:47:02 - [7284100] --H-D- C:\ProgramData\Malwarebytes
O43 - CFD: 01/04/2009 - 01:03:34 - [32444793] --H-D- C:\ProgramData\McAfee
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 11/01/2011 - 12:33:44 - [1013418944] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 17/06/2011 - 12:04:46 - [57028] --H-D- C:\ProgramData\Microsoft Help
O43 - CFD: 25/08/2009 - 12:37:56 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 10/09/2009 - 07:52:18 - [6997856] --H-D- C:\ProgramData\Nikon
O43 - CFD: 01/04/2009 - 01:08:14 - [1235] --H-D- C:\ProgramData\PC-Doctor
O43 - CFD: 01/04/2009 - 01:08:14 - [0] --H-D- C:\ProgramData\PCDr
O43 - CFD: 01/04/2009 - 01:00:34 - [667] --H-D- C:\ProgramData\Sonic
O43 - CFD: 27/08/2011 - 14:03:28 - [378507] --H-D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 01/04/2009 - 01:08:16 - [18440180] --H-D- C:\ProgramData\SupportSoft
O43 - CFD: 10/09/2009 - 08:13:02 - [80] --H-D- C:\ProgramData\Ultima_T15
O43 - CFD: 27/08/2011 - 14:02:48 - [5316331] --H-D- C:\ProgramData\Uninstall
O43 - CFD: 10/09/2009 - 07:57:20 - [12] --H-D- C:\ProgramData\vhosts
O43 - CFD: 11/10/2009 - 15:05:26 - [208] --H-D- C:\ProgramData\WEBREG
O43 - CFD: 27/04/2011 - 20:31:18 - [0] --H-D- C:\ProgramData\WindowsSearch
O43 - CFD: 10/09/2009 - 07:50:08 - [12] --H-D- C:\ProgramData\Workflows
O43 - CFD: 29/08/2011 - 11:01:36 - [152087] --H-D- C:\Users\Sydney\AppData\Roaming\Adobe
O43 - CFD: 09/06/2010 - 19:20:40 - [354] --H-D- C:\Users\Sydney\AppData\Roaming\ArcSoft
O43 - CFD: 22/09/2009 - 21:01:00 - [38] --H-D- C:\Users\Sydney\AppData\Roaming\Canon
O43 - CFD: 25/08/2009 - 16:28:26 - [514] --H-D- C:\Users\Sydney\AppData\Roaming\Creative
O43 - CFD: 25/08/2009 - 12:39:04 - [95178] --H-D- C:\Users\Sydney\AppData\Roaming\Dell
O43 - CFD: 27/08/2011 - 14:03:40 - [199] --H-D- C:\Users\Sydney\AppData\Roaming\dvdcss
O43 - CFD: 10/09/2009 - 21:11:28 - [28058] --H-D- C:\Users\Sydney\AppData\Roaming\Google
O43 - CFD: 27/08/2011 - 14:03:40 - [168] --H-D- C:\Users\Sydney\AppData\Roaming\gtk-2.0
O43 - CFD: 11/10/2009 - 19:16:52 - [119636] --H-D- C:\Users\Sydney\AppData\Roaming\HP
O43 - CFD: 03/09/2010 - 21:57:04 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\HPAppData
O43 - CFD: 25/08/2009 - 12:42:18 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\Identities
O43 - CFD: 25/08/2009 - 17:04:34 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\InstallShield
O43 - CFD: 25/08/2009 - 12:53:26 - [34558] --H-D- C:\Users\Sydney\AppData\Roaming\Macromedia
O43 - CFD: 28/08/2011 - 17:47:10 - [210330] --H-D- C:\Users\Sydney\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 14:37:36 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\Media Center Programs
O43 - CFD: 27/08/2011 - 08:16:00 - [52470627] -S--D- C:\Users\Sydney\AppData\Roaming\Microsoft
O43 - CFD: 14/02/2010 - 22:07:08 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\Microsoft Web Folders
O43 - CFD: 26/03/2010 - 19:11:20 - [1708] --H-D- C:\Users\Sydney\AppData\Roaming\MP-Manager
O43 - CFD: 26/03/2010 - 19:08:12 - [100999622] --H-D- C:\Users\Sydney\AppData\Roaming\MPMAN
O43 - CFD: 02/11/2009 - 20:51:18 - [14306576] --H-D- C:\Users\Sydney\AppData\Roaming\Nikon
O43 - CFD: 27/08/2011 - 14:03:40 - [826] --H-D- C:\Users\Sydney\AppData\Roaming\PhotoFiltre
O43 - CFD: 30/08/2009 - 21:45:26 - [0] --H-D- C:\Users\Sydney\AppData\Roaming\Reallusion
O43 - CFD: 30/08/2009 - 22:55:40 - [13824] --H-D- C:\Users\Sydney\AppData\Roaming\Template
O43 - CFD: 28/08/2011 - 20:58:42 - [2720186] --H-D- C:\Users\Sydney\AppData\Roaming\vlc
O43 - CFD: 11/05/2011 - 21:55:50 - [325211] --H-D- C:\Users\Sydney\AppData\Local\Adobe
O43 - CFD: 25/08/2009 - 12:38:42 - [0] -SH-D- C:\Users\Sydney\AppData\Local\Application Data
O43 - CFD: 31/08/2009 - 13:31:46 - [13745647446] --H-D- C:\Users\Sydney\AppData\Local\Ares
O43 - CFD: 01/10/2009 - 21:58:36 - [12485] --H-D- C:\Users\Sydney\AppData\Local\Babylon
O43 - CFD: 28/09/2009 - 18:01:40 - [76784] --H-D- C:\Users\Sydney\AppData\Local\Canon Easy-PhotoPrint EX
O43 - CFD: 28/07/2011 - 21:37:38 - [9258543] --H-D- C:\Users\Sydney\AppData\Local\Google
O43 - CFD: 25/08/2009 - 12:38:42 - [0] -SH-D- C:\Users\Sydney\AppData\Local\Historique
O43 - CFD: 11/10/2009 - 15:02:56 - [39163913] --H-D- C:\Users\Sydney\AppData\Local\HP
O43 - CFD: 27/08/2011 - 14:02:48 - [3972138704] --H-D- C:\Users\Sydney\AppData\Local\Microsoft
O43 - CFD: 27/08/2011 - 14:02:48 - [276642] --H-D- C:\Users\Sydney\AppData\Local\Microsoft Games
O43 - CFD: 14/02/2010 - 22:24:32 - [0] --H-D- C:\Users\Sydney\AppData\Local\Microsoft Help
O43 - CFD: 10/09/2009 - 08:13:04 - [41870844] --H-D- C:\Users\Sydney\AppData\Local\Nikon
O43 - CFD: 25/08/2009 - 12:42:52 - [0] --H-D- C:\Users\Sydney\AppData\Local\PowerDVD DX
O43 - CFD: 07/09/2009 - 13:32:58 - [2049] --H-D- C:\Users\Sydney\AppData\Local\Stardock_Corporation
O43 - CFD: 25/08/2009 - 19:10:24 - [16918805] --H-D- C:\Users\Sydney\AppData\Local\SupportSoft
O43 - CFD: 29/08/2011 - 12:40:18 - [789202] --H-D- C:\Users\Sydney\AppData\Local\Temp
O43 - CFD: 25/08/2009 - 12:38:42 - [0] -SH-D- C:\Users\Sydney\AppData\Local\Temporary Internet Files
O43 - CFD: 11/10/2009 - 15:03:06 - [1096884] --H-D- C:\Users\Sydney\AppData\Local\VirtualStore
~ Scan Program Folder in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.754E51FB89F772C1CD83F00EC7FCAB34] - 29/08/2011 - 11:22:38 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.05917D28BA27BCD4C3E0041205E7820E] - 29/08/2011 - 11:21:53 --HA- . (...) -- C:\Windows\WindowsUpdate.log [1681742]
O44 - LFC:[MD5.DDAFF77D0549868363FA78D4FDE154CE] - 29/08/2011 - 10:57:40 --HA- . (...) -- C:\Windows\system32\Config.MPF [28035]
O44 - LFC:[MD5.AA60E8B7F43093038B1AE8C1109FB17D] - 29/08/2011 - 10:56:29 --HA- . (...) -- C:\Windows\PFRO.log [3244]
O44 - LFC:[MD5.B1B949C24A38522FBB5DE41F365D20B0] - 29/08/2011 - 10:37:54 --HA- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.14B281B83AD82F8023D3A5B0D810542F] - 29/08/2011 - 10:07:22 --HA- . (...) -- C:\ComboFix.txt [11002]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 29/08/2011 - 10:05:00 --HA- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 29/08/2011 - 09:49:23 --HA- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [60416]
O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 29/08/2011 - 09:49:23 --HA- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [518144]
O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 29/08/2011 - 09:49:23 --HA- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [406528]
O44 - LFC:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 28/08/2011 - 16:47:02 --HA- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [41272]
O44 - LFC:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 28/08/2011 - 16:46:58 --HA- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]
O44 - LFC:[MD5.82CEEC825B0864542E9B0AF24EB7F8A5] - 28/08/2011 - 16:27:11 --HA- . (...) -- C:\AdwCleaner[S1].txt [1321]
O44 - LFC:[MD5.4969BD9281C71949AD00B63600319379] - 28/08/2011 - 16:26:17 --HA- . (...) -- C:\AdwCleaner[R1].txt [1276]
O44 - LFC:[MD5.51E755A552370E3644BC006F3D701096] - 28/08/2011 - 12:24:45 --HA- . (...) -- C:\cleannavi.txt [1427]
O44 - LFC:[MD5.8FA822DC2F9769DE076E20AE8B81D744] - 28/08/2011 - 12:20:00 --HA- . (...) -- C:\Windows\ntbtlog.txt [95026]
O44 - LFC:[MD5.D64DA6DC86F9441887CA2F1ED8E54A3C] - 11/08/2011 - 06:38:56 --HA- . (...) -- C:\Windows\system32\MRT.INI [118]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 07:45:56 --HA- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 18:20:24 --HA- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 01:00:00 --HA- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 01:00:00 --HA- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 01:00:00 --HA- . (...) -- C:\Windows\zip.exe [68096]
~ Scan Files in 00mn 04s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - WDF dynamique.) -- C:\Windows\system32\Drivers\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - WDF dynamique.) -- C:\Windows\system32\Drivers\Wdf01000.sys
~ Scan CSB in 00mn 00s

[Sydou]

---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\system32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableTaskMgr"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=1
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 --HA- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:23:25 --HA- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:23:26 --HA- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:23:27 --HA- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:23:00 --H-- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.B83F9DA84F7079451C1C6A4A2F140920] - 01/04/2009 - 06:29:08 --HA- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\system32\drivers\Apfiltr.sys [170032]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:23:23 --HA- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:23:24 --HA- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.7526AD10925D1AA9E4E6B0FB393B701F] - 01/04/2009 - 07:57:22 --HA- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [4172288]
O58 - SDL:[MD5.423C7B87E886AC93D22936EA82665F83] - 01/04/2009 - 11:32:18 --HA- . (.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver.) -- C:\Windows\system32\drivers\bcm42rly.sys [18424]
O58 - SDL:[MD5.B56999BE8F22BA3071E4CEAFA9E82E26] - 01/04/2009 - 09:56:50 --HA- . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\Windows\system32\drivers\BCMWL6.SYS [1331192]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 --HA- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 --HA- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 --HA- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 --HA- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 --HA- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 --HA- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.C716C877A528FAE6D352A7430AE0A4A4] - 01/04/2009 - 08:00:00 --HA- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdr4_xp.sys [9072]
O58 - SDL:[MD5.17CD01A8B4D0A1E6CBF4BB07CD57043C] - 01/04/2009 - 08:00:00 --HA- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdralw2k.sys [9200]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:23:00 --H-- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.B5ECADF7708960F1818C7FA015F4C239] - 03/09/2009 - 18:28:02 --HA- . (.Cisco Systems, Inc. - Cisco Systems VPN Adapter.) -- C:\Windows\system32\drivers\CVirtA.sys [5275]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 --HA- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.694616F813FB627A32C9E32DEC133078] - 03/09/2009 - 16:17:38 --HA- . (.Deterministic Networks, Inc. - Deterministic Network Enhancer.) -- C:\Windows\system32\drivers\dne2000.sys [131856]
O58 - SDL:[MD5.908ED85B7806E8AF3AF5E9B74F7809D4] - 21/01/2008 - 03:23:25 --HA- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\e1e6032.sys [220672]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:23:24 --HA- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 --HA- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:23:26 --HA- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.80C633722DA72E97F3F5B3B11325696D] - 01/04/2009 - 11:15:54 --HA- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [317976]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:23:23 --HA- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 --HA- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 --HA- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 --HA- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:23:23 --HA- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:23:25 --HA- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:23:23 --HA- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 28/08/2011 - 18:52:42 --HA- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]
O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 28/08/2011 - 18:52:42 --HA- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [41272]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:23:27 --HA- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 03:23:27 --HA- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.C97CBFD71C1C215150A3B3E55F77A7A3] - 22/11/2007 - 05:44:08 --HA- . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- C:\Windows\system32\drivers\mfeavfk.sys [79304]
O58 - SDL:[MD5.5447338B83A1A2354FB2FEA7604387FD] - 22/11/2007 - 05:44:08 --HA- . (.McAfee, Inc. - Buffer Overflow Protection Driver.) -- C:\Windows\system32\drivers\mfebopk.sys [35240]
O58 - SDL:[MD5.6C9A6ED60B8FC3BAF72FE1B1D096445B] - 22/11/2007 - 05:44:08 --HA- . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) -- C:\Windows\system32\drivers\mfehidk.sys [201320]
O58 - SDL:[MD5.A551154B51D6A93FCCF70FC4E8EAF4BD] - 25/08/2009 - 05:44:04 --HA- . (.McAfee, Inc. - VSCore Code Analysis Driver.) -- C:\Windows\system32\drivers\mferkdk.sys [33832]
O58 - SDL:[MD5.299A86B780C9627AAA24E74292363ED2] - 02/12/2007 - 11:51:42 --HA- . (.McAfee, Inc. - System Monitor Filter Driver.) -- C:\Windows\system32\drivers\mfesmfk.sys [40488]
O58 - SDL:[MD5.96CF5286BC370B558735A7B891232D92] - 01/04/2009 - 15:21:12 --HA- . (.McAfee, Inc. - McAfee Personal Firewall Plus Driver.) -- C:\Windows\system32\drivers\Mpfp.sys [125728]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 --HA- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 --HA- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 --HA- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 03:23:21 --HA- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 03:23:21 --HA- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.EC528056B89D15755ABB624E55949E44] - 01/04/2009 - 09:44:20 --HA- . (.Creative Technology Ltd. - Advanced Audio FX Driver.) -- C:\Windows\system32\drivers\OA009Afx.sys [148056]
O58 - SDL:[MD5.A015DD2BA6009C8BDD00A6C431302D06] - 01/04/2009 - 09:44:22 --HA- . (.Creative Technology Ltd. - Video Class Upper Filter Driver.) -- C:\Windows\system32\drivers\OA009Ufd.sys [144672]
O58 - SDL:[MD5.D4E1F63A07C58563A73FD5AA20DCFB65] - 01/04/2009 - 09:44:22 --HA- . (.Creative Technology Ltd. - Video Capture Device Driver.) -- C:\Windows\system32\drivers\OA009Vid.sys [269216]
O58 - SDL:[MD5.03E0FE281823BA64B3782F5B38950E73] - 01/04/2009 - 09:00:00 --HA- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\Windows\system32\drivers\pxhelp20.sys [43840]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 03:23:24 --HA- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 --HA- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.8F6B5CFCD472FD3E54A68D211EC4617B] - 01/04/2009 - 10:19:22 --HA- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for Vista.) -- C:\Windows\system32\drivers\RTSTOR.sys [69664]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 --HA- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 03:23:26 --HA- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.14A9AD287FDA70A06463E09C4328C1F2] - 01/04/2009 - 05:13:54 --HA- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\system32\drivers\stwrt.sys [393216]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 --HA- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 --HA- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 --HA- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 --HA- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 --HA- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 --HA- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 03:23:00 --H-- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 03:23:23 --HA- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.C1C748875DDCF61999D2E4AE8352BBA4] - 30/08/2009 - 16:49:34 --HA- . (.Jungo - WinDriver Device Driver 4.33.) -- C:\Windows\system32\drivers\windrvr.sys [164180]
O58 - SDL:[MD5.1A51DF1A5C658D534ED980D18F7982DE] - 01/04/2009 - 11:19:40 --HA- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\Windows\system32\drivers\yk60x86.sys [304128]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 22/12/2008 - C:\Windows\system32\drivers\BCM42RLY.sys - BCM42RLY(BCM42RLY) .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Pr.) - LEGACY_BCM42RLY
O64 - Services: CurCS - ??/??/???? - C:\Users\Sydney\AppData\Local\Temp\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME
O64 - Services: CurCS - ??/??/???? - C:\Users\Sydney\AppData\Local\Temp\mbr.sys (.not file.) - mbr (mbr) .(...) - LEGACY_MBR
O64 - Services: CurCS - 22/11/2007 - C:\Windows\system32\drivers\mfeavfk.sys - McAfee Inc.(mfeavfk) .(.McAfee, Inc. - Anti-Virus File System Filter Driver.) - LEGACY_MFEAVFK
O64 - Services: CurCS - 22/11/2007 - C:\Windows\system32\drivers\mfebopk.sys - McAfee Inc.(mfebopk) .(.McAfee, Inc. - Buffer Overflow Protection Driver.) - LEGACY_MFEBOPK
O64 - Services: CurCS - 22/11/2007 - C:\Windows\system32\drivers\mfehidk.sys - McAfee Inc.(mfehidk) .(.McAfee, Inc. - Host Intrusion Detection Link Driver.) - LEGACY_MFEHIDK
O64 - Services: CurCS - 22/11/2007 - C:\Windows\system32\drivers\mferkdk.sys - McAfee Inc. mferkdk(mferkdk) .(.McAfee, Inc. - VSCore Code Analysis Driver.) - LEGACY_MFERKDK
O64 - Services: CurCS - 02/12/2007 - C:\Windows\system32\drivers\mfesmfk.sys - McAfee Inc.(mfesmfk) .(.McAfee, Inc. - System Monitor Filter Driver.) - LEGACY_MFESMFK
O64 - Services: CurCS - 13/07/2007 - C:\Windows\system32\Drivers\Mpfp.sys - MPFP(MPFP) .(.McAfee, Inc. - McAfee Personal Firewall Plus Driver.) - LEGACY_MPFP
~ Scan Services in 00mn 16s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - http://www.pucuy.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web) - http://isearch.babylon.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {70AC35EB-A3DA-42CE-8E9D-152CB7EF75EF} - (Bing) - http://www.bing.com
~ Scan Keys in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.3F04241F49DEC4A96D0A81C0F6235663] [SPRF][28/08/2011] (...) -- C:\Users\Sydney\AppData\Local\alxdoc.bat [90]
[MD5.740A6C50853773ECD660C61A96F82120] [SPRF][25/07/2011] (...) -- C:\Users\Sydney\AppData\Local\ojedaxub.dll [2174]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.0C135B4FEFF52ED92CF08BB3F0A75A90] [SPRF][11/09/2006] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [484272]
~ Scan Files in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{0DC8EA12-033A-4DB5-A432-DCB6899FBBFC}" | In - Domain - P6 - TRUE | .(.McAfee, Inc. - McAfee Network Agent.) -- C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
O87 - FAEL: "{3BC12592-0804-4FAF-B82D-0A007E6BC033}" | In - None - P6 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD DX.) -- C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
O87 - FAEL: "{57CF7386-30B8-4F37-B1CD-AF434B85D9C0}" | In - None - P6 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O87 - FAEL: "{F6FEBFC9-AF4E-4F4A-ABC0-FC3B5A34C588}" | In - None - P17 - TRUE | .(.Hewlett-Packard - HP Software Update Client.) -- C:\Program Files\HP\hp software update\hpwucli.exe
O87 - FAEL: "TCP Query User{97658239-CF64-430D-AC86-5BDAA4098701}C:\program files\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "UDP Query User{D18CADB0-A157-452F-88AD-F4739CED2190}C:\program files\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "TCP Query User{3FD464C5-9862-453C-AB0F-AB390811D60C}C:\program files\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "UDP Query User{7037A807-B7E1-42F4-94F5-5237C7E8D441}C:\program files\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "TCP Query User{4D2F04E4-326C-404C-A41E-524B25ECC2C8}C:\program files\videolan\vlc\vlc.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\videolan\vlc\vlc.exe
O87 - FAEL: "UDP Query User{07F145A1-085C-401A-A408-343AEE1D12F2}C:\program files\videolan\vlc\vlc.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\videolan\vlc\vlc.exe
~ Scan Firewall in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : 8614 - (24/08/2011)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Live-Player] =>Adware.Navipromo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Babylon Client =>Toolbar.Babylon
C:\Program Files\Enigma Software Group\SpyHunter =>Crapware.SpyHunter
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\Sydney\AppData\Local\Babylon =>Toolbar.Babylon
C:\Users\Sydney\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Sydney\AppData\Local\Temp\log =>Worm.Silly
~ Scan Additionnel in 00mn 10s



---\\ Recherche détournement de DNS routeur (O89)
Serveur : ns1.numericable.net
Address: 89.2.0.1
Nom : www.l.google.com
Addresses: 74.125.39.103
74.125.39.104
74.125.39.106
74.125.39.105
74.125.39.99
74.125.39.147
Aliases: www.google.fr
www.google.com
~ Scan DNS in 00mn 07s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 01/04/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
SR - | Auto 01/04/2009 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\system32\Ati2evxx.exe
SR - | Auto 01/04/2009 155648 | (DockLoginService) . (.Stardock Corporation.) - C:\Program Files\Dell\DellDock\DockLogin.exe
SS - | Demand 01/04/2009 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
SS - | Auto 11/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/09/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 01/04/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 10/09/2009 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 09/01/2008 767976 | (mcmscsvc) . (.McAfee, Inc..) - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
SR - | Auto 25/01/2008 2458128 | (McNASvc) . (.McAfee, Inc..) - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
SS - | Demand 07/11/2007 378184 | (McODS) . (.McAfee, Inc..) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
SR - | Auto 15/08/2007 359248 | (McProxy) . (.McAfee, Inc..) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
SS - | Auto 24/07/2007 144704 | (McShield) . (.McAfee, Inc..) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
SR - | Demand 05/12/2007 695624 | (McSysmon) . (.McAfee, Inc..) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
SR - | Auto 18/07/2007 856864 | (MpfService) . (.McAfee, Inc..) - C:\Program Files\McAfee\MPF\MPFSrv.exe
SR - | Auto 26/11/2007 23880 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSK\MskSrver.exe
SR - | Auto 11/05/2011 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 01/04/2009 201968 | (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
SR - | Auto 01/04/2009 241746 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
SS - | Demand 01/04/2009 74384 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 26112 | (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
~ Scan Services in 00mn 07s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Sydney at 29/08/2011 12:42:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x875D9F16]<<
1 ntkrnlpa!IofCallDriver[0x8270820F] -> \Device\Harddisk0\DR0[0x86980A00]
3 CLASSPNP[0x8BDA6745] -> ntkrnlpa!IofCallDriver[0x8270820F] -> \Device\Ide\IAAStorageDevice-1[0x85F18028]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\iaStor -> 0x875d9f16
user & kernel MBR OK
Warning: possible MBR rootkit infection !
~ Scan MBR in 00mn 10s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sydney at 29/08/2011 12:42:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 12s



End of the scan (1198 lines in 01mn 41s)(0)

[flo-91]

Ok, fais ceci dans l'ordre :


1-

• Lance ZHPFix (via ZHPDiag)
• Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
• Copie/colle les lignes suivantes et place les dans ZHPFix :

O8 - Extra context menu item: Translate this web page with Babylon - (.not file.) - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O8 - Extra context menu item: Translate with Babylon - (.not file.) - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (.not file.)
[HKCU\Software\Babylon]
[HKLM\Software\Babylon]
O43 - CFD: 03/10/2009 - 22:25:10 - [61525] ----D- C:\ProgramData\Babylon
O43 - CFD: 01/10/2009 - 21:58:36 - [12485] --H-D- C:\Users\Sydney\AppData\Local\Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]
C:\ProgramData\Babylon
C:\Users\Sydney\AppData\Local\Babylon
C:\Users\Sydney\AppData\LocalLow\Conduit
PROXYFIX
HOSTFIX

• Clique sur « Tous », puis sur « Nettoyer »
• Copie/colle la totalité du rapport dans ta prochaine réponse


2-

On va essayer de réparer ton windows :

-Réparations des erreurs sur le disque :
Suis ces étapes et fais un redémarrage si windows te dit qu'il ne peut pas vérifier le disque lorsqu'il est utilisé.

http://support.microsoft.com/kb/973860/fr

Si les problemes persistent :

-Réparation de windows :

Il faut que tu aies le cd de windows vista sous la main et suis ces étapes :

http://www.vista-xp.fr/forum/topic428.html

Cette étape devrait pouvoir réparer le fichiers corrompus sans formater ton systeme.

[flo-91]

Attends, PC repair c'est un logiciel que tu as payé ?
Il sort d'où ?

Si c'est cet outil que tu as :

http://deletemalware.blogspot.com/

Il semblerait que ce soit un rogue un faux logiciel !
Si c'est le cas, tu me previens on va faire ce qu'il faut

[Sydou]

Ah ben oui c'est bien ce truc là "pc repair" que j'ai sur mon ordi! Si tu peux l'enlever c'est une bonne nouvelle!

Rapport de ZHPFix 1.12.3357 par Nicolas Coolman, Update du 23/08/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-29-08-2011-13-31-04.txt
Run by Sydney at 29/08/2011 13:31:04
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Clé(s) du Registre ==========
ABSENT Key: Menu Contextuel: Translate this web page with Babylon
SUPPRIME Key: Menu Contextuel: Translate with Babylon
SUPPRIME Key: CLSID Extra Buttons: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}
SUPPRIME Key: HKCU\Software\Babylon
SUPPRIME Key: HKLM\Software\Babylon
SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

========== Valeur(s) du Registre ==========
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIME ProxyServer Value
SUPPRIME ProxyEnable Value
SUPPRIME EnableHttp1_1 Value
SUPPRIME ProxyHttp1.1 Value
SUPPRIME ProxyOverride Value

========== Dossier(s) ==========
SUPPRIME Folder: C:\ProgramData\Babylon
SUPPRIME Folder: C:\Users\Sydney\AppData\Local\Babylon
SUPPRIME Folder: c:\users\sydney\appdata\locallow\conduit

========== Fichier(s) ==========
ABSENT File: c:\program files\babylon\babylon-pro\utils\babyloniepi.dll
ABSENT Folder/File: c:\programdata\babylon
ABSENT Folder/File: c:\users\sydney\appdata\local\babylon

========== Fichier HOSTS ==========
Le fichier Hosts n'est pas réparé !


========== Récapitulatif ==========
6 : Clé(s) du Registre
6 : Valeur(s) du Registre
3 : Dossier(s)
3 : Fichier(s)
1 : Fichier HOSTS


End of the scan in 00mn 39s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 29/08/2011 12:26:34 [719]
C:\ZHP\ZHPFix[R2].txt - 29/08/2011 12:26:40 [818]
C:\ZHP\ZHPFix[R3].txt - 29/08/2011 13:31:04 [1760]

[flo-91]

Bien, c'est donc un rogue qui se cache bien car invisible dans les rapports que j'ai vu pour l'instant ^^
Quelques infos sur les rogues :

https://sos-malware.forums-actifs.com/t173-les-rogues
Ensuite :


Télécharge le programme Seaf sur ce lien : http://www.teamxscript.org/too/SEAF.exe

Il ne nécessite pas d'installation .
Double-clique sur le fichier SEAF.exe obtenu.

Dans "entrer ci-dessous le ou les occurences à chercher" tu tape :
pc repair

Il faut que les cases soit cochées de cette façon :

https://i.servimg.com/u/f25/11/05/93/83/seaf10.png

Clique ensuite sur "Lancer la recherche"

Poster ce rapport par copier-coller en réponse dans le sujet où il a été demandé.

IL sera enregistré ici : C:\SEAFlog.txt ainsi qu'un rapport C:\TmpSeaf.txt

Tuto bien illustré ici :

http://forum.pcastuces.com/seaf___recherche_fichier_et_registre-f31s48.htm

[Sydou]

Pas de changement après vérification du disque dur.
J'ai pas mon cd vista sous la main, je ferais la réparation de window tout a l'heure, je commence par le rogue...

[Contenu sponsorisé]