Sujet Précédent Sujet Suivant

Infections Tuto4PC & search-web. SOS

Résolu/Fermé
Cosi-Fan-Tutte Messages postés 62 Date d'inscription samedi 19 mars 2011 Statut Membre Dernière intervention 22 février 2012 - 20 août 2011 à 02:21
Cosi-Fan-Tutte Messages postés 62 Date d'inscription samedi 19 mars 2011 Statut Membre Dernière intervention 22 février 2012 - 26 août 2011 à 02:49
Bonjour,

Mon PC est infecté.
Tuto4PC et search-web
Ci-joint un ZHPDiag, pour ceux qui pourraient m'aider.
Merci d'avance.

Cordialement
Cosi-Fan-Tutte



ZHPDiag :
Rapport de ZHPDiag v1.28.1313 par Nicolas Coolman, Update du 05/08/2011
Run by Nathalie at 07/08/2011 17:11:19
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
OPIE: Opera v11.10
MFIE: Mozilla Firefox 4.0.1 v (Defaut)
GCIE: Google Chrome v13.0.782.107

---\\ Windows Product Information
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4028 MB (61% free)
System Restore: Désactivé (Disabled)
System drive C: has 155 GB (67%) free of 229 GB

---\\ Logged in mode
~ Computer Name: BIOPTIMIZE
~ User Name: Nathalie
~ All Users Names: Nathalie, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Nathalie\AppData\Roaming\
~ %Desktop% : C:\Users\Nathalie\Desktop\
~ %Favorites% : C:\Users\Nathalie\Favorites\
~ %LocalAppData% : C:\Users\Nathalie\AppData\Local\
~ %StartMenu% : C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 155 Go of 229 Go)
D:\ CD-ROM drive (Free 0 Go of 4 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/05/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.14/07/2009 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024]
[MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/05/2011 - 12:06:32.) -- C:\Windows\system32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.19/06/2011 - 14:25:30.) -- C:\Windows\system32\Winlogon.exe [390656]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.16/07/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.19/06/2011 - 14:27:26.) -- C:\Windows\system32\sppcomapi.dll [232448]
[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.19/06/2011 - 14:07:20.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 6/120
~ Mes Favoris (My Favorites) : 3/48
~ Mes Documents (My Documents) : 6/114
~ Mon Bureau (My Desktop) : 2/17762
~ Menu demarrer (Programs) : 7/31
~ Scan Hidden Files in 00mn 44s



---\\ Processus lancés
[MD5.0D6972A795995F07B6D78CA7724744FB] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552]
[MD5.75102FC486595CF486DFD7239BE30DD5] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480]
[MD5.A07E8935CC8DCE6DB787DC99129CA17C] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408]
[MD5.0550FBCEE76B6B8BD0045C898394E728] - (.Pierre TORRIS - Sauvegarde et restauration du bureau.) -- C:\Program Files (x86)\IcoSauve\IcoSauve.exe [131072]
[MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920]
[MD5.94F80155B91B8DF7A0EAD527C853D377] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984]
[MD5.38218E47372B77DDB3C9DDD4390CB960] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [975952]
[MD5.506FCC5EEE85B165498513022EF26E65] - (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288]
[MD5.F255E48EA981E943A14CF16269F3F3AF] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584]
[MD5.1DB860CA1C72B0B953B9555BB390E554] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [305744]
[MD5.A3A82800FF19B26B94D2327A2F11067E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]
[MD5.12FDBDA5759C7A19F57799F91F9F97A4] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [664064]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [345376]
[MD5.9CF46FDF163E06B83D03FF929EF2296C] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104]
[MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584]
[MD5.9A308FCDCCA98A15B6F62D36A272160E] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744]
[MD5.B8D903B2894FF9AFBD99CA51C35590D7] - (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- C:\Windows\SysWOW64\rundll32.exe [44544]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368]
[MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656]
[MD5.CBDEE152D73200EE49031A26310B9D3E] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400]
~ Scan Processes Running in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.fr/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [fheoggkfdfchfphceeifdbepaooicaho] SiteAdvisor v.3.31.137.7 (Activé)
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\6lsv3z2c.default\prefs.js
M3 - MFPP: Plugins - [Nathalie] -- C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\6lsv3z2c.default\searchplugins\cherche.xml
M0 - MFSP: prefs.js [Nathalie - 6lsv3z2c.default] http://ww38.search-web.net/?subid1=20200207-1536-4930-a96a-738ee46022d1
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_25 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Nathalie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Nathalie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?cobrand=acer.msn.com&ocid=AARDHP&pc=MAAR
R0 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = search-web.net
R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search-web.net3a%23fffff0%3b&ie=iso-8859-1&oe=iso-8859-1&sa=rechercher&lang=en&q={searchterms}
R1 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww38.search-web.net/?subid1=20200207-1536-5282-b382-404527b40094
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar [64Bits] - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) (3,3,1,137) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Scan Hosts File in 00mn 08s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515001500.dll
O2 - BHO: McAfee SiteAdvisor BHO [64Bits] - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) [64Bits] - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110515001500.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin
O2 - BHO: Adobe PDF Conversion Toolbar Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO [64Bits] - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect [64Bits] - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exek\MediaShow Espresso\5.6 (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-1737815156-1299117830-1191630930-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\7-Zip File Manager.lnk . (.Igor Pavlov.) -- C:\Program Files (x86)\7-Zip\7zFM.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\APriori.lnk . (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\Classic.lnk . (.CEEI Montpellier Agglomération.) -- C:\MBPC\BPCA2_3.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\KNIME.lnk . (...) -- C:\Users\Nathalie\Desktop\knime_2.4.0\knime.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\Microsoft Office.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O4 - Global Startup: C:\Users\Nathalie\Desktop\RegCleaner.lnk . (...) -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\ScanGear Starter.lnk . (.CANON INC..) -- C:\Windows\twain_32\CNQSG\SGST.exe
O4 - Global Startup: C:\Users\Nathalie\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (.not file.)
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O8 - Extra context menu item: Ajouter à un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir au format Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~2\Office14\EXCEL.exe
O8 - Extra context menu item: Recherche avec search-web . (...) -- C:\Users\Nathalie\scriptjava.html
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBTTN~1.dll
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 212.27.40.241 212.27.40.242
O17 - HKLM\System\CS2\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{61E0E7BD-F5BC-400C-ABF7-A215F457AEF9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dssrequest [64Bits] - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: sacore [64Bits] - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated - ePowerSvc.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService (GREGService) . (.Acer Incorporated - Global Registration Service.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Service McAfee Personal Firewall (McMPFSvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield (McShield) . (.McAfee, Inc. - McAfee On-Access Scanner service.) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) . (.McAfee, Inc. - McAfee Core Firewall Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) . (.McAfee, Inc. - McAfee Service Host.) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Norton Online Backup (NOBU) . (.Symantec Corporation - Norton Online Backup Service.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NewTech Infosystems, Inc. - Backup Manager Module.) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) . (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service (Updater Service) . (.Acer Group - Updater Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001UA.job
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001Core] (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1737815156-1299117830-1191630930-1001UA] (.Google Inc..) -- C:\Users\Nathalie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.173B8C968CA5AB0FDD943BF2F8F9523F] [APT] [SpeedyFox] (.SpeedyFox.) -- C:\Users\Nathalie\Downloads\speedyfox.exe
[MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{08111438-A691-468E-A678-E0EEDDF3AEEC}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe
[MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{28BEBBFA-0B8F-4177-99E5-75BB035F7024}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe
[MD5.09BEEC2FC49454000361300EA56CD9A3] [APT] [{A955F25D-7507-4A1D-A256-C4C7906B6333}] (...) -- C:\Users\Nathalie\Desktop\APriori_2.4.9\apriori.exe
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
~ Scan Scheduled Task in 00mn 07s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mfenlfk) . (.McAfee, Inc. - McAfee NDIS Light Filter Driver.) - C:\Windows\system32\DRIVERS\mfenlfk.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (mwlPSDFilter) . (.Egis Technology Inc. - PSD Filter Driver.) - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
O41 - Driver: (mwlPSDNServ) . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
O41 - Driver: (mwlPSDVDisk) . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 9.20 - (.Pas de propriétaire.) [HKLM] -- 7-Zip
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {B36047D4-E932-C4B2-0DF2-94C8577468A9}
O42 - Logiciel: Acer Arcade Deluxe - (.CyberLink Corp..) [HKLM] -- InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}
O42 - Logiciel: Acer Arcade Deluxe - (.CyberLink Corp..) [HKLM] -- {2637C347-9DAD-11D6-9EA2-00055D0CA761}
O42 - Logiciel: Acer Arcade Movie - (.CyberLink Corp..) [HKLM] -- {B906C11A-D193-4143-9FA7-E2EE8A5A8F21}
O42 - Logiciel: Acer Backup Manager - (.NewTech Infosystems.) [HKLM] -- InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}
O42 - Logiciel: Acer Crystal Eye Webcam - (.Suyin Optronics Corp.) [HKLM] -- {7760D94E-B1B5-40A0-9AA0-ABF942108755}
O42 - Logiciel: Acer GameZone Console - (.Oberon Media, Inc..) [HKLM] -- {58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1
O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM] -- Acer Screensaver
O42 - Logiciel: Acer Updater - (.Acer Incorporated.) [HKLM] -- {EE171732-BEB4-4576-887D-CB62727F01CA}
O42 - Logiciel: Acer ePower Management - (.Acer Incorporated.) [HKLM] -- {3DB0448D-AD82-4923-B305-D001E521A964}
O42 - Logiciel: Acer eRecovery Management - (.Acer Incorporated.) [HKLM] -- {7F811A54-5A09-4579-90E1-C93498E230D9}
O42 - Logiciel: Acrobat X Suite - (.Adobe Systems Incorporated.) [HKLM] -- {3F41BA46-09C3-4500-96D7-DC4390AD0124}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe Captivate Quiz Results Analyzer - (.Adobe Systems Incorporated.) [HKLM] -- QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
O42 - Logiciel: Adobe Captivate Reviewer - (.Adobe Systems Incorporated.) [HKLM] -- AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Airport Mania First Flight - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] -- InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}
O42 - Logiciel: Amazonia - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: Backup Manager Basic - (.NewTech Infosystems.) [HKLM] -- {72B776E5-4530-4C4B-9453-751DF87D9D93}
O42 - Logiciel: BitTorrent - (.Pas de propriétaire.) [HKLM] -- BitTorrent
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Cake Mania - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}
O42 - Logiciel: Canon MP110 - (.Pas de propriétaire.) [HKLM] -- {B3467C74-0678-459a-9180-722763E0AFDE}
O42 - Logiciel: Canon My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter
O42 - Logiciel: Canon ScanGear Starter - (.Pas de propriétaire.) [HKLM] -- {18A5DFF2-8A95-49F3-873F-743CB5549F3D}
O42 - Logiciel: Canon Utilities Easy-LayoutPrint - (.Pas de propriétaire.) [HKLM] -- Easy-LayoutPrint
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite
O42 - Logiciel: Dream Day First Home - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}
O42 - Logiciel: Farm Frenzy 2 - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}
O42 - Logiciel: Galapago - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Heroes of Hellas - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}
O42 - Logiciel: IcoSauve - (.Pierre TORRIS.) [HKLM] -- IcoSauve_is1
O42 - Logiciel: Identity Card - (.Acer Incorporated.) [HKLM] -- Identity Card
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM] -- LManager
O42 - Logiciel: McAfee Internet Security Suite - (.McAfee, Inc..) [HKLM] -- MSC
O42 - Logiciel: MediaShow Espresso - (.CyberLink Corp..) [HKLM] -- {4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}
O42 - Logiciel: Merriam Websters Spell Jam - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft Office Professionnel Plus 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.PROPLUS
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: NTI Backup Now 5 - (.NewTech Infosystems.) [HKLM] -- InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}
O42 - Logiciel: NTI Media Maker 8 - (.NewTech Infosystems.) [HKLM] -- InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}
O42 - Logiciel: Opera 11.10 - (.Opera Software ASA.) [HKLM] -- Opera 11.10.2092
O42 - Logiciel: Poker Pop - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}
O42 - Logiciel: R for Windows 2.13.1 - (.R Development Core Team.) [HKLM] -- R for Windows 2.13.1_is1
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Spin & Win - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: WinRAR 4.00 (64-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: eSobi v2 - (.esobi Inc..) [HKLM] -- InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\7-Zip]
[HKCU\Software\ATI]
[HKCU\Software\Acer]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\BitTorrent]
[HKCU\Software\Canneverbe Limited]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CrystalIdea Software]
[HKCU\Software\CyberLink]
[HKCU\Software\DT Soft]
[HKCU\Software\DownloadMR]
[HKCU\Software\Dritek]
[HKCU\Software\FreeDownloadManager.ORG]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\McAfee]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\NewTech Infosystems]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\ODBC]
[HKCU\Software\OEM]
[HKCU\Software\Opera Software]
[HKCU\Software\PCTuto]
[HKCU\Software\Pierre Torris]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Softonic]
[HKCU\Software\Sonix]
[HKCU\Software\Synaptics]
[HKCU\Software\Tg_Downloader_Version]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\Wow6432Node]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\Acer Incorporated]
[HKLM\Software\Acer]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Atheros Communications Inc.]
[HKLM\Software\Canneverbe Limited]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Cyberlink]
[HKLM\Software\DT Soft]
[HKLM\Software\DTS]
[HKLM\Software\Dritek]
[HKLM\Software\EgisTec IPS]
[HKLM\Software\EgisTec Shredder]
[HKLM\Software\EgisTec]
[HKLM\Software\FileZilla 3]
[HKLM\Software\FreeDownloadManager.ORG]
[HKLM\Software\Google]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\MAXSOFT-OCRON]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\McAfee]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Netscape]
[HKLM\Software\NewTech Infosystems]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\OOBEOffer]
[HKLM\Software\Oberon Media]
[HKLM\Software\OemSetup]
[HKLM\Software\Opera Software]
[HKLM\Software\PCTuto]
[HKLM\Software\Policies]
[HKLM\Software\R-core]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\SiteAdvisor]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Suyin Optronics Corp]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/02/2011 - 12:38:26 - [24682404] ----D- C:\Program Files\Acer
O43 - CFD: 14/05/2011 - 17:21:04 - [252761] ----D- C:\Program Files\Acer Accessory Store
O43 - CFD: 27/05/2011 - 12:00:14 - [676093282] ----D- C:\Program Files\Adobe
O43 - CFD: 24/02/2011 - 12:21:08 - [23100144] ----D- C:\Program Files\ATI
O43 - CFD: 14/05/2011 - 19:54:52 - [63602689] ----D- C:\Program Files\AVAST Software
O43 - CFD: 14/05/2011 - 18:07:20 - [195924] ----D- C:\Program Files\Bonjour
O43 - CFD: 14/06/2011 - 13:06:54 - [6248620] ----D- C:\Program Files\Canon
O43 - CFD: 07/06/2011 - 15:27:54 - [15345633] --H-D- C:\Program Files\CanonBJ
O43 - CFD: 16/05/2011 - 13:29:56 - [13063683] ----D- C:\Program Files\CDBurnerXP
O43 - CFD: 31/07/2011 - 15:14:14 - [480951179] ----D- C:\Program Files\Common Files
O43 - CFD: 20/06/2011 - 23:17:58 - [90256916] ----D- C:\Program Files\DVD Maker
O43 - CFD: 14/05/2011 - 17:20:26 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 24/02/2011 - 12:29:28 - [375155] ----D- C:\Program Files\Intel
O43 - CFD: 19/06/2011 - 21:36:26 - [5964050] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 27/05/2011 - 13:39:30 - [102510114] ----D- C:\Program Files\Java
O43 - CFD: 12/07/2011 - 14:07:10 - [932483818] ----D- C:\Program Files\knime_2.4.0
O43 - CFD: 31/07/2011 - 15:14:18 - [80040421] ----D- C:\Program Files\mcafee
O43 - CFD: 31/07/2011 - 15:14:14 - [2496451] ----D- C:\Program Files\mcafee.com
O43 - CFD: 27/05/2011 - 02:37:30 - [66182091] ----D- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 14/07/2009 - 09:45:56 - [148931122] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 27/05/2011 - 02:40:38 - [1143272737] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 27/05/2011 - 02:40:36 - [2966976] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 27/05/2011 - 02:40:36 - [1014647] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 27/05/2011 - 02:41:18 - [326800] ----D- C:\Program Files\Microsoft Synchronization Services
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 08/09/2010 - 09:48:34 - [1825075] ----D- C:\Program Files\Preload
O43 - CFD: 12/07/2011 - 13:22:02 - [62746664] ----D- C:\Program Files\R
O43 - CFD: 08/09/2010 - 09:32:32 - [15237372] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [36813993] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 08/09/2010 - 09:39:00 - [34502335] ----D- C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 20/06/2011 - 23:17:56 - [4039680] ----D- C:\Program Files\Windows Defender
O43 - CFD: 20/06/2011 - 23:17:58 - [9224824] ----D- C:\Program Files\Windows Journal
O43 - CFD: 20/06/2011 - 23:17:58 - [6667776] ----D- C:\Program Files\Windows Mail
O43 - CFD: 20/06/2011 - 23:17:58 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/05/2011 - 17:20:26 - [12627636] ----D- C:\Program Files\Windows NT
O43 - CFD: 20/06/2011 - 23:17:58 - [5516056] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 20/06/2011 - 23:17:58 - [244736] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 20/06/2011 - 23:17:58 - [9473694] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 15/05/2011 - 17:03:06 - [4735291] ----D- C:\Program Files\WinRAR
O43 - CFD: 27/05/2011 - 12:00:18 - [169367912] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 27/05/2011 - 02:42:16 - [99136] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 31/07/2011 - 15:14:14 - [30279883] ----D- C:\Program Files\Common Files\mcafee
O43 - CFD: 27/05/2011 - 02:42:16 - [267858407] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 27/05/2011 - 02:38:00 - [12734371] ----D- C:\Program Files\Common Files\System
O43 - CFD: 08/09/2010 - 09:52:38 - [349299] ----D- C:\ProgramData\Acer
O43 - CFD: 31/05/2011 - 02:00:04 - [582203418] ----D- C:\ProgramData\Adobe
O43 - CFD: 08/09/2010 - 09:34:10 - [495] ----D- C:\ProgramData\AmUStor
O43 - CFD: 14/05/2011 - 18:07:04 - [24784896] ----D- C:\ProgramData\Apple
O43 - CFD: 14/05/2011 - 18:07:52 - [18047784] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 24/02/2011 - 12:27:48 - [188] ----D- C:\ProgramData\ATI
O43 - CFD: 14/05/2011 - 19:54:52 - [1
A voir également:

41 réponses

Précédent
Réponse 41 / 41
OSLO
24 août 2011 à 18:08
Il semblerait que quelques individus aient du mal à s'adapter à la vie et la survie économique des entreprises, Tuto4pc et Eorezo supportent en ce moment la hargne de quelques nostalgiques d'une époque où la publicité était rare, ce qui n'empêche l'un d'entre eux d'en faire sur son site.

O1net est maintenant montré du doigt, Avira (free) est vilipendé pour avoir intégré la Askbar, où vont donc s'arrêter ces petits caïds de forum ?... Google, Bing, Windows, tous des spywares !
-10
irongege Messages postés 40847 Date d'inscription jeudi 1 novembre 2007 Statut Modérateur Dernière intervention 29 juin 2023 5 054
24 août 2011 à 18:45
Arrêtes de venir faire de la provocation gratuite.
Ça fait mal de se faire rembarrer alors qu'on essaie de pourrir les pc des utilisateurs.
Pour info, Oslo et Muammar sont la même personne.
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
24 août 2011 à 19:02
gege, faut pas le bannir, il est trop marrant ce type ^^
0
irongege Messages postés 40847 Date d'inscription jeudi 1 novembre 2007 Statut Modérateur Dernière intervention 29 juin 2023 5 054
24 août 2011 à 19:03
Bien au contraire, c'est autant de preuve qui pourront servir !!!
0
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 274
Modifié par ^^Marie^^ le 24/08/2011 à 19:44
Pour info,
Oslo
Muammar
Aldo
Robert
Julien
Suzanne
Jean
Tino
Tina



sont la même personne.

Ben vi !! Râle car il perde des € en Bourse
0
Cosi-Fan-Tutte Messages postés 62 Date d'inscription samedi 19 mars 2011 Statut Membre Dernière intervention 22 février 2012 9
25 août 2011 à 01:51 
Tuto4pc et Eorezo supportent en ce moment la hargne de quelques nostalgiques d'une époque où la publicité était rare


Heu... elle date de quand cette époque où la publicité était rare? XD
Sachant que Tuto4pc/Eorezo ça n'est pas si vieux que ça... lol
Il y a un an?
Il y a deux ans?
Il y a 5 ans, y avait-il moins de publicité?

Certainement pas, et même tout autant d'escrocs qu'il y a aujourd'hui.

--> http://salesmalwares.com/Sujet-Tuto4pc-le-nouveau-cheval-de-Troie-d-eoRezo
0

Discussions similaires

Search web or type URL
josygot -
Malekal_morte- -

3 réponses
Web-DL, DVDRIP-DIVX-MP et DVDSCR : ça veut dire quoi ?
coeur83 -
Timedodger -

21 réponses