Rapport de ZHPDiag v1.28.1313 par Nicolas Coolman, Update du 05/08/2011 Run by Nathalie at 07/08/2011 17:11:19 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 OPIE: Opera v11.10 MFIE: Mozilla Firefox 4.0.1 v (Defaut) GCIE: Google Chrome v13.0.782.107 ---\\ Windows Product Information Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4028 MB (61% free) System Restore: Désactivé (Disabled) System drive C: has 155 GB (67%) free of 229 GB ---\\ Logged in mode ~ Computer Name: BIOPTIMIZE ~ User Name: Nathalie ~ All Users Names: Nathalie, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Nathalie\AppData\Roaming\ ~ %Desktop% : C:\Users\Nathalie\Desktop\ ~ %Favorites% : C:\Users\Nathalie\Favorites\ ~ %LocalAppData% : C:\Users\Nathalie\AppData\Local\ ~ %StartMenu% : C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 155 Go of 229 Go) D:\ CD-ROM drive (Free 0 Go of 4 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/05/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.14/07/2009 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024] [MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/05/2011 - 12:06:32.) -- C:\Windows\system32\wininet.dll [1389056] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.19/06/2011 - 14:25:30.) -- C:\Windows\system32\Winlogon.exe [390656] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128] [MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.16/07/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.19/06/2011 - 14:27:26.) -- C:\Windows\system32\sppcomapi.dll [232448] [MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.19/06/2011 - 14:07:20.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480] ~ Scan Generic Processes in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 6/120 ~ Mes Favoris (My Favorites) : 3/48 ~ Mes Documents (My Documents) : 6/114 ~ Mon Bureau (My Desktop) : 2/17762 ~ Menu demarrer (Programs) : 7/31 ~ Scan Hidden Files in 00mn 44s ---\\ Processus lancés [MD5.0D6972A795995F07B6D78CA7724744FB] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552] [MD5.75102FC486595CF486DFD7239BE30DD5] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [MD5.A07E8935CC8DCE6DB787DC99129CA17C] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408] [MD5.0550FBCEE76B6B8BD0045C898394E728] - (.Pierre TORRIS - Sauvegarde et restauration du bureau.) -- C:\Program Files (x86)\IcoSauve\IcoSauve.exe [131072] [MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920] [MD5.94F80155B91B8DF7A0EAD527C853D377] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984] [MD5.38218E47372B77DDB3C9DDD4390CB960] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [975952] [MD5.506FCC5EEE85B165498513022EF26E65] - (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136] [MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [MD5.F255E48EA981E943A14CF16269F3F3AF] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584] [MD5.1DB860CA1C72B0B953B9555BB390E554] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [305744] [MD5.A3A82800FF19B26B94D2327A2F11067E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144] [MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856] [MD5.12FDBDA5759C7A19F57799F91F9F97A4] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [664064] [MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [345376] [MD5.9CF46FDF163E06B83D03FF929EF2296C] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104] [MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584] [MD5.9A308FCDCCA98A15B6F62D36A272160E] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744] [MD5.B8D903B2894FF9AFBD99CA51C35590D7] - (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- C:\Windows\SysWOW64\rundll32.exe [44544] [MD5.F12A68ED55053940CADD59CA5E3468DD] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904] [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [MD5.CBDEE152D73200EE49031A26310B9D3E] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] ~ Scan Processes Running in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.fr G2 - GCE: Preference [User Data\Default] [fheoggkfdfchfphceeifdbepaooicaho] SiteAdvisor v.3.31.137.7 (Activé) ~ Scan Google Browser in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\6lsv3z2c.default\prefs.js M3 - MFPP: Plugins - [Nathalie] -- C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\6lsv3z2c.default\searchplugins\cherche.xml M0 - MFSP: prefs.js [Nathalie - 6lsv3z2c.default] http://www.search-web.net/ P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_25 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Nathalie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Nathalie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com R0 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-web.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = search-web.net R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search-web.net3a%23fffff0%3b&ie=iso-8859-1&oe=iso-8859-1&sa=rechercher&lang=en&q={searchterms} R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar [64Bits] - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) (3,3,1,137) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Scan Hosts File in 00mn 08s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515001500.dll O2 - BHO: McAfee SiteAdvisor BHO [64Bits] - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) [64Bits] - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110515001500.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin O2 - BHO: Adobe PDF Conversion Toolbar Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO [64Bits] - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: SmartSelect [64Bits] - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exek\MediaShow Espresso\5.6 (.not file.) O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\7-Zip File Manager.lnk . (.Igor Pavlov.) -- C:\Program Files (x86)\7-Zip\7zFM.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\APriori.lnk . (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\Classic.lnk . (.CEEI Montpellier Agglomération.) -- C:\MBPC\BPCA2_3.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\KNIME.lnk . (...) -- C:\Users\Nathalie\Desktop\knime_2.4.0\knime.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\Microsoft Office.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O4 - Global Startup: C:\Users\Nathalie\Desktop\RegCleaner.lnk . (...) -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\ScanGear Starter.lnk . (.CANON INC..) -- C:\Windows\twain_32\CNQSG\SGST.exe O4 - Global Startup: C:\Users\Nathalie\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (.not file.) O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe ~ Scan Global Startup in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O8 - Extra context menu item: Ajouter à un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O8 - Extra context menu item: Convertir au format Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~2\Office14\EXCEL.exe O8 - Extra context menu item: Recherche avec search-web . (...) -- C:\Users\Nathalie\scriptjava.html ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBTTN~1.dll ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll ~ Scan Winsock in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS2\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 212.27.40.241 212.27.40.242 O17 - HKLM\System\CS2\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS3\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS3\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: dssrequest [64Bits] - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Handler: sacore [64Bits] - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL ~ Scan Protocole Additionnel in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated - ePowerSvc.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: GREGService (GREGService) . (.Acer Incorporated - Global Registration Service.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McShield (McShield) . (.McAfee, Inc. - McAfee On-Access Scanner service.) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) . (.McAfee, Inc. - McAfee Core Firewall Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Norton Online Backup (NOBU) . (.Symantec Corporation - Norton Online Backup Service.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NewTech Infosystems, Inc. - Backup Manager Module.) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) . (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service (Updater Service) . (.Acer Group - Updater Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001UA.job [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001Core] (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001UA] (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.173B8C968CA5AB0FDD943BF2F8F9523F] [APT] [SpeedyFox] (.SpeedyFox.) -- C:\Users\Nathalie\Downloads\speedyfox.exe [MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{08111438-A691-468E-A678-E0EEDDF3AEEC}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe [MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{28BEBBFA-0B8F-4177-99E5-75BB035F7024}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe [MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{A955F25D-7507-4A1D-A256-C4C7906B6333}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe [MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ~ Scan Scheduled Task in 00mn 07s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (mfenlfk) . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - C:\Windows\system32\DRIVERS\mfenlfk.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (mwlPSDFilter) . (.Egis Technology Inc. - PSD Filter Driver.) - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys O41 - Driver: (mwlPSDNServ) . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys O41 - Driver: (mwlPSDVDisk) . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 7-Zip 9.20 - (.Pas de propriétaire.) [HKLM] -- 7-Zip O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {B36047D4-E932-C4B2-0DF2-94C8577468A9} O42 - Logiciel: Acer Arcade Deluxe - (.CyberLink Corp..) [HKLM] -- InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} O42 - Logiciel: Acer Arcade Deluxe - (.CyberLink Corp..) [HKLM] -- {2637C347-9DAD-11D6-9EA2-00055D0CA761} O42 - Logiciel: Acer Arcade Movie - (.CyberLink Corp..) [HKLM] -- {B906C11A-D193-4143-9FA7-E2EE8A5A8F21} O42 - Logiciel: Acer Backup Manager - (.NewTech Infosystems.) [HKLM] -- InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93} O42 - Logiciel: Acer Crystal Eye Webcam - (.Suyin Optronics Corp.) [HKLM] -- {7760D94E-B1B5-40A0-9AA0-ABF942108755} O42 - Logiciel: Acer GameZone Console - (.Oberon Media, Inc..) [HKLM] -- {58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1 O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM] -- Acer Screensaver O42 - Logiciel: Acer Updater - (.Acer Incorporated.) [HKLM] -- {EE171732-BEB4-4576-887D-CB62727F01CA} O42 - Logiciel: Acer ePower Management - (.Acer Incorporated.) [HKLM] -- {3DB0448D-AD82-4923-B305-D001E521A964} O42 - Logiciel: Acer eRecovery Management - (.Acer Incorporated.) [HKLM] -- {7F811A54-5A09-4579-90E1-C93498E230D9} O42 - Logiciel: Acrobat X Suite - (.Adobe Systems Incorporated.) [HKLM] -- {3F41BA46-09C3-4500-96D7-DC4390AD0124} O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR O42 - Logiciel: Adobe Captivate Quiz Results Analyzer - (.Adobe Systems Incorporated.) [HKLM] -- QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 O42 - Logiciel: Adobe Captivate Reviewer - (.Adobe Systems Incorporated.) [HKLM] -- AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Airport Mania First Flight - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173} O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] -- InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B} O42 - Logiciel: Amazonia - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477} O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549} O42 - Logiciel: Backup Manager Basic - (.NewTech Infosystems.) [HKLM] -- {72B776E5-4530-4C4B-9453-751DF87D9D93} O42 - Logiciel: BitTorrent - (.Pas de propriétaire.) [HKLM] -- BitTorrent O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1 O42 - Logiciel: Cake Mania - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750} O42 - Logiciel: Canon MP110 - (.Pas de propriétaire.) [HKLM] -- {B3467C74-0678-459a-9180-722763E0AFDE} O42 - Logiciel: Canon My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter O42 - Logiciel: Canon ScanGear Starter - (.Pas de propriétaire.) [HKLM] -- {18A5DFF2-8A95-49F3-873F-743CB5549F3D} O42 - Logiciel: Canon Utilities Easy-LayoutPrint - (.Pas de propriétaire.) [HKLM] -- Easy-LayoutPrint O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite O42 - Logiciel: Dream Day First Home - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} O42 - Logiciel: Farm Frenzy 2 - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173} O42 - Logiciel: Galapago - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome O42 - Logiciel: Heroes of Hellas - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380} O42 - Logiciel: IcoSauve - (.Pierre TORRIS.) [HKLM] -- IcoSauve_is1 O42 - Logiciel: Identity Card - (.Acer Incorporated.) [HKLM] -- Identity Card O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM] -- LManager O42 - Logiciel: McAfee Internet Security Suite - (.McAfee, Inc..) [HKLM] -- MSC O42 - Logiciel: MediaShow Espresso - (.CyberLink Corp..) [HKLM] -- {4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3} O42 - Logiciel: Merriam Websters Spell Jam - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft Office Professionnel Plus 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.PROPLUS O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr) O42 - Logiciel: NTI Backup Now 5 - (.NewTech Infosystems.) [HKLM] -- InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403} O42 - Logiciel: NTI Media Maker 8 - (.NewTech Infosystems.) [HKLM] -- InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} O42 - Logiciel: Opera 11.10 - (.Opera Software ASA.) [HKLM] -- Opera 11.10.2092 O42 - Logiciel: Poker Pop - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427} O42 - Logiciel: R for Windows 2.13.1 - (.R Development Core Team.) [HKLM] -- R for Windows 2.13.1_is1 O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Spin & Win - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453} O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: WinRAR 4.00 (64-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver O42 - Logiciel: eSobi v2 - (.esobi Inc..) [HKLM] -- InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} ---\\ HKCU & HKLM Software Keys [HKCU\Software\7-Zip] [HKCU\Software\ATI] [HKCU\Software\Acer] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\BitTorrent] [HKCU\Software\Canneverbe Limited] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CrystalIdea Software] [HKCU\Software\CyberLink] [HKCU\Software\DT Soft] [HKCU\Software\DownloadMR] [HKCU\Software\Dritek] [HKCU\Software\FreeDownloadManager.ORG] [HKCU\Software\Google] [HKCU\Software\IM Providers] [HKCU\Software\JavaSoft] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\McAfee] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Netscape] [HKCU\Software\NewTech Infosystems] [HKCU\Software\Nico Mak Computing] [HKCU\Software\ODBC] [HKCU\Software\OEM] [HKCU\Software\Opera Software] [HKCU\Software\PCTuto] [HKCU\Software\Pierre Torris] [HKCU\Software\Policies] [HKCU\Software\Realtek] [HKCU\Software\Safer Networking Limited] [HKCU\Software\Softonic] [HKCU\Software\Sonix] [HKCU\Software\Synaptics] [HKCU\Software\Tg_Downloader_Version] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\WinZip Computing] [HKCU\Software\Wow6432Node] [HKLM\Software\AMD] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\AVAST Software] [HKLM\Software\Acer Incorporated] [HKLM\Software\Acer] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\Canneverbe Limited] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\Cyberlink] [HKLM\Software\DT Soft] [HKLM\Software\DTS] [HKLM\Software\Dritek] [HKLM\Software\EgisTec IPS] [HKLM\Software\EgisTec Shredder] [HKLM\Software\EgisTec] [HKLM\Software\FileZilla 3] [HKLM\Software\FreeDownloadManager.ORG] [HKLM\Software\Google] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\MAXSOFT-OCRON] [HKLM\Software\Macromedia] [HKLM\Software\McAfee.com] [HKLM\Software\McAfeeInstaller] [HKLM\Software\McAfee] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Netscape] [HKLM\Software\NewTech Infosystems] [HKLM\Software\Nico Mak Computing] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OOBEOffer] [HKLM\Software\Oberon Media] [HKLM\Software\OemSetup] [HKLM\Software\Opera Software] [HKLM\Software\PCTuto] [HKLM\Software\Policies] [HKLM\Software\R-core] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\Safer Networking Limited] [HKLM\Software\SiteAdvisor] [HKLM\Software\SonicFocus] [HKLM\Software\Sonic] [HKLM\Software\Suyin Optronics Corp] [HKLM\Software\Symantec] [HKLM\Software\Synaptics] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/02/2011 - 12:38:26 - [24682404] ----D- C:\Program Files\Acer O43 - CFD: 14/05/2011 - 17:21:04 - [252761] ----D- C:\Program Files\Acer Accessory Store O43 - CFD: 27/05/2011 - 12:00:14 - [676093282] ----D- C:\Program Files\Adobe O43 - CFD: 24/02/2011 - 12:21:08 - [23100144] ----D- C:\Program Files\ATI O43 - CFD: 14/05/2011 - 19:54:52 - [63602689] ----D- C:\Program Files\AVAST Software O43 - CFD: 14/05/2011 - 18:07:20 - [195924] ----D- C:\Program Files\Bonjour O43 - CFD: 14/06/2011 - 13:06:54 - [6248620] ----D- C:\Program Files\Canon O43 - CFD: 07/06/2011 - 15:27:54 - [15345633] --H-D- C:\Program Files\CanonBJ O43 - CFD: 16/05/2011 - 13:29:56 - [13063683] ----D- C:\Program Files\CDBurnerXP O43 - CFD: 31/07/2011 - 15:14:14 - [480951179] ----D- C:\Program Files\Common Files O43 - CFD: 20/06/2011 - 23:17:58 - [90256916] ----D- C:\Program Files\DVD Maker O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 24/02/2011 - 12:29:28 - [375155] ----D- C:\Program Files\Intel O43 - CFD: 19/06/2011 - 21:36:26 - [5964050] ----D- C:\Program Files\Internet Explorer O43 - CFD: 27/05/2011 - 13:39:30 - [102510114] ----D- C:\Program Files\Java O43 - CFD: 12/07/2011 - 14:07:10 - [932483818] ----D- C:\Program Files\knime_2.4.0 O43 - CFD: 31/07/2011 - 15:14:18 - [80040421] ----D- C:\Program Files\mcafee O43 - CFD: 31/07/2011 - 15:14:14 - [2496451] ----D- C:\Program Files\mcafee.com O43 - CFD: 27/05/2011 - 02:37:30 - [66182091] ----D- C:\Program Files\Microsoft Analysis Services O43 - CFD: 14/07/2009 - 09:45:56 - [148931122] ----D- C:\Program Files\Microsoft Games O43 - CFD: 27/05/2011 - 02:40:38 - [1143272737] ----D- C:\Program Files\Microsoft Office O43 - CFD: 27/05/2011 - 02:40:36 - [2966976] ----D- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD: 27/05/2011 - 02:40:36 - [1014647] ----D- C:\Program Files\Microsoft Sync Framework O43 - CFD: 27/05/2011 - 02:41:18 - [326800] ----D- C:\Program Files\Microsoft Synchronization Services O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 08/09/2010 - 09:48:34 - [1825075] ----D- C:\Program Files\Preload O43 - CFD: 12/07/2011 - 13:22:02 - [62746664] ----D- C:\Program Files\R O43 - CFD: 08/09/2010 - 09:32:32 - [15237372] ----D- C:\Program Files\Realtek O43 - CFD: 14/07/2009 - 07:32:40 - [36813993] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 08/09/2010 - 09:39:00 - [34502335] ----D- C:\Program Files\Synaptics O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 20/06/2011 - 23:17:56 - [4039680] ----D- C:\Program Files\Windows Defender O43 - CFD: 20/06/2011 - 23:17:58 - [9224824] ----D- C:\Program Files\Windows Journal O43 - CFD: 20/06/2011 - 23:17:58 - [6667776] ----D- C:\Program Files\Windows Mail O43 - CFD: 20/06/2011 - 23:17:58 - [7687085] ----D- C:\Program Files\Windows Media Player O43 - CFD: 14/05/2011 - 17:20:26 - [12627636] ----D- C:\Program Files\Windows NT O43 - CFD: 20/06/2011 - 23:17:58 - [5516056] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 20/06/2011 - 23:17:58 - [244736] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 20/06/2011 - 23:17:58 - [9473694] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 15/05/2011 - 17:03:06 - [4735291] ----D- C:\Program Files\WinRAR O43 - CFD: 27/05/2011 - 12:00:18 - [169367912] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 27/05/2011 - 02:42:16 - [99136] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 31/07/2011 - 15:14:14 - [30279883] ----D- C:\Program Files\Common Files\mcafee O43 - CFD: 27/05/2011 - 02:42:16 - [267858407] ----D- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 27/05/2011 - 02:38:00 - [12734371] ----D- C:\Program Files\Common Files\System O43 - CFD: 08/09/2010 - 09:52:38 - [349299] ----D- C:\ProgramData\Acer O43 - CFD: 31/05/2011 - 02:00:04 - [582203418] ----D- C:\ProgramData\Adobe O43 - CFD: 08/09/2010 - 09:34:10 - [495] ----D- C:\ProgramData\AmUStor O43 - CFD: 14/05/2011 - 18:07:04 - [24784896] ----D- C:\ProgramData\Apple O43 - CFD: 14/05/2011 - 18:07:52 - [18047784] ----D- C:\ProgramData\Apple Computer O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 24/02/2011 - 12:27:48 - [188] ----D- C:\ProgramData\ATI O43 - CFD: 14/05/2011 - 19:54:52 - [1202350] ----D- C:\ProgramData\AVAST Software O43 - CFD: 08/09/2010 - 10:04:18 - [2] ----D- C:\ProgramData\BackupManager O43 - CFD: 05/08/2011 - 19:44:16 - [0] ----D- C:\ProgramData\boost_interprocess O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 16/05/2011 - 00:09:36 - [0] ----D- C:\ProgramData\Canneverbe Limited O43 - CFD: 14/05/2011 - 17:23:14 - [9612544] --H-D- C:\ProgramData\CanonBJ O43 - CFD: 14/05/2011 - 18:26:48 - [0] ----D- C:\ProgramData\CheckPoint O43 - CFD: 24/02/2011 - 12:51:18 - [98492] ----D- C:\ProgramData\CyberLink O43 - CFD: 27/05/2011 - 01:52:58 - [1284] ----D- C:\ProgramData\DAEMON Tools Lite O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 24/02/2011 - 12:26:34 - [169899] ----D- C:\ProgramData\EgisTec IPS O43 - CFD: 08/09/2010 - 09:39:42 - [420] ----D- C:\ProgramData\eSobi O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 30/07/2011 - 22:19:14 - [3237] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 31/07/2011 - 17:29:40 - [2425660] ----D- C:\ProgramData\McAfee O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 27/05/2011 - 02:40:36 - [1924900407] -S--D- C:\ProgramData\Microsoft O43 - CFD: 27/05/2011 - 02:45:20 - [20966] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 15/05/2011 - 17:43:38 - [0] ----D- C:\ProgramData\NtiDvdCopy O43 - CFD: 08/09/2010 - 09:48:12 - [25517864] ----D- C:\ProgramData\OberonGameConsole O43 - CFD: 14/05/2011 - 17:22:26 - [736] ----D- C:\ProgramData\oem O43 - CFD: 30/05/2011 - 23:35:42 - [3410] ----D- C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 31/07/2011 - 17:27:56 - [29012936] ----D- C:\ProgramData\Spybot - Search & Destroy O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 08/09/2010 - 10:01:00 - [29491] ----D- C:\ProgramData\Symantec O43 - CFD: 24/02/2011 - 12:50:36 - [163911] ----D- C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 15/05/2011 - 16:49:40 - [121] ----D- C:\ProgramData\WinZip O43 - CFD: 15/06/2011 - 00:48:58 - [3635789] ----D- C:\Users\Nathalie\AppData\Roaming\Adobe O43 - CFD: 14/05/2011 - 18:09:20 - [607966] ----D- C:\Users\Nathalie\AppData\Roaming\Apple Computer O43 - CFD: 14/05/2011 - 17:23:38 - [0] ----D- C:\Users\Nathalie\AppData\Roaming\ATI O43 - CFD: 03/08/2011 - 10:48:58 - [936370] ----D- C:\Users\Nathalie\AppData\Roaming\BitTorrent O43 - CFD: 16/05/2011 - 00:09:36 - [1528] ----D- C:\Users\Nathalie\AppData\Roaming\Canneverbe Limited O43 - CFD: 07/08/2011 - 14:16:40 - [7380] ----D- C:\Users\Nathalie\AppData\Roaming\Canon O43 - CFD: 31/05/2011 - 03:17:16 - [8227] ----D- C:\Users\Nathalie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O43 - CFD: 27/05/2011 - 02:33:04 - [546] ----D- C:\Users\Nathalie\AppData\Roaming\DAEMON Tools Lite O43 - CFD: 15/06/2011 - 01:35:34 - [24574] ----D- C:\Users\Nathalie\AppData\Roaming\FileZilla O43 - CFD: 14/05/2011 - 17:22:04 - [0] ----D- C:\Users\Nathalie\AppData\Roaming\Identities O43 - CFD: 14/05/2011 - 17:22:26 - [16944] ----D- C:\Users\Nathalie\AppData\Roaming\Macromedia O43 - CFD: 30/07/2011 - 22:19:20 - [1071] ----D- C:\Users\Nathalie\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 09:44:40 - [0] ----D- C:\Users\Nathalie\AppData\Roaming\Media Center Programs O43 - CFD: 15/07/2011 - 12:29:56 - [24871391] -S--D- C:\Users\Nathalie\AppData\Roaming\Microsoft O43 - CFD: 14/05/2011 - 17:46:36 - [20025266] ----D- C:\Users\Nathalie\AppData\Roaming\Mozilla O43 - CFD: 14/05/2011 - 18:05:08 - [253298] ----D- C:\Users\Nathalie\AppData\Roaming\Opera O43 - CFD: 05/07/2011 - 23:51:04 - [1254] ----D- C:\Users\Nathalie\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 O43 - CFD: 31/07/2011 - 15:14:00 - [2001570] ----D- C:\Users\Nathalie\AppData\Roaming\red-r O43 - CFD: 14/05/2011 - 23:50:38 - [12] ----D- C:\Users\Nathalie\AppData\Roaming\WinRAR O43 - CFD: 07/06/2011 - 18:18:08 - [36884166] ----D- C:\Users\Nathalie\AppData\Local\Adobe O43 - CFD: 14/05/2011 - 18:07:04 - [0] ----D- C:\Users\Nathalie\AppData\Local\Apple O43 - CFD: 14/05/2011 - 18:09:02 - [32604712] ----D- C:\Users\Nathalie\AppData\Local\Apple Computer O43 - CFD: 14/05/2011 - 17:20:36 - [0] -SH-D- C:\Users\Nathalie\AppData\Local\Application Data O43 - CFD: 14/05/2011 - 17:23:38 - [59728] ----D- C:\Users\Nathalie\AppData\Local\ATI O43 - CFD: 30/07/2011 - 18:19:10 - [1196212] ----D- C:\Users\Nathalie\AppData\Local\Diagnostics O43 - CFD: 14/05/2011 - 17:22:28 - [183] ----D- C:\Users\Nathalie\AppData\Local\EgisTec IPS O43 - CFD: 14/05/2011 - 17:46:30 - [359850478] ----D- C:\Users\Nathalie\AppData\Local\Google O43 - CFD: 14/05/2011 - 17:20:36 - [0] -SH-D- C:\Users\Nathalie\AppData\Local\Historique O43 - CFD: 06/07/2011 - 13:27:34 - [763708776] ----D- C:\Users\Nathalie\AppData\Local\Microsoft O43 - CFD: 27/05/2011 - 17:18:04 - [72684] ----D- C:\Users\Nathalie\AppData\Local\Microsoft Help O43 - CFD: 14/05/2011 - 17:46:22 - [114577409] ----D- C:\Users\Nathalie\AppData\Local\Mozilla O43 - CFD: 14/05/2011 - 18:05:08 - [14663451] ----D- C:\Users\Nathalie\AppData\Local\Opera O43 - CFD: 07/08/2011 - 17:13:30 - [35663917] ----D- C:\Users\Nathalie\AppData\Local\Temp O43 - CFD: 14/05/2011 - 17:20:36 - [0] -SH-D- C:\Users\Nathalie\AppData\Local\Temporary Internet Files O43 - CFD: 15/05/2011 - 12:11:26 - [92104] ----D- C:\Users\Nathalie\AppData\Local\VirtualStore O43 - CFD: 14/05/2011 - 23:23:04 - [3511045] ----D- C:\Program Files (x86)\7-Zip O43 - CFD: 24/02/2011 - 12:24:04 - [52948568] ----D- C:\Program Files (x86)\Acer O43 - CFD: 24/02/2011 - 12:51:20 - [274390901] ----D- C:\Program Files (x86)\Acer Arcade Deluxe O43 - CFD: 08/09/2010 - 09:48:12 - [824395350] ----D- C:\Program Files (x86)\Acer GameZone O43 - CFD: 24/02/2011 - 12:31:32 - [2594662] ----D- C:\Program Files (x86)\AcerCrystalEye O43 - CFD: 15/05/2011 - 12:29:02 - [84288736] ----D- C:\Program Files (x86)\Ad-Remover O43 - CFD: 27/05/2011 - 11:59:42 - [3019018685] ----D- C:\Program Files (x86)\Adobe O43 - CFD: 08/09/2010 - 09:34:10 - [3017926] ----D- C:\Program Files (x86)\AmIcoSingLun O43 - CFD: 14/05/2011 - 18:07:04 - [2221118] ----D- C:\Program Files (x86)\Apple Software Update O43 - CFD: 24/02/2011 - 12:21:48 - [86076969] ----D- C:\Program Files (x86)\ATI Technologies O43 - CFD: 14/05/2011 - 23:29:00 - [4769136] ----D- C:\Program Files (x86)\BitTorrent O43 - CFD: 14/05/2011 - 18:07:20 - [617148] ----D- C:\Program Files (x86)\Bonjour O43 - CFD: 14/06/2011 - 13:06:56 - [205064347] ----D- C:\Program Files (x86)\Canon O43 - CFD: 31/07/2011 - 15:14:14 - [911005283] ----D- C:\Program Files (x86)\Common Files O43 - CFD: 24/02/2011 - 12:49:00 - [449962] ----D- C:\Program Files (x86)\Cyberlink O43 - CFD: 27/05/2011 - 01:54:20 - [17153256] ----D- C:\Program Files (x86)\DAEMON Tools Lite O43 - CFD: 08/09/2010 - 09:55:58 - [3623787] ----D- C:\Program Files (x86)\EgisTec IPS O43 - CFD: 08/09/2010 - 09:55:10 - [50254987] ----D- C:\Program Files (x86)\EgisTec MyWinLocker O43 - CFD: 08/09/2010 - 09:54:34 - [2243204] ----D- C:\Program Files (x86)\EgisTec MyWinLockerSuite O43 - CFD: 08/09/2010 - 09:56:02 - [5587784] ----D- C:\Program Files (x86)\EgisTec Shredder O43 - CFD: 08/09/2010 - 09:39:36 - [21920374] ----D- C:\Program Files (x86)\eSobi O43 - CFD: 06/06/2011 - 17:02:26 - [0] ----D- C:\Program Files (x86)\FastestTube O43 - CFD: 15/06/2011 - 00:57:54 - [17053952] ----D- C:\Program Files (x86)\FileZilla FTP Client O43 - CFD: 15/05/2011 - 16:35:08 - [1018100] ----D- C:\Program Files (x86)\IcoSauve O43 - CFD: 07/06/2011 - 15:28:06 - [225337671] --H-D- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 24/02/2011 - 12:32:10 - [17563923] ----D- C:\Program Files (x86)\Intel O43 - CFD: 19/06/2011 - 21:36:26 - [4915978] ----D- C:\Program Files (x86)\Internet Explorer O43 - CFD: 24/02/2011 - 12:27:40 - [7515192] ----D- C:\Program Files (x86)\Launch Manager O43 - CFD: 31/07/2011 - 15:14:12 - [848372] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 31/07/2011 - 15:14:14 - [11280526] ----D- C:\Program Files (x86)\McAfee O43 - CFD: 31/07/2011 - 15:14:14 - [428064] ----D- C:\Program Files (x86)\mcafee.com O43 - CFD: 24/02/2011 - 12:35:40 - [226432] ----D- C:\Program Files (x86)\Microsoft O43 - CFD: 27/05/2011 - 02:37:30 - [39769547] ----D- C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 27/05/2011 - 02:37:06 - [36012367] ----D- C:\Program Files (x86)\Microsoft Office O43 - CFD: 21/06/2011 - 20:15:22 - [38411899] ----D- C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 24/02/2011 - 12:46:50 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD: 27/05/2011 - 02:38:38 - [64793621] ----D- C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 03/08/2011 - 10:49:34 - [8167779] ----D- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 31/07/2011 - 15:14:14 - [32665129] ----D- C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 27/05/2011 - 02:41:04 - [26521] ----D- C:\Program Files (x86)\MSBuild O43 - CFD: 19/06/2011 - 14:37:24 - [0] ----D- C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 08/09/2010 - 10:03:50 - [1234092674] ----D- C:\Program Files (x86)\NewTech Infosystems O43 - CFD: 14/05/2011 - 17:21:20 - [106432] ----D- C:\Program Files (x86)\OEM O43 - CFD: 31/07/2011 - 15:14:14 - [31684384] ----D- C:\Program Files (x86)\Opera O43 - CFD: 08/09/2010 - 09:32:24 - [3358313] ----D- C:\Program Files (x86)\Realtek O43 - CFD: 31/07/2011 - 15:14:04 - [80018660] ----D- C:\Program Files (x86)\Red-R O43 - CFD: 14/07/2009 - 07:32:40 - [39159041] ----D- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 15/05/2011 - 16:04:54 - [1265949] ----D- C:\Program Files (x86)\RegCleaner O43 - CFD: 14/05/2011 - 18:07:54 - [42294986] ----D- C:\Program Files (x86)\Safari O43 - CFD: 31/07/2011 - 15:14:14 - [39359791] ----D- C:\Program Files (x86)\Spybot - Search & Destroy O43 - CFD: 08/09/2010 - 10:01:00 - [6451412] ----D- C:\Program Files (x86)\Symantec O43 - CFD: 24/02/2011 - 12:22:30 - [0] --H-D- C:\Program Files (x86)\Temp O43 - CFD: 31/07/2011 - 15:14:04 - [19826077] ----D- C:\Program Files (x86)\The Unscrambler X 10.1 O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information O43 - CFD: 24/02/2011 - 21:13:16 - [524800] ----D- C:\Program Files (x86)\Windows Defender O43 - CFD: 24/02/2011 - 12:47:40 - [147804988] ----D- C:\Program Files (x86)\Windows Live O43 - CFD: 24/02/2011 - 12:44:40 - [245112] ----D- C:\Program Files (x86)\Windows Live SkyDrive O43 - CFD: 20/06/2011 - 23:18:00 - [6181376] ----D- C:\Program Files (x86)\Windows Mail O43 - CFD: 20/06/2011 - 23:18:00 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT O43 - CFD: 20/06/2011 - 23:18:00 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 20/06/2011 - 23:18:00 - [189952] ----D- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 20/06/2011 - 23:18:00 - [6406923] ----D- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 15/05/2011 - 16:47:08 - [37684651] ----D- C:\Program Files (x86)\WinZip O43 - CFD: 07/08/2011 - 17:12:30 - [4002788] ----D- C:\Program Files (x86)\ZHPDiag O43 - CFD: 14/05/2011 - 18:27:48 - [0] ----D- C:\Program Files (x86)\Zone Labs O43 - CFD: 27/05/2011 - 11:58:00 - [378091786] ----D- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 27/05/2011 - 11:53:48 - [32158176] ----D- C:\Program Files (x86)\Common Files\Adobe AIR O43 - CFD: 14/05/2011 - 18:07:12 - [52831429] ----D- C:\Program Files (x86)\Common Files\Apple O43 - CFD: 24/02/2011 - 12:50:02 - [3261625] ----D- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 31/07/2011 - 15:14:14 - [3625896] ----D- C:\Program Files (x86)\Common Files\mcafee O43 - CFD: 27/05/2011 - 02:42:36 - [150907062] ----D- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 08/09/2010 - 09:41:34 - [354896] ----D- C:\Program Files (x86)\Common Files\Oberon Media O43 - CFD: 24/02/2011 - 12:32:12 - [161212] ----D- C:\Program Files (x86)\Common Files\postureAgent O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 24/02/2011 - 21:13:16 - [10538531] ----D- C:\Program Files (x86)\Common Files\System O43 - CFD: 24/02/2011 - 12:41:28 - [237968185] ----D- C:\Program Files (x86)\Common Files\Windows Live ~ Scan Program Folder in 01mn 21s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.65594C627A05B8394109FD5436C1AC17] - 07/08/2011 - 15:56:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1460542] O44 - LFC:[MD5.CF40610DF5E7B067AA30AF8EA40977D0] - 07/08/2011 - 15:45:38 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.903A6B80FFC4AB898F9330411D227981] - 07/08/2011 - 13:11:49 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1537722] O44 - LFC:[MD5.24DE916434A44E6469ACA6816C427C13] - 07/08/2011 - 13:11:49 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [105512] O44 - LFC:[MD5.FE9F263C8D1D54E6E219FA96240304DB] - 07/08/2011 - 13:11:49 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [129764] O44 - LFC:[MD5.F29F9B8F8DD6E50B2F446393FF9DC94D] - 07/08/2011 - 13:11:49 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [611332] O44 - LFC:[MD5.CB2E2A6D01AEB90FF801FA8C0DF6D15B] - 07/08/2011 - 13:11:49 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [699376] O44 - LFC:[MD5.903A6B80FFC4AB898F9330411D227981] - 07/08/2011 - 13:11:49 RSHAD . (...) -- C:\Windows\system32\PerfStringBackup.INI [1537722] O44 - LFC:[MD5.24DE916434A44E6469ACA6816C427C13] - 07/08/2011 - 13:11:49 RSHAD . (...) -- C:\Windows\system32\perfc009.dat [105512] O44 - LFC:[MD5.FE9F263C8D1D54E6E219FA96240304DB] - 07/08/2011 - 13:11:49 RSHAD . (...) -- C:\Windows\system32\perfc00C.dat [129764] O44 - LFC:[MD5.F29F9B8F8DD6E50B2F446393FF9DC94D] - 07/08/2011 - 13:11:49 RSHAD . (...) -- C:\Windows\system32\perfh009.dat [611332] O44 - LFC:[MD5.CB2E2A6D01AEB90FF801FA8C0DF6D15B] - 07/08/2011 - 13:11:49 RSHAD . (...) -- C:\Windows\system32\perfh00C.dat [699376] O44 - LFC:[MD5.12C074A016AD7EF78A211210305E684C] - 05/08/2011 - 13:37:00 ---A- . (...) -- C:\Windows\setupact.log [10169] O44 - LFC:[MD5.D4471287D298ABF1F57F2567C525DE9B] - 05/08/2011 - 13:36:58 ---A- . (...) -- C:\Windows\MEMORY.DMP [487853091] O44 - LFC:[MD5.5A05A367E10EB5A8F34419DE9A22EC14] - 30/07/2011 - 17:38:00 ---A- . (...) -- C:\ComboFix.txt [24181] O44 - LFC:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 16/07/2011 - 11:13:44 RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904] O44 - LFC:[MD5.540DAF1CEA6094886D72126FD7C33048] - 16/07/2011 - 11:13:44 RSHAD . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008] O44 - LFC:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 16/07/2011 - 11:13:44 RSHAD . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496] O44 - LFC:[MD5.0A92CB65770442ED0DC44834632F66AD] - 16/07/2011 - 11:13:44 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352] O44 - LFC:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 16/07/2011 - 11:13:44 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272] O44 - LFC:[MD5.D110FD79306203CCFC83C39F05083A45] - 15/07/2011 - 14:23:53 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [4968944] O44 - LFC:[MD5.D110FD79306203CCFC83C39F05083A45] - 15/07/2011 - 14:23:53 RSHAD . (...) -- C:\Windows\system32\FNTCACHE.DAT [4968944] ~ Scan Files in 00mn 22s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\mfefirek.sys . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- C:\Windows\system32\Drivers\mfefirek.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\mfehidk.sys . (.McAfee, Inc. - McAfee Link Driver.) -- C:\Windows\system32\Drivers\mfehidk.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{7946ac49-3fff-11e0-9033-806e6f6e6963}\AutoRun\command. (...) -- D:\wubi.exe ~ Scan Keys in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ Scan Keys in 00mn 00s ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 10/06/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088] O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536] O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864] O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 RSHAD . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440] O58 - SDL:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 16/07/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904] O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 10/06/2009 - 02:52:20 RSHAD . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128] O58 - SDL:[MD5.540DAF1CEA6094886D72126FD7C33048] - 16/07/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008] O58 - SDL:[MD5.391887990CDAA83DE5C56C3FDE966DA1] - 08/09/2010 - 14:32:38 RSHAD . (.Alcor Micro, Corp. - Alocr Micro USB Mass Storage Driver.) -- C:\Windows\system32\drivers\AmUStor.sys [40448] O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632] O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 13/07/2009 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856] O58 - SDL:[MD5.931884F5F2D7E6973366782690BF1754] - 17/09/2010 - 22:57:34 RSHAD . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\drivers\athrx.sys [2350952] O58 - SDL:[MD5.2D648572BA9A610952FCAFBA1E119C2D] - 08/09/2010 - 22:21:46 RSHAD . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys [125456] O58 - SDL:[MD5.D3E6B2E1394D93FE9DB0BA24814B0D8F] - 08/09/2010 - 02:15:04 RSHAD . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [6406144] O58 - SDL:[MD5.CC4D915D786D3DA973B2EA9B95D59A29] - 08/09/2010 - 23:39:36 RSHAD . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [188928] O58 - SDL:[MD5.D3E6B2E1394D93FE9DB0BA24814B0D8F] - 08/09/2010 - 02:15:04 RSHAD . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys [6406144] O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848] O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 14/07/2009 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432] O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 14/07/2009 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704] O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 RSHAD . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720] O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104] O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976] O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 14/07/2009 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720] O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480] O58 - SDL:[MD5.676535B3156FECF7133CF80B4D2F6CF7] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) -- C:\Windows\system32\drivers\cfwids.sys [63056] O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 RSHAD . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 10/06/2009 - 02:47:48 RSHAD . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496] O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 14/07/2009 - 21:31:59 RSHAD . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.B6AC71AAA2B10848F57FC49D55A651AF] - 20/09/2010 - 05:54:54 RSHAD . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\system32\drivers\HECIx64.sys [56344] O58 - SDL:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 19/06/2011 - 14:33:35 RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [78720] O58 - SDL:[MD5.ABBF174CB394F5C437410A788B7E404A] - 08/09/2010 - 03:51:40 RSHAD . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys [540696] O58 - SDL:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 16/07/2011 - 07:41:26 RSHAD . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496] O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 13/07/2009 - 02:48:04 RSHAD . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112] O58 - SDL:[MD5.32980B4E711D2EF7128C44DC2CF85706] - 08/09/2010 - 03:33:36 RSHAD . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controller.) -- C:\Windows\system32\drivers\L1C62x64.sys [76912] O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752] O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560] O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600] O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776] O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 10/06/2009 - 02:48:04 RSHAD . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392] O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 13/07/2009 - 02:48:04 RSHAD . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736] O58 - SDL:[MD5.31338E489314AE2A29534FBAA7AD2F1B] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - Access Protection Filter Driver.) -- C:\Windows\system32\drivers\mfeapfk.sys [121376] O58 - SDL:[MD5.5822E70233218BCF22A65FCEA74D012D] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- C:\Windows\system32\drivers\mfeavfk.sys [190520] O58 - SDL:[MD5.7072F8DD8DD346EACDD688EB695D1D2A] - 15/05/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee Driver Cleaning Driver.) -- C:\Windows\system32\drivers\mfeclnk.sys [9984] O58 - SDL:[MD5.5A24E7C834576313D8C5EAF0825DA844] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- C:\Windows\system32\drivers\mfefirek.sys [441840] O58 - SDL:[MD5.A2607740BB18D631DA01E01DCB81843B] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee Link Driver.) -- C:\Windows\system32\drivers\mfehidk.sys [530304] O58 - SDL:[MD5.50C3A9D7465D385061C0601DEEFB5A8E] - 15/05/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) -- C:\Windows\system32\drivers\mfenlfk.sys [75160] O58 - SDL:[MD5.EDF5EE799A0B3ED6DCE8BB16A51F3D1F] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - McAfee Code Analysis Driver.) -- C:\Windows\system32\drivers\mferkdet.sys [94992] O58 - SDL:[MD5.9182FAF9ADDD5EA6308D155CEB502C6F] - 14/04/2011 - 13:01:38 RSHAD . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) -- C:\Windows\system32\drivers\mfewfpk.sys [283744] O58 - SDL:[MD5.6FFECC25B39DC7652A0CEC0ADA9DB589] - 08/09/2010 - 03:15:30 RSHAD . (.Egis Technology Inc. - PSD Filter Driver.) -- C:\Windows\system32\drivers\mwlPSDFilter.sys [22576] O58 - SDL:[MD5.0BEFE32CA56D6EE89D58175725596A85] - 08/09/2010 - 03:15:30 RSHAD . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) -- C:\Windows\system32\drivers\mwlPSDNserv.sys [20016] O58 - SDL:[MD5.D43BC633B8660463E446E28E14A51262] - 08/09/2010 - 03:15:30 RSHAD . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) -- C:\Windows\system32\drivers\mwlPSDVDisk.sys [60464] O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 13/07/2009 - 02:48:26 RSHAD . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264] O58 - SDL:[MD5.710263B44C1D1AEE07525A53401FBE48] - 08/09/2010 - 07:21:38 RSHAD . (.NTI Corporation - NTI CD-ROM Filter Driver.) -- C:\Windows\system32\drivers\NTIDrvr.sys [18432] O58 - SDL:[MD5.0A92CB65770442ED0DC44834632F66AD] - 16/07/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352] O58 - SDL:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 16/07/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272] O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 10/06/2009 - 02:45:46 RSHAD . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816] O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 13/07/2009 - 02:45:45 RSHAD . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592] O58 - SDL:[MD5.A0EAB13A78CC5FB960EC76E3D6408DA3] - 24/02/2011 - 10:26:12 RSHAD . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [2271648] O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 14/07/2009 - 21:37:19 RSHAD . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040] O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 10/06/2009 - 02:45:45 RSHAD . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584] O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 13/07/2009 - 02:45:46 RSHAD . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/05/2011 - 00:00:00 RSHAD . (...) -- C:\Windows\system32\drivers\sptd.sys [513080] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 02:45:55 RSHAD . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656] O58 - SDL:[MD5.CE9B5A79AEE330BC7E88C0441E5727BB] - 08/09/2010 - 13:17:42 RSHAD . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [316464] O58 - SDL:[MD5.825E7A1F48FB8BCFBA27C178AAB4E275] - 24/02/2011 - 12:48:02 RSHAD . (...) -- C:\Windows\system32\drivers\TurboB.sys [13784] O58 - SDL:[MD5.40079B0B801C5432BA435B5AD61CE6E3] - 08/09/2010 - 07:21:38 RSHAD . (.NTI Corporation - NTI CD-ROM Filter Driver.) -- C:\Windows\system32\drivers\UBHelper.sys [17408] O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 RSHAD . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488] O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 10/06/2009 - 02:45:55 RSHAD . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872] ~ Scan Drivers in 00mn 06s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 21/04/2010 - C:\Windows\system32\DRIVERS\atipmdag.sys - No object(No service) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\cfwids.sys - No object(No service) .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mfeapfk.sys - No object(No service) .(.McAfee, Inc. - Access Protection Filter Driver.) - LEGACY_MFEAPFK O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mfeavfk.sys - No object(No service) .(.McAfee, Inc. - Anti-Virus File System Filter Driver.) - LEGACY_MFEAVFK O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mfefirek.sys - No object(No service) .(.McAfee, Inc. - McAfee Core Firewall Engine Driver.) - LEGACY_MFEFIREK O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mfehidk.sys - No object(No service) .(.McAfee, Inc. - McAfee Link Driver.) - LEGACY_MFEHIDK O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\DRIVERS\mfenlfk.sys - No object(No service) .(.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - LEGACY_MFENLFK O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mferkdet.sys - No object(No service) .(.McAfee, Inc. - McAfee Code Analysis Driver.) - LEGACY_MFERKDET O64 - Services: CurCS - 14/04/2011 - C:\Windows\system32\drivers\mfewfpk.sys - No object(No service) .(.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - LEGACY_MFEWFPK O64 - Services: CurCS - 03/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys - No object(No service) .(.Egis Technology Inc. - PSD Filter Driver.) - LEGACY_MWLPSDFILTER O64 - Services: CurCS - 03/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys - No object(No service) .(.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - LEGACY_MWLPSDNSERV O64 - Services: CurCS - 03/06/2009 - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys - No object(No service) .(.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - LEGACY_MWLPSDVDISK O64 - Services: CurCS - ??/??/???? - C:\Windows\system32\Drivers\sptd.sys - No object (No service) .(...) - LEGACY_SPTD O64 - Services: CurCS - 02/11/2009 - C:\Windows\system32\DRIVERS\TurboB.sys - No object (No service) .(...) - LEGACY_TURBOB ~ Scan Services in 00mn 02s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (. - .) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} [DefaultScope] - (search-web.net) - http://search-web.net3A%23FFFFF0%3B&ie=iso-8859-1&oe=iso-8859-1&sa=Rechercher&lang=en&q={searchTerms} O69 - SBI: SearchScopes [HKCU] {7EC58ED8-94E5-456C-A1B0-74AEAE83D732} - (Google) - http://www.google.com ~ Scan Keys in 00mn 03s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][27/06/2011] (...) -- C:\Users\Nathalie\AppData\Local\Temp\GURC486.exe [0] [MD5.4965B005492CBA7719E82B71E3245495] [SPRF][17/03/2010] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\Nathalie\AppData\Local\Temp\ose00000.exe [174440] [MD5.B1A08E74F87F625223E99595D157B2F9] [SPRF][19/01/2001] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\Nathalie\AppData\Local\Temp\Riched30.exe [332048] [MD5.B7670E6B00E95D77CEC02EE9B3BB0D8F] [SPRF][27/05/2011] (...) -- C:\Users\Nathalie\AppData\Local\Temp\Uni000.exe [56352] [MD5.F4F77DEEBE75D33CDC4DE9F3E7492A4F] [SPRF][12/07/2011] (...) -- C:\Users\Nathalie\Desktop\rasmol.exe [349696] ~ Scan Files in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "{134AF054-F230-484C-86A4-5E223C2B18D3}" | In - Public - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe O87 - FAEL: "{4E00959B-1DBA-4BFD-8A4A-CF53608B3C40}" | In - Public - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe O87 - FAEL: "{29CFBFA6-D0C9-4D1F-BCCA-DC1A79A0A62F}" | In - Public - P6 - TRUE | .(.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O87 - FAEL: "{B2BA4C44-1E2B-44D7-9DDA-98AFFE63C879}" | In - Public - P6 - TRUE | .(.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O87 - FAEL: "{54472E90-D9B7-475C-A695-6DAE862C081F}" | In - Public - P17 - TRUE | .(.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O87 - FAEL: "{907AA42A-5D3E-4186-AA2F-6BFF370CD11C}" | In - Public - P17 - TRUE | .(.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O87 - FAEL: "{CAF9A5DD-B228-4082-BB74-DD30308817A6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\PowerCinema.exe (.not file.) O87 - FAEL: "{03BB87CC-DD9F-4D80-BD89-031D0FD43CBB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\PCMService.exe (.not file.) O87 - FAEL: "{D19B2C86-6150-42DD-BC03-AC8F22FACE43}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\DMP\CLBrowserEngine.exe (.not file.) O87 - FAEL: "{2D142749-318C-4190-A6A0-C6566BEC60E5}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\DMS\CLMSService.exe (.not file.) O87 - FAEL: "{950DE6CB-667A-45EA-8F80-51D3DD1D2111}" | In - None - P17 - TRUE | .(.Acer Incorporated - Acer HomeMedia.) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe O87 - FAEL: "{7D679E19-390B-4FEF-AE5F-297EBD286200}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovie.exe (.not file.) O87 - FAEL: "{35B96878-8F5A-4C22-BF7F-3AE258EC57B1}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovieService.exe (.not file.) O87 - FAEL: "{1E0E8839-0CE2-4E44-8242-3165055FE38B}" | In - Private - P6 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe O87 - FAEL: "{CAC9AA30-0E1F-4E2F-9C20-C29CFE3EE936}" | In - Private - P17 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe O87 - FAEL: "{23A78585-41FE-4356-8B2A-B79DCDC03C15}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe O87 - FAEL: "{07EBC97E-B2D0-4AD2-AEF9-88CA9023490A}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe O87 - FAEL: "{910C79B8-198C-455B-8974-3E85980A4B4A}" | In - Private - P6 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe O87 - FAEL: "{ECD8F9CA-A3A4-4CFE-91D7-558F381D9670}" | In - Private - P17 - TRUE | .(.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe ~ Scan Firewall in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 8584 - (05/08/2011) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 1 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] =>Hijacker.ChercheUS [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web] =>Hijacker.ChercheUS [HKCU\Software\PCTuto] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\PCTuto] =>Spyware.AgenceExclusive C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\6lsv3z2c.default\SearchPlugins\cherche.xml =>Hijacker.ChercheUS ~ Scan Additionnel in 00mn 23s ---\\ Recherche détournement de DNS routeur (O89) DNS request timed out. timeout was 2 seconds. Serveur : UnKnown Address: 192.168.0.254 Nom : www.l.google.com Addresses: 2a00:1450:4001:c01::69 209.85.148.99 209.85.148.147 209.85.148.106 209.85.148.103 209.85.148.105 209.85.148.104 Aliases: www.google.fr www.google.com ~ Scan DNS in 00mn 05s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 08/09/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe SR - | Auto 14/05/2011 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SR - | Auto 08/09/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Auto 24/02/2011 868896 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SR - | Auto 08/09/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SR - | Auto 24/02/2011 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 10/03/2010 355440 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 355440 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 355440 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 355440 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 355440 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Demand 07/10/2010 509416 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe SS - | Disabled 10/03/2010 355440 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 355440 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 15/05/2011 200056 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 15/05/2011 245352 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SS - | Auto 15/05/2011 149032 | (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe SR - | Auto 10/03/2010 355440 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Demand 08/09/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe SR - | Auto 08/09/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SR - | Auto 08/09/2010 255744 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SS - | Demand 08/09/2010 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 08/09/2010 144640 | (NTISchedulerSvc) . (.NTI, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 24/02/2011 244904 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe SR - | Auto 14/05/2011 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe SS - | Demand 27/05/2011 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 24/02/2011 126352 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe SR - | Auto 24/02/2011 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 08/09/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe ~ Scan Services in 00mn 09s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Nathalie at 07/08/2011 17:15:30 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ Scan MBR in 00mn 13s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Nathalie at 07/08/2011 17:15:32 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 15s End of the scan (1212 lines in 04mn 13s)(0)