Forum Clubic

Victime cheval de troie (virus)

Bonjours a tous,
Hier j’ai été victime d’un cheval de troie, je me suis débrouier de le supprimer (aller savoir comment :/)
Le problème est que mes 250go de donné en film, musique, photo, logiciel etc Sont inaccecible Quand je vais dans mes documents il n’y a plus rien, pourtant dans poste de travail le HHD est bien remplie puisqu’il ne reste plus que 60go d’espace libre.
Sur le bureau le clic droit de la sourie ne marche plus.
Je voudrait savoir comment récupérer toute mes données vu qu’elle ne sont pas perdu.

Je sollicite votre aide j’espère que vous m’aurez compris, merci :slight_smile:

Bonjour,

ZHPDiag est un outil de diagnostic (Réalisé par Nicolas Coolman)
Ce logiciel permet d’effectuer un diagnostic rapide et complet de son système d’exploitation. Il est basé en partie sur le principe d’HijackThis. Il scrute votre Base de Registre et énumère les zones sensibles qui sont susceptibles d’être infectées.

1-http://nsa26.casimages.com/img/2011/04/06/110406035111121454.gifTéléchargez ZHPDiag sur votre bureau.

telechargement.zebulon.fr…

http://nsa25.casimages.com/img/2011/03/19/110319034557541603.png

Laissez vous guider lors de l’installation.
Cochez bien la case “Créer une icône sur le bureau”,et décochez la case “Exécuter ZHPDiag”.

Sous XP, double-cliquez sur ZHPDiag.
Sous Vista/7, faites un clic droit et “Exécuter en tant qu’administrateur” sur ZHPDiag .
Cliquez sur l’icône représentant une “Loupe” («Lancer le diagnostic») http://nsa26.casimages.com/img/2011/03/20/11032011001331552.jpg
Le rapport généré par l’outil se nomme ZHPDiag.txt .
Il se trouve sur votre bureau.
Hébergez le rapport ZHPDiag.txt sur cijoint, puis copiez/collez le lien fourni dans votre prochaine réponse sur le forum.

http://www.cijoint.fr/

:jap:

Salut,

j’ai vécu cette situation sur le PC d’un utilisateur. Documents et session invisibles …

En fait, il s’était fait infecté par un rogue, qui d’une part afficher des alertes à la con (genre vous avez 25 virus, 70 vers, …), et d’autre part avais mis son profil complet en fichiers cachés.

Donc, après suppression du rogue, j’ai effectué la manip suivante :

  • cliques sur “mes documents” par exemple
  • outils > Options des dossiers > Affichage
  • cocher “afficher les dossiers cachés” et décocher “masquer les fichiers protégés du système d’exploitation”
  • Si tu vois enfin tes fichiers en transparence c’est bon signe
  • Tu sélectionnes le tout > un clic droit > Propriétés > Décoches la case au niveau des attributs “caché” et “lecture seule” > Appliquer > OK
  • Ton fichier sera de nouveau visible et accessible

Pour ton clic de souris sur le bureau nous verrons ca après.

A + tard
Edité le 01/05/2011 à 01:27

Depuis hier j’ai réussi a tout remettre en ordre (sauf le clic droit) effectivement le cheval de troie s’appeller “fake alert” il faisait dire a avira que plusieurs virus était sur mon ordi. D’ailleur je trouve qu’avira est nul car en installant Avast a la place il ma tout trouver et j’ai pu réutiliser mon ordi.
Sinon pour le moment tout est visible dans mes documents, seul bémole le clic droit, je ne peut mettre aucun racourcie sur bureau est le clic droit ne marche toujours pas.

Tu peux tester avec une autre souris ( pour voir si le problème persiste)
Lance ZHPDiag, héberge son rapport / STP

:jap:
Edité le 02/05/2011 à 14:31

Voici sont rapport, mais j’ai du faire un copier coller cars il ne pouvez pas se mettre sur le bureau:
—\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
OPIE: Opera v11.10

—\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 59 GB (20%) free of 290 GB

—\ Environnement Variables
%AppData%=
%LocalAppData%=
%StartMenu%=

—\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 59 Go of 290 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 8 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ CD-ROM drive (Not Inserted)

—\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) – C:\WINDOWS\Explorer.exe [1037824]
[MD5.77C66BD5CED4E555919A5FB713322CDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/02/2011 00:05:48.) – C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d’ouverture de session Windows NT.) (.14/04/2008 03:34:28.) – C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) – C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) – C:\WINDOWS\system32\drivers\ntfs.sys [574976]

—\ Processus lancés
[MD5.72AD06351025B69845FFC3A3B5913F11] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) – C:\WINDOWS\system32\Ati2evxx.exe [401408]
[MD5.20757C632ACA98B73FB022C5B87F3753] - (.AVAST Software - avast! Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184]
[MD5.E13406F701A9B2A7513CD6798A40CECB] - (.America Online, Inc. - AOL Connectivity Service.) – C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [1135728]
[MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - (.Microsoft Corporation - Media Center Receiver Service.) – C:\WINDOWS\eHome\ehRecvr.exe [237568]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) – C:\WINDOWS\eHome\ehSched.exe [103424]
[MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) – C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) – C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [49152]
[MD5.B9FE1F943508953C0683AB7F1602E643] - (.Pas de propriétaire - USBDeviceService Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [90112]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) – C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480]
[MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] - (.Microsoft Corporation - Media Center Tray Applet.) – C:\WINDOWS\ehome\ehtray.exe [67584]
[MD5.1674E54E4AB3D492C648AA43F731A540] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) – C:\WINDOWS\RTHDCPL.EXE [16207872]
[MD5.84DA056C4331B17A5AAFACFF49C3BBA3] - (.NEC Computers International - Activboard Application.) – C:\apps\ABoard\ABoard.exe [24576]
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) – c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [45056]
[MD5.66C31EC9B966A1D5FFC726A53DC1A137] - (.NEC Computers International - ActivOSD Application.) – C:\apps\ABoard\AOSD.exe [69632]
[MD5.804FBB66EC6CA862B840D173EFC638A7] - (.DAEMON’S HOME - Virtual DAEMON Manager.) – C:\Program Files\D-Tools\daemon.exe [81920]
[MD5.968B7A2E6BE07CF337A34E07D0BE3ECC] - (.Microsoft Corporation - XBoxStat.exe.) – C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [734264]
[MD5.F3DEAA1F2FCF70FAF6DE3757CA343FA5] - (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe [421160]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java™ Update Scheduler.) – C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [249064]
[MD5.C8EEF1197422A9165363C3A6B41F94EB] - (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastUI.exe [3460784]
[MD5.019AB047B932AD277A4DA2673E5CC19C] - (.Nokia. - ServiceLayer Module.) – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [300544]
[MD5.8E5E5A8CC84DA3F683E3BBC045138D52] - (.Apple Inc. - iPodService Module (32-bit).) – C:\Program Files\iPod\bin\iPodService.exe [820008]
[MD5.C9AF9154AD9ED64F80B34DEE3270DC94] - (.Pas de propriétaire - DetectorApp Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [102400]
[MD5.6B8F8210242F34680B998E4A30D7B96E] - (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe [975360]
[MD5.89F7C30A91E5581BDF14C62AB46A2B2D] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) – C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [255536]
[MD5.A83D567A562466B3D87825416F4CE54C] - (.ISSENDIS - Pas de description.) – C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [257536]
[MD5.1412A6785B953D99A2A83A1ED706ACE8] - (.Adobe Systems Incorporated - Adobe Reader 7.0.) – C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [65536]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\IEXPLORE.EXE [638816]
[MD5.5D3EB549B1299390D5399D8A10644826] - (.Nicolas Coolman - Diagnostic Tool.) – C:\Program Files\ZHPDiag\ZHPDiag.exe [645120]

—\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [famille mistre] Home URL=http://google.fr
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) – C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) – C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) – C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) – C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) – C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) – c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) – C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) – C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) – c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) – C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) – C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - MetaStream 3 Plugin r4.) – C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.autocompletepro.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = search.autocompletepro.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ie.search.msn.com…
R1 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005\Software\Microsoft\Internet Explorer\Main,Search Page = search.autocompletepro.com…
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} Clé orpheline
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19048 (longhorn_ie8_gdr.110221-1700)) – C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

—\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

—\ —\ Modification d’une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”

—\ Browser Helper Objects de navigateur (O2)
O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - AutocompletePro - Helps you search the web.) – C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) – C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} Clé orpheline
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java™ Quick Starter binary.) – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} Clé orpheline

—\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} . (.Pas de propriétaire - Pas de description.) – (.not file.)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

—\ —\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM…\Run: [PHIME2002ASync] . (.Microsoft Corporation - ??? 2002a.) – C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM…\Run: [PHIME2002A] . (.Microsoft Corporation - ??? 2002a.) – C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM…\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) – C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) – C:\WINDOWS\RTHDCPL.exe
O4 - HKLM…\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) – C:\WINDOWS\ALCMTR.exe
O4 - HKLM…\Run: [ATICCC] . (…) – c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
O4 - HKLM…\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) – C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM…\Run: [ACTIVBOARD] . (.NEC Computers International - Activboard Application.) – c:\apps\ABoard\ABoard.exe
O4 - HKLM…\Run: [DAEMON Tools-1033] . (.DAEMON’S HOME - Virtual DAEMON Manager.) – C:\Program Files\D-Tools\daemon.exe
O4 - HKLM…\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) – C:\Program Files\QuickTime\qttask.exe
O4 - HKLM…\Run: [XboxStat] . (.Microsoft Corporation - XBoxStat.exe.) – c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
O4 - HKLM…\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) – C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM…\Run: [avast] . (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM…\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) – C:\WINDOWS\SkyTel.exe
O4 - HKLM…\Run: [PCSuiteTrayApplication] . (.Nokia - PC Suite.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\LaunchApplication.exe
O4 - HKLM…\Run: [OoPDFSettingsv6.exe] . (.ISSENDIS - OFFICE One PDF Manager v6.) – C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKLM…\Run: [DetectorApp] . (.Pas de propriétaire - DetectorApp Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKCU…\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe
O4 - HKCU…\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [WahOO] . (.Kow Media - WahOO.) – C:\Documents and Settings\famille mistre\Local Settings\Application Data\WahOO\WahOO.exe
O4 - HKCU…\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) – C:\Program Files\uTorrent\uTorrent.exe
O4 - HKCU…\Run: [kmQvQcUSBfWiJhv] C:\Documents and Settings\All Users\Application Data\kmQvQcUSBfWiJhv.exe (.not file.)
O4 - HKCU…\Run: [Steam] . (.Valve Corporation - Steam.) – C:\Program Files\Steam\Steam.exe
O4 - HKCU…\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.exe1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) -http:\www.habbo.fr\shockwave_client (.not file.)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\PcSync2.exe
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\PcSync2.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [WahOO] . (.Kow Media - WahOO.) – C:\Documents and Settings\famille mistre\Local Settings\Application Data\WahOO\WahOO.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) – C:\Program Files\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [kmQvQcUSBfWiJhv] C:\Documents and Settings\All Users\Application Data\kmQvQcUSBfWiJhv.exe (.not file.)
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [Steam] . (.Valve Corporation - Steam.) – C:\Program Files\Steam\Steam.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.exe1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) -http:\www.habbo.fr\shock
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk . (.McAfee, Inc…) – C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk . (.ISSENDIS.) – C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

—\ —\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (…) – C:\WINDOWS\Installer{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Media Center.lnk . (.Microsoft Corporation.) – C:\WINDOWS\ehome\ehshell.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Opera.lnk . (.Opera Software.) – C:\Program Files\Opera\opera.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Paint.NET.lnk . (.dotPDN LLC.) – C:\Program Files\Paint.NET\PaintDotNet.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) – C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) – C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) – C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) – C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) – C:\Program Files\Windows Media Player\wmplayer.exe

—\ Lignes supplémentaires dans le menu contextuel d’Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) – C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki… . (.Google Inc. - Google Toolbar for Internet Explorer.) – C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) – C:\PROGRA~1\MICROS~4\OFFICE11\REFBARH.ICO
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (…) – C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (…) – C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) – C:\Program Files\Messenger\msmsgs.exe

—\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) – C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) – C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) – C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) – C:\Program Files\Bonjour\mdnsNSP.dll

—\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - appldnld.apple.com.edgesuite.net…
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - download.microsoft.com…
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - fpdownload.macromedia.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - platformdl.adobe.com…
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - gfx2.hotmail.com…

—\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) – C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) – C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) – C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) – C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) – C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) – C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) – C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) – C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) – C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d’environnement Systray.) – C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) – C:\WINDOWS\system32\WPDShServiceObj.dll

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l’interface utilisateur du.) – C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l’interface utilisateur du.) – C:\WINDOWS\system32\browseui.dll

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AOL ACS) . (.America Online, Inc. - AOL Connectivity Service.) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d’installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gupdatem) . (.Google Inc. - Programme d’installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (McComponentHostService) . (.McAfee, Inc. - Component Host Service.) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) - Clé orpheline
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) . (.CACE Technologies, Inc. - Remote Packet Capture Daemon.) - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: (ServiceLayer) . (.Nokia. - ServiceLayer Module.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: (USBDeviceService) . (.Pas de propriétaire - USBDeviceService Module.) - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: (x10nets) . (.X10 - X10 Module.) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe

—\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Configurer mon PC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{24EA2F0B-63B0-4E92-8BFA-9A9C57691DC3}.job
[MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc…) – C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.298A1809604F11B5B6F0932DB074948A] [APT] [Configurer mon PC] (.Packard Bell BV.) – C:\Apps\SMP\PCSETUP.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc…) – C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc…) – C:\Program Files\Google\Update\GoogleUpdate.exe

—\ Pilotes lancés au démarrage (O41)
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (driverdrv) . (. - .) - C:\Program Files\driver\driver.sys (.not file.)
O41 - Driver: (glaide32) . (. - .) - C:\WINDOWS\system32\drivers\glaide32.sys (.not file.)
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

—\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] – {2852AC2C-B2FC-4F4A-A573-D466C872E688}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 7.0 - Français - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1036-7B44-A70000000000}
O42 - Logiciel: Adobe Shockwave Player 11 - (.Adobe Systems, Inc…) [HKLM] – Adobe Shockwave Player
O42 - Logiciel: AlerteGPS G300 - (.Pas de propriétaire.) [HKLM] – AlerteGPS G300
O42 - Logiciel: Apple Application Support - (.Apple Inc…) [HKLM] – {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc…) [HKLM] – {5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}
O42 - Logiciel: Apple Software Update - (.Apple Inc…) [HKLM] – {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] – WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] – {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AutocompletePro - (.Pas de propriétaire.) [HKLM] – AutocompletePro3_is1
O42 - Logiciel: Bonjour - (.Apple Inc…) [HKLM] – {2A981294-F14C-4F0F-9627-D793270922F8}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] – CCleaner
O42 - Logiciel: Codeur Windows Media Série 9 - (.Microsoft Corporation.) [HKLM] – {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Codeur Windows Media Série 9 - (.Pas de propriétaire.) [HKLM] – Windows Media Encoder 9
O42 - Logiciel: Conduit Engine - (.Conduit Ltd…) [HKLM] – conduitEngine
O42 - Logiciel: DAEMON Tools - (.DAEMON’S HOME.) [HKLM] – {3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] – {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
O42 - Logiciel: GameSpy Arcade - (.Pas de propriétaire.) [HKLM] – GameSpy Arcade
O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] – {FB4F9000-04FC-11E0-85D2-001AA037B01E}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc…) [HKLM] – {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc…) [HKLM] – {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc…) [HKLM] – {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] – KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] – KB929399
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157) - (.Microsoft Corporation.) [HKLM] – KB903157
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] – KB954550-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] – WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] – {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 4 - (.Sun Microsystems, Inc…) [HKLM] – {3248F0A8-6813-11D6-A77B-00B0D0150040}
O42 - Logiciel: Java™ 6 Update 24 - (.Sun Microsystems, Inc…) [HKLM] – {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] – {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] – Windows Media Player
O42 - Logiciel: MCE Software Encoder 1.0 - (.Pas de propriétaire.) [HKLM] – {7655E113-C306-11D9-A373-0050BAE317E1}
O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] – MSNINST
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] – {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] – {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] – {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] – {716E0306-8318-4364-8B8F-0CC4E9376BAC}
O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM] – {5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
O42 - Logiciel: Macromedia Shockwave Player - (.Macromedia, Inc…) [HKLM] – {7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc…) [HKLM] – McAfee Security Scan
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB953295) - (.Microsoft Corporation.) [HKLM] – KB953295
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB979904) - (.Microsoft Corporation.) [HKLM] – KB979904
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] – {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] – Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] – M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] – {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] – {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] – Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] – {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] – MSCompPackV1
O42 - Logiciel: Microsoft Halo - (.Microsoft.) [HKLM] – Halo
O42 - Logiciel: Microsoft Halo Trial - (.Microsoft.) [HKLM] – Halo Trial
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] – IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 - (.Microsoft Corporation.) [HKLM] – Wdf01001
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] – NLSDownlevelMapping
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] – {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] – {9011040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Office Project Professional 2003 - (.Microsoft Corporation.) [HKLM] – {903B040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] – {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] – {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] – {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] – {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] – Wudf01005
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] – {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] – {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM] – {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] – {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] – {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Xbox 360 Accessories 1.1 - (.Microsoft.) [HKLM] – {9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM] – Microsoft .NET Framework 2.0 Language Pack - FRA
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] – {11964613-805F-432D-A12B-169554B793E7}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] – Nokia PC Suite
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] – {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
O42 - Logiciel: OFFICE One 150 Modèles de documents - (.OFFICE one …) [HKLM] – OFFICE One 150 Modèles de documents_is1
O42 - Logiciel: OFFICE One 450 Fonts - (.ISSENDIS.) [HKLM] – OFFICE One 450 Fonts_is1
O42 - Logiciel: OFFICE One 6.5 Bureautique désinstallation complète 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One 6.5 Bureautique désinstallation complète 6.5
O42 - Logiciel: OFFICE One Clock 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Clock 6.5
O42 - Logiciel: OFFICE One Coffre Fort v6 - (.OFFICE one …) [HKLM] – OFFICE One Coffre Fort v6_is1
O42 - Logiciel: OFFICE One Color Picker 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Color Picker 6.5
O42 - Logiciel: OFFICE One Comptes Bancaires v6 - (.OFFICE one …) [HKLM] – OFFICE One Comptes Bancaires v6_is1
O42 - Logiciel: OFFICE One Guide 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Guide 6.5
O42 - Logiciel: OFFICE One Notes 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Notes 6.5
O42 - Logiciel: OFFICE One PDF Manager 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One PDF Manager 6.5
O42 - Logiciel: Opera 11.10 - (.Opera Software ASA.) [HKLM] – Opera 11.10.2092
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] – {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] – {99A40651-0BC2-4095-8F9A-A40FAB224FEF}
O42 - Logiciel: PL-2303 USB-to-Serial - (.Pas de propriétaire.) [HKLM] – {ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}
O42 - Logiciel: Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) - (.Nokia.) [HKLM] – 4077F884D1BB007055BDB83B621D87220A73F30F
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] – 0C5EDC3653FED5B121F464339EAC12534D253B25
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] – B726756F5B5A5AA9D798B399386FC6205A45F19E
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1) - (.Nokia.) [HKLM] – CD8424B9400BFF7D34AA18F816C71322AC4BDAA7
O42 - Logiciel: Paint.NET v3.36 - (.dotPDN LLC.) [HKLM] – {43602F34-1AA3-44FB-AEB2-D08C2C73743F}
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] – PhotoFiltre
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] – {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: QuickTime - (.Apple Inc…) [HKLM] – {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp…) [HKLM] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] – {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SmartSound Quicktracks Plugin - (.SmartSound Software Inc.) [HKLM] – InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
O42 - Logiciel: Sonic Encoders - (.Sonic Solutions.) [HKLM] – {9941F0AA-B903-4AF4-A055-83A9815CC011}
O42 - Logiciel: Sonic Express Labeler - (.Sonic Solutions.) [HKLM] – {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Sonic MyDVD LE - (.Sonic Solutions.) [HKLM] – {21657574-BD54-48A2-9450-EB03B2C7FC29}
O42 - Logiciel: Sonic RecordNow Audio - (.Sonic Solutions.) [HKLM] – {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
O42 - Logiciel: Sonic RecordNow Copy - (.Sonic Solutions.) [HKLM] – {B12665F4-4E93-4AB4-B7FC-37053B524629}
O42 - Logiciel: Sonic RecordNow Data - (.Sonic Solutions.) [HKLM] – {075473F5-846A-448B-BCB3-104AA1760205}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] – {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM] – {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: TubeMaster++ 2.1 - (.GgSofts.) [HKLM] – TubeMaster++
O42 - Logiciel: Ulead PhotoImpact 10 SE - (.Ulead System.) [HKLM] – {5A065EA0-0EEC-4E94-A2A0-40812576C122}
O42 - Logiciel: Ulead VideoStudio 9.0 SE DVD - (.Ulead System.) [HKLM] – {8EAB2384-C794-40ED-A9DD-3270A0D2BB76}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter - (.Pas de propriétaire.) [HKLM] – VN_VUIns_Rhine_VIA
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] – VLC media player
O42 - Logiciel: Virtual DJ - Atomix Productions - (.Pas de propriétaire.) [HKLM] – Virtual DJ - Atomix Productions
O42 - Logiciel: WahOO - (.Pas de propriétaire.) [HKLM] – {0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1
O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM] – WinPcapInst
O42 - Logiciel: Windows Genuine Advantage Validation Tool - (.Microsoft Corporation.) [HKLM] – WGA
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] – ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] – ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] – {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] – {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] – {9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] – {76810709-A7D3-468D-9167-A1780C1E766C}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] – {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] – {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] – {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] – {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] – WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] – Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] – wmp11
O42 - Logiciel: Windows XP Media Center Edition 2005 KB2502898 - (.Microsoft Corporation.) [HKLM] – KB2502898
O42 - Logiciel: Windows XP Media Center Edition 2005 KB908246 - (.Microsoft Corporation.) [HKLM] – KB908246
O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766 - (.Microsoft Corporation.) [HKLM] – KB925766
O42 - Logiciel: Windows XP Media Center Edition 2005 KB973768 - (.Microsoft Corporation.) [HKLM] – KB973768
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] – Windows XP Service
O42 - Logiciel: X10 Hardware™ - (.Pas de propriétaire.) [HKLM] – X10Hardware
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] – avast
O42 - Logiciel: ffdshow [rev 2033] [2008-07-05] - (.Pas de propriétaire.) [HKLM] – ffdshow_is1
O42 - Logiciel: iTunes - (.Apple Inc…) [HKLM] – {AAD47011-8518-4608-9656-951DA35B587B}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] – {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM] – uTorrentBar_FR Toolbar
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKCU] – uTorrent
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] – uTorrent

—\ HKCU & HKLM Software Keys
[HKCU\Software\3rd Eye Solutions]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\America Online]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Aspyr Media]
[HKCU\Software\Autocompletepro]
[HKCU\Software\BitTorrent]
[HKCU\Software\Borland]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\Cyberlink]
[HKCU\Software\GNU]
[HKCU\Software\GameSpy]
[HKCU\Software\Google]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\Issendis]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Kiones updater]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\MicroVision]
[HKCU\Software\NEC Computers International]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\OFFICE One v6]
[HKCU\Software\OFFICE One]
[HKCU\Software\Opera Software]
[HKCU\Software\PCSuite]
[HKCU\Software\Paint.NET]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\PriceGong]
[HKCU\Software\Realtek]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Skype]
[HKCU\Software\Sonic]
[HKCU\Software\Sun Microsystems]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Valve]
[HKCU\Software\VirtualDJ]
[HKCU\Software\WahOO]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\X10]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\conduitEngine]
[HKCU\Software\uTorrentBar_FR]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\Activision]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\America Online]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Aspyr Media]
[HKLM\Software\Audible]
[HKLM\Software\Borland]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\CIEL]
[HKLM\Software\Claritas UK Ltd]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\D-Tools]
[HKLM\Software\Debug]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\GTek]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Identification]
[HKLM\Software\Imagine IT Limited]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\Issendis]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Lake]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\MetaStream]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NEC Computers International]
[HKLM\Software\Nero]
[HKLM\Software\Netscape]
[HKLM\Software\Nokia]
[HKLM\Software\OD2]
[HKLM\Software\ODBC]
[HKLM\Software\OFFICE One]
[HKLM\Software\On Demand Distribution]
[HKLM\Software\Opera Software]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Paint.NET]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Prolific Technology INC]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SOFTWARE]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sage]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\SmartSound Software]
[HKLM\Software\Sonic]
[HKLM\Software\Star Division]
[HKLM\Software\Symantec]
[HKLM\Software\Sys Modules]
[HKLM\Software\TG Byte Software]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Ulead Systems]
[HKLM\Software\VN_VUIns]
[HKLM\Software\Valve]
[HKLM\Software\VideoLAN]
[HKLM\Software\Viewpoint]
[HKLM\Software\VirtualDJ]
[HKLM\Software\WinPcap]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\uTorrentBar_FR]

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8107AFFBFED940CFB85E2BA037F78D4E] - 04/05/2011 - 18:51:08 —A- . (…) – C:\WINDOWS\setupapi.log [1071]
O44 - LFC:[MD5.BCFB76C30713A9077531E48A388B8660] - 04/05/2011 - 17:30:47 —A- . (…) – C:\WINDOWS\WindowsUpdate.log [1070190]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 01/05/2011 - 20:41:48 -S-A- . (…) – C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.C614F4EF1648F727C1A75A425AAE7645] - 29/04/2011 - 17:46:11 RSHA- . (…) – C:\BOOT.INI [289]
O44 - LFC:[MD5.77631C22FDBADD256E90741D5B85AA3B] - 18/04/2011 - 18:25:12 —A- . (.AVAST Software - avast! Screen Saver stub.) – C:\WINDOWS\avastSS.scr [40112]
O44 - LFC:[MD5.9B4FF4D82B33B8F2C159E215A97B4705] - 18/04/2011 - 18:25:10 —A- . (.AVAST Software - avast! start-up scanner.) – C:\WINDOWS\System32\aswBoot.exe [199304]
O44 - LFC:[MD5.F7969934CCA2E566E95DF17380A3CB11] - 18/04/2011 - 18:17:46 —A- . (.AVAST Software - avast! Virtualization Driver.) – C:\WINDOWS\System32\drivers\aswSnx.sys [441176]
O44 - LFC:[MD5.478D6A0E0630C31BF4A7F5EB0A05B92C] - 18/04/2011 - 18:17:34 —A- . (.AVAST Software - avast! self protection module.) – C:\WINDOWS\System32\drivers\aswSP.sys [307288]
O44 - LFC:[MD5.E52E45743E27FD6184C55618A10B81AB] - 18/04/2011 - 18:16:18 —A- . (.AVAST Software - avast! TDI Filter Driver.) – C:\WINDOWS\System32\drivers\aswTdi.sys [49240]
O44 - LFC:[MD5.2CE6DA466687CBB3B97E59F8831A27CB] - 18/04/2011 - 18:16:06 —A- . (.AVAST Software - avast! File System Filter Driver for Window.) – C:\WINDOWS\System32\drivers\aswmon2.sys [102488]
O44 - LFC:[MD5.317E31C010DBB8B3C0D2D3FB54D2B32F] - 18/04/2011 - 18:16:02 —A- . (.AVAST Software - avast! File System Filter Driver for Window.) – C:\WINDOWS\System32\drivers\aswmon.sys [96344]
O44 - LFC:[MD5.A90CF680CA7A323913CA3A0810C8E02D] - 18/04/2011 - 18:13:21 —A- . (.AVAST Software - avast! TDI RDR Driver.) – C:\WINDOWS\System32\drivers\aswRdr.sys [25432]
O44 - LFC:[MD5.78A4DB23BB4E8D4349E164D1D90AF73F] - 18/04/2011 - 18:13:02 —A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) – C:\WINDOWS\System32\drivers\aavmker4.sys [30680]
O44 - LFC:[MD5.9BDB29E81ABCEB883556DF44649696C4] - 18/04/2011 - 18:12:58 —A- . (.AVAST Software - avast! File System Access Blocking Driver.) – C:\WINDOWS\System32\drivers\aswFsBlk.sys [19544]
O44 - LFC:[MD5.B3C5B7F0C27891E1663F0E168AEE7124] - 16/04/2011 - 11:54:11 —A- . (…) – C:\WINDOWS\System32\FNTCACHE.DAT [592568]
O44 - LFC:[MD5.546EBEA305FB524B774C91AC2B53C8FE] - 15/04/2011 - 20:36:06 —A- . (…) – C:\WINDOWS\System32\PerfStringBackup.INI [1077314]
O44 - LFC:[MD5.A004C3D82EA919F1E6AA13F10AE9968F] - 15/04/2011 - 20:36:06 —A- . (…) – C:\WINDOWS\System32\perfc009.dat [71196]
O44 - LFC:[MD5.C5B45ABED87D81B89914E4371DB2BEB1] - 15/04/2011 - 20:36:06 —A- . (…) – C:\WINDOWS\System32\perfc00C.dat [84766]
O44 - LFC:[MD5.DEBB0CC2CAC4EC8358C0D7743189AF00] - 15/04/2011 - 20:36:06 —A- . (…) – C:\WINDOWS\System32\perfh009.dat [441260]
O44 - LFC:[MD5.DC537EE68FA858552B44F6D79D7FFB61] - 15/04/2011 - 20:36:06 —A- . (…) – C:\WINDOWS\System32\perfh00C.dat [510742]
O44 - LFC:[MD5.A64BD6E53375762C11A3639F8F75B925] - 12/04/2011 - 23:34:59 —A- . (…) – C:\WINDOWS\System32\mlfcache.dat [128696]

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

—\ Export de clé d’application autorisée (O47)
O47 - AAKE:Key Export SP - “C:\Program Files\AOL 9.0\aol.exe” [Disabled] .(.America Online, Inc. - AOL.) – C:\Program Files\AOL 9.0\aol.exe
O47 - AAKE:Key Export SP - “C:\WINDOWS\system32\sessmgr.exe” [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l’aide sur le Bureau à distance de Microsoft®.) – C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - “C:\APPS\Inventime\my.exe” [Disabled] .(.Pas de propriétaire - Pas de description.) – C:\APPS\Inventime\my.exe (.not file.)
O47 - AAKE:Key Export SP - “C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe” [Disabled] .(.Pas de propriétaire - Pas de description.) – C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe (.not file.)
O47 - AAKE:Key Export SP - “C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe” [Disabled] .(.Pas de propriétaire - Pas de description.) – C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe (.not file.)
O47 - AAKE:Key Export SP - “C:\Program Files\uTorrent\uTorrent.exe” [Enabled] .(.BitTorrent, Inc. - µTorrent.) – C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - “C:\Program Files\Messenger\msmsgs.exe” [Disabled] .(.Microsoft Corporation - Windows Messenger.) – C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - “%windir%\system32\sessmgr.exe” [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l’aide sur le Bureau à distance de Microsoft®.) – C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - “C:\WINDOWS\Network Diagnostic\xpnetdiag.exe” [Disabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - “C:\Program Files\Ubisoft\Demo\Tom Clancy’s H.A.W.X\HAWX_dx10.exe” [Disabled] .(.Pas de propriétaire - Pas de description.) – C:\Program Files\Ubisoft\Demo\Tom Clancy’s H.A.W.X\HAWX_dx10.exe (.not file.)
O47 - AAKE:Key Export SP - “C:\Program Files\Ubisoft\Demo\Tom Clancy’s H.A.W.X\HAWX.exe” [Disabled] .(.Pas de propriétaire - Pas de description.) – C:\Program Files\Ubisoft\Demo\Tom Clancy’s H.A.W.X\HAWX.exe (.not file.)
O47 - AAKE:Key Export SP - “C:\Program Files\GameSpy Arcade\Aphex.exe” [Disabled] .(.GameSpy Industries, Inc. - GameSpy Arcade 1.3.) – C:\Program Files\GameSpy Arcade\Aphex.exe
O47 - AAKE:Key Export SP - “C:\Program Files\Steam\Steam.exe” [Disabled] .(.Valve Corporation - Steam.) – C:\Program Files\Steam\Steam.exe
O47 - AAKE:Key Export SP - "C:\Program Fi

Re,

Le pc est bien infecté

Malwarebytes’ Anti-Malware (MBAM) est un logiciel gratuit, en français, qui vous permet d’éradiquer les malwares pouvant infecter vos machines. Son interface sobre permet facilement de s’y retrouver, particulièrement pour des non-initiés.

2-http://nsa26.casimages.com/img/2011/04/06/110406035111121454.gifTéléchargez Malwarebytes Anti Malware pour Windows XP/Vista/2000/2003/2008 et Windows 7

www.clubic.com…

http://nsa26.casimages.com/img/2011/04/19/110419010428839.png

Une fois le logiciel installé,cochez bien les cases “Mettre à jour Malwarebytes’ Anti-Malware” et “Executer Malwarebytes’ Anti-Malware” et cliquez sur “Terminer”.

http://nsa26.casimages.com/img/2011/04/19/110419010943384220.png

Les mises à jour se font immédiatement.

http://nsa26.casimages.com/img/2011/04/19/110419010825149293.png

Dans l’onglet “Recherche”, cliquez sur “Exécuter un examen complet” puis sur “Rechercher”.

http://nsa26.casimages.com/img/2011/04/19/110419010428839.png

Choisissez la ou les cibles de l’examen. Sélectionnez votre ou vos disques durs et cliquez sur “Rechercher”.

http://nsa26.casimages.com/img/2011/04/19/110419010606489841.png

Notez qu’il vous est toujours possible de suspendre ou d’interrompre l’examen.(Il ne vous reste plus qu’à patienter, le scan sera plus ou moins long selon selon la contenance de votre disque dur. )
[b]Si vous êtes en présence d’une infection à la fin de l’examen, voici ce que vous aurez à l’écran :

Cliquez sur[/b] “OK.”

http://nsa25.casimages.com/img/2011/04/19/11041901021362250.png

Cliquez sur "Afficher les résultats "

A présent, vous allez supprimer les diverses infections trouvées. Pour cela, cliquez sur “Supprimer la sélection.”

http://nsa25.casimages.com/img/2011/04/19/110419125825858722.png

[b]Une barre d’avancement, en bas de la fenêtre, vous montre l’état de la mise en quarantaine des fichiers infectés.
Deux fenêtres vont à présent s’ouvrir :

Confirmation que les éléments sélectionnés ont bien été supprimés et qu’un fichier rapport a été créé.
Affichage du rapport.[/b]

http://nsa26.casimages.com/img/2011/04/19/110419125655353471.png

Vous pouvez à présent fermer les différentes fenêtres.

REMARQUE : Si MalwareByte’s Anti-Malware a besoin de redémarrer pour terminer la suppression acceptez en cliquant sur “Ok.”

Vous pouvez désormais copier le contenu du rapport que vous venez d’enregistrer le forum.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

Ad-Remover est un outil spécifique conçu par C_XX , son rôle est la suppression
de programmes potentiellement nuisibles pour l’anonymat de l’internaute.

3-http://nsa26.casimages.com/img/2011/04/06/110406035111121454.gifTéléchargez AD-Remover sur votre bureau.

http://www.teamxscript.org/adremoverTelechargement.html

http://nsa25.casimages.com/img/2011/03/19/110319033954185739.png

Sous XP, double-cliquez sur AD-R.exe.
Sous Vista/7, faites un clic droit et “Exécuter en tant qu’administrateur”.

Double cliquez sur AD-R.exe
Cliquez sur le bouton “Scanner”.
Laissez travailler l’outil.
Postez le rapport qui va s’ouvrir en fin de scan.
Le rapport est aussi sauvegardé sous Ad-Report-SCAN[1].txt

Merci pour tes réponses, mais comment a tu su que le PC était infecté ?
Sinon voici le rapport de Malware, il y avait 16 fichier/dossier infecter ! Tou ces antivirus sont de la daube pour ne pas les détecter.
Vu qu’il les a tous supprimé dois je télécharger AD-Remover ?
Aufait je n’arrive toujours pas a faire de clic droit et mettre des raccourcies sur bureau.
Rapport:

Malwarebytes’ Anti-Malware 1.50.1.1100

Version de la base de données: 6515

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/05/2011 23:42:15
mbam-log-2011-05-05 (23-42-15).txt

Type d’examen: Examen complet (C:|D:|E:|F:|G:|H:|I:|J:|)
Elément(s) analysé(s): 343829
Temps écoulé: 1 heure(s), 15 minute(s), 40 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmQvQcUSBfWiJhv (Rogue.Agent.SA) -> Value: kmQvQcUSBfWiJhv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\driver (Trojan.Agent) -> Value: driver -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\famille \menu démarrer\programmes\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\famille \Bureau\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\famille \menu démarrer\programmes\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\famille \menu démarrer\programmes\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\famille \application data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce52689.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
Edité le 06/05/2011 à 00:04

AD-Remover s’occupe des infections de type Adware,Toolbar… (ton pc est encore bien infecté :grrr: )
Edité le 06/05/2011 à 10:10

Ok merci, voici le rapport de AD-remover apparement il n’a rien trouvé :
======= RAPPORT D’AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: www.teamxscript.org…

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:16:28 le 06/05/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
famille mistre@MISTRE ( )

============== RECHERCHE ==============

Dossier trouvé: C:\Documents and Settings\famille \Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\famille \Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Program Files\AutocompletePro
Dossier trouvé: C:\Documents and Settings\famille \Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\Mathieu\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier trouvé: C:\Program Files\Viewpoint

Clé trouvée: HKLM\Software\Classes\CLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Classes\CLSID{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKLM\Software\Classes\CLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Classes\CLSID{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID{35708F40-53B4-4826-9120-3A56E4023C07}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved{35708F40-53B4-4826-9120-3A56E4023C07}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{35708F40-53B4-4826-9120-3A56E4023C07}
Clé trouvée: HKLM\Software\Classes\Interface{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé trouvée: HKLM\Software\Classes\TypeLib{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2851639
Clé trouvée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé trouvée: HKLM\Software\Classes\AppID{442F13BC-2031-42D5-9520-437F65271153}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\MetaStream
Clé trouvée: HKLM\Software\Viewpoint
Clé trouvée: HKCU\Software\AutocompletePro
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{C1726392-9F43-4FDD-922A-1035CFD07B30}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\MozillaPlugins@viewpoint.com/VMP

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - go.microsoft.com…
HKCU_Main|Default_Search_URL - search.autocompletepro.com…
HKCU_Main|Search bar - search.autocompletepro.com…
HKCU_Main|Search Page - search.autocompletepro.com…
HKCU_Main|Start Page - www.google.fr…
HKLM_Main|Default_Page_URL - go.microsoft.com…
HKLM_Main|Default_Search_URL - go.microsoft.com…
HKLM_Main|Search Page - go.microsoft.com…
HKLM_Main|Start Page - go.microsoft.com…
HKCU_URLSearchHooks|{9CB65206-89C4-402c-BA80-02D8C59F9B1D} (x)
HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - “uTorrentBar_FR Toolbar” (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKCU_SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} - “uTorrentBar_FR Customized Web Search” (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT…)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (x)
HKCU_Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} (x)
HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{FE063DB9-4EC0-403e-8DD8-394C54984B2C} (x)
HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKLM_ElevationPolicy{C1726392-9F43-4FDD-922A-1035CFD07B30} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy{FB07CF94-C3B2-4CBD-B5D5-55EE55B07A26} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
HKLM_Extensions{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - “Real.com” (C:\Program Files\Real\RealPlayer\eb_inact.ico)
HKLM_Extensions{e2e2dd38-d088-4134-82b7-f2ba38496583} - “?” (?)
BHO{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - “uTorrentBar_FR Toolbar” (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
BHO{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - “AcroIEHlprObj Class” (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll)
BHO{0FB6A909-6086-458F-BD92-1F8EE10042A0} - “AC-Pro” (C:\Program Files\AutocompletePro\AutocompletePro.dll)
BHO{30F9B915-B755-4826-820B-08FBA6BD249D} - “Conduit Engine” (C:\Program Files\ConduitEngine\ConduitEngine.dll)
BHO{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - “Search Helper” (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - “avast! WebRep” (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO{9CB65201-89C4-402c-BA80-02D8C59F9B1D} (?)
BHO{FE063DB1-4EC0-403e-8DD8-394C54984B2C} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 06/05/2011 13:16:51 (4974 Octet(s))

Fin à: 13:17:32, 06/05/2011

============== E.O.F ==============

Re,

Regarde bien dans ============== RECHERCHE ==============
Clé trouvée: xxxxx
Valeur trouvée: xxxxx

Relancez AD-R.exe, choisissez l’option “Nettoyer”
Laissez travailler l’outil.
Postez le rapport qui va s’ouvrir en fin de scan.
Le rapport est aussi sauvegardé sous Ad-Report-CLEAN[1].txt
Puis fermez le programme par “Quitter”

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

Le scanner en ligne de ESET vous offre la possibilité d’analyser gratuitement votre système sans avoir besoin d’installer de logiciel antivirus. De fait, vous pouvez analyser votre ordinateur avec la puissance du moteur Threatsence, sans devoir désinstaller votre solution antivirus actuelle.

[Photo supprimée]

4-http://nsa26.casimages.com/img/2011/04/06/110406035111121454.gifTéléchargez ESET Online Scanner sur votre bureau.

http://www.eset-nod32.fr/scanner.html

Cochez la case “Oui, j’accepte les termes du contrat” et cliquez sur le bouton “Démarrer” pour accéder à l’écran suivant.
Dans la fenêtre de paramètres d’analyse de l’ordinateur :

Cochez: “Analyser les achives”
Paramétrés avancés
Cochez: “Rechercher les applications potentiellement dangereuses”
Cliquez sur “Démarrer”
ESET Online Scanner télécharge la base des signatures de virus; si c’est la première utilisation de ce scanner, l’étape sera plus longue.
L’analyse est en cours et peut durer plusieurs heures selon la taille et le nombre de disques à analyser, encore plus sur un système très infecté.
Donc soyez patient
À la fin du scan et si la chance vous sourit, vous aurez cet écran
> Aucune menace détectée.
Dans le cas contraire vous aurez droit aux > Menaces détectées.
En cliquant sur “Liste des menaces détectées”, vous pourrez voir les fichiers détectés.
A cet endroit, vous ne pouvez pas copier le rapport de scan. Pour cela vous devez ouvrir le fichier texte suivant:
C:\Program Files\ESET Online Scanner\log.txt ou C:\Program Files (x86) \ESET Online Scanner\log.txt
Postez le rapport qui va s’ouvrir en fin de scan.

:jap:
Edité le 06/05/2011 à 13:46

Je te posterais le rapport d’Eset OS un peut plus tard :wink:
Rapport aprés avoir choisie l’option nettoyer d’AD-R:

======= RAPPORT D’AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: www.teamxscript.org…

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:55:52 le 06/05/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
famille @ ( )

============== ACTION(S) ==============

Dossier supprimé: C:\Documents and Settings\famille \Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\famille \Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\AutocompletePro
Dossier supprimé: C:\Documents and Settings\famille \Application Data\PriceGong
Dossier supprimé: C:\Documents and Settings\Mathieu\Application Data\PriceGong
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier supprimé: C:\Program Files\Viewpoint

(!) – Fichiers temporaires supprimés.

Clé supprimée: HKLM\Software\Classes\CLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Classes\CLSID{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Classes\CLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé supprimée: HKLM\Software\Classes\CLSID{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID{35708F40-53B4-4826-9120-3A56E4023C07}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved{35708F40-53B4-4826-9120-3A56E4023C07}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{35708F40-53B4-4826-9120-3A56E4023C07}
Clé supprimée: HKLM\Software\Classes\Interface{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\TypeLib{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2851639
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\MetaStream
Clé supprimée: HKLM\Software\Viewpoint
Clé supprimée: HKCU\Software\AutocompletePro
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{C1726392-9F43-4FDD-922A-1035CFD07B30}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé supprimée: HKLM\Software\MozillaPlugins@viewpoint.com/VMP

Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - www.microsoft.com…
HKCU_Main|Default_Search_URL - www.microsoft.com…
HKCU_Main|Search bar - go.microsoft.com…
HKCU_Main|Start Page - fr.msn.com…
HKLM_Main|Default_Page_URL - go.microsoft.com…
HKLM_Main|Default_Search_URL - www.microsoft.com…
HKLM_Main|Search bar - search.msn.com…
HKLM_Main|Search Page - www.microsoft.com…
HKLM_Main|Start Page - fr.msn.com…
HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - “uTorrentBar_FR Toolbar” (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKCU_Toolbar\ShellBrowser|{C4069E3A-68F1-403E-B40E-20066696354B} (x)
HKCU_Toolbar\WebBrowser|{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (x)
HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKLM_ElevationPolicy{FB07CF94-C3B2-4CBD-B5D5-55EE55B07A26} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
HKLM_Extensions{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - “Real.com” (C:\Program Files\Real\RealPlayer\eb_inact.ico)
HKLM_Extensions{e2e2dd38-d088-4134-82b7-f2ba38496583} - “?” (?)
BHO{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - “uTorrentBar_FR Toolbar” (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
BHO{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - “AcroIEHlprObj Class” (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll)
BHO{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - “Search Helper” (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - “avast! WebRep” (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO{9CB65201-89C4-402c-BA80-02D8C59F9B1D} (?)
BHO{FE063DB1-4EC0-403e-8DD8-394C54984B2C} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 150 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 06/05/2011 21:56:12 (1127 Octet(s))
C:\Ad-Report-SCAN[1].txt - 06/05/2011 13:16:51 (8518 Octet(s))

Fin à: 21:57:12, 06/05/2011

============== E.O.F ==============

Et voila le rapport Eset,

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

version=7

IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

OnlineScanner.ocx=1.0.0.6427

api_version=3.0.2

EOSSerial=8881d880cf5a734294e43843688898f6

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2011-05-06 10:20:03

local_time=2011-05-07 12:20:03 (+0100, Paris, Madrid (heure d’été))

country=“France”

lang=1036

osver=5.1.2600 NT Service Pack 3

compatibility_mode=768 16777215 100 0 70328075 70328075 0 0

compatibility_mode=8192 67108863 100 0 414 414 0 0

scanned=199871

found=2

cleaned=2

scan_time=6036

C:\Documents and Settings\famille \Mes documents\MATHIEU\truc telecharge[PC] MTX Mototrax Motocross [RIP] [dopeman]\MTX.part01.rar une variante probable de Win32/Spy.Agent.KFGNNWH cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\famille \Mes documents\MATHIEU\truc telecharge[PC] MTX Mototrax Motocross [RIP] [dopeman]\MTX Mototrax\Config.exe une variante probable de Win32/Spy.Agent.KFGNNWH cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C

Clic droit sur le Bureau :

  1. Cliquez sur le bouton Démarrer. Dans le champ Rechercher, saisissez la commande regedit et pressez la touche Entrée

  2. Dans l’éditeur du Registre qui s’ouvre, déroulez la clé HKEY_CURRENT_USER, Software, Microsoft, Windows, CurrentVersion, Policies, Explorer.

Le clic droit est alors inactif sur le Bureau. Pour le rétablir, il vous suffira d’effacer la clé NoViewContextMenu ou de fixer sa valeur à 0.

Tu peux me poster un nouveau rapport ZHPDAIG

Hébergez le rapport ZHPDiag.txt sur cijoint, puis copiez/collez le lien fourni dans votre prochaine réponse sur le forum.

http://www.cijoint.fr/

:jap:
Edité le 07/05/2011 à 09:43

Merci, j’ai suivie tes instruction mais je bloque car je ne trouve pas de clé NoViewContextMenu je t’envoie un imprim écrant pour te montrés les clé que j’ai:

http://img834.imageshack.us/img834/6206/tophil.jpg

Uploaded with ImageShack.us

Cliquez sur le menu Edition, sur Nouveau puis sur Valeur DWORD 32 bits.

Nommez la nouvelle valeur NoViewContextMenu et double cliquez dessus.

Saisissez 0 dans le champ Données de la valeur. Cliquez sur OK.

Merci, sa marche je peut enfin faire clic droit et voir les raccourcie sur le Bureau, mais il y a toujours un problème léger on va dire, cars a chaque fois que j’ouvre un onglet mes documents pars exemple et qu’ensuite je le réduit le clic droit n’existe plu (sur bureau) et les raccourcie ne sont plu visible. Ducoup je suis obliger de faire clic droit sur la barre bleu a côter du menue démarrer et faire afficher le bureau pour que tout remarche. Et sa sa le fait a chaque fois que j’ouvre n’importe quel onglet.

Tu peux me poster un nouveau rapport ZHPDAIG

Hébergez le rapport ZHPDiag.txt sur cijoint, puis copiez/collez le lien fourni dans votre prochaine réponse sur le forum.

http://www.cijoint.fr/

:jap:

Oui :slight_smile: et voila:

—\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
OPIE: Op
era v11.10

—\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 59 GB (20%) free of 290 GB

—\ Logged in mode
Computer Name: mat
User Name: famille
All Users Names: SUPPORT_388945a0, Romain, Mathieu, HelpAssistant, famille mistre, ASPNET, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

—\ Environnement Variables
%AppData%=
%LocalAppData%=
%StartMenu%=

—\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 59 Go of 290 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 8 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ CD-ROM drive (Not Inserted)

—\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) – C:\WINDOWS\Explorer.exe [1037824]
[MD5.77C66BD5CED4E555919A5FB713322CDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/02/2011 00:05:48.) – C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d’ouverture de session Windows NT.) (.14/04/2008 03:34:28.) – C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) – C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) – C:\WINDOWS\system32\drivers\ntfs.sys [574976]

—\ Processus lancés
[MD5.72AD06351025B69845FFC3A3B5913F11] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) – C:\WINDOWS\system32\Ati2evxx.exe [401408]
[MD5.20757C632ACA98B73FB022C5B87F3753] - (.AVAST Software - avast! Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184]
[MD5.E13406F701A9B2A7513CD6798A40CECB] - (.America Online, Inc. - AOL Connectivity Service.) – C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [1135728]
[MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - (.Microsoft Corporation - Media Center Receiver Service.) – C:\WINDOWS\eHome\ehRecvr.exe [237568]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) – C:\WINDOWS\eHome\ehSched.exe [103424]
[MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) – C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] - (.Microsoft Corporation - Media Center Tray Applet.) – C:\WINDOWS\ehome\ehtray.exe [67584]
[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) – C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [49152]
[MD5.B9FE1F943508953C0683AB7F1602E643] - (.Pas de propriétaire - USBDeviceService Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [90112]
[MD5.1674E54E4AB3D492C648AA43F731A540] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) – C:\WINDOWS\RTHDCPL.EXE [16207872]
[MD5.84DA056C4331B17A5AAFACFF49C3BBA3] - (.NEC Computers International - Activboard Application.) – C:\apps\ABoard\ABoard.exe [24576]
[MD5.804FBB66EC6CA862B840D173EFC638A7] - (.DAEMON’S HOME - Virtual DAEMON Manager.) – C:\Program Files\D-Tools\daemon.exe [81920]
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) – c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [45056]
[MD5.66C31EC9B966A1D5FFC726A53DC1A137] - (.NEC Computers International - ActivOSD Application.) – C:\apps\ABoard\AOSD.exe [69632]
[MD5.968B7A2E6BE07CF337A34E07D0BE3ECC] - (.Microsoft Corporation - XBoxStat.exe.) – C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [734264]
[MD5.F3DEAA1F2FCF70FAF6DE3757CA343FA5] - (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe [421160]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java™ Update Scheduler.) – C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [249064]
[MD5.C8EEF1197422A9165363C3A6B41F94EB] - (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastUI.exe [3460784]
[MD5.C9AF9154AD9ED64F80B34DEE3270DC94] - (.Pas de propriétaire - DetectorApp Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [102400]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) – C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480]
[MD5.6B8F8210242F34680B998E4A30D7B96E] - (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe [975360]
[MD5.019AB047B932AD277A4DA2673E5CC19C] - (.Nokia. - ServiceLayer Module.) – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [300544]
[MD5.8E5E5A8CC84DA3F683E3BBC045138D52] - (.Apple Inc. - iPodService Module (32-bit).) – C:\Program Files\iPod\bin\iPodService.exe [820008]
[MD5.89F7C30A91E5581BDF14C62AB46A2B2D] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) – C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [255536]
[MD5.A83D567A562466B3D87825416F4CE54C] - (.ISSENDIS - Pas de description.) – C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [257536]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\IEXPLORE.EXE [638816]
[MD5.5D3EB549B1299390D5399D8A10644826] - (.Nicolas Coolman - Diagnostic Tool.) – C:\Program Files\ZHPDiag\ZHPDiag.exe [645120]

—\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [famille mistre] Home URL=http://google.fr
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) – C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) – C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) – C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) – C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) – C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) – C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) – c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) – C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) – C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) – c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) – C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) – C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R0 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19048 (longhorn_ie8_gdr.110221-1700)) – C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

—\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

—\ —\ Modification d’une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”

—\ Browser Helper Objects de navigateur (O2)
O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) – C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} Clé orpheline
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java™ Quick Starter binary.) – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} Clé orpheline

—\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) – C:\Program Files\uTorrentBar_FR\tbuTor.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

—\ —\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM…\Run: [PHIME2002ASync] . (.Microsoft Corporation - ??? 2002a.) – C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM…\Run: [PHIME2002A] . (.Microsoft Corporation - ??? 2002a.) – C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM…\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) – C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) – C:\WINDOWS\RTHDCPL.exe
O4 - HKLM…\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) – C:\WINDOWS\ALCMTR.exe
O4 - HKLM…\Run: [ATICCC] . (…) – c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
O4 - HKLM…\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) – C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM…\Run: [ACTIVBOARD] . (.NEC Computers International - Activboard Application.) – c:\apps\ABoard\ABoard.exe
O4 - HKLM…\Run: [DAEMON Tools-1033] . (.DAEMON’S HOME - Virtual DAEMON Manager.) – C:\Program Files\D-Tools\daemon.exe
O4 - HKLM…\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) – C:\Program Files\QuickTime\qttask.exe
O4 - HKLM…\Run: [XboxStat] . (.Microsoft Corporation - XBoxStat.exe.) – c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
O4 - HKLM…\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) – C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM…\Run: [avast] . (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM…\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) – C:\WINDOWS\SkyTel.exe
O4 - HKLM…\Run: [PCSuiteTrayApplication] . (.Nokia - PC Suite.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\LaunchApplication.exe
O4 - HKLM…\Run: [DetectorApp] . (.Pas de propriétaire - DetectorApp Module.) – C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM…\Run: [OoPDFSettingsv6.exe] . (.ISSENDIS - OFFICE One PDF Manager v6.) – C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU…\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe
O4 - HKCU…\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [WahOO] . (.Kow Media - WahOO.) – C:\Documents and Settings\famille mistre\Local Settings\Application Data\WahOO\WahOO.exe
O4 - HKCU…\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) – C:\Program Files\uTorrent\uTorrent.exe
O4 - HKCU…\Run: [Steam] . (.Valve Corporation - Steam.) – C:\Program Files\Steam\Steam.exe
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\PcSync2.exe
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) – C:\Documents and Settings\famille mistre\Mes documents\Nokia PC Suite 6\PcSync2.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) – C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) – C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [WahOO] . (.Kow Media - WahOO.) – C:\Documents and Settings\famille mistre\Local Settings\Application Data\WahOO\WahOO.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) – C:\Program Files\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-1661315772-4131668212-793768658-1005…\Run: [Steam] . (.Valve Corporation - Steam.) – C:\Program Files\Steam\Steam.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk . (.McAfee, Inc…) – C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk . (.ISSENDIS.) – C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

—\ —\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (…) – C:\WINDOWS\Installer{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Media Center.lnk . (.Microsoft Corporation.) – C:\WINDOWS\ehome\ehshell.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Opera.lnk . (.Opera Software.) – C:\Program Files\Opera\opera.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Paint.NET.lnk . (.dotPDN LLC.) – C:\Program Files\Paint.NET\PaintDotNet.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) – C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) – C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) – C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) – C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\famille mistre\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) – C:\Program Files\Windows Media Player\wmplayer.exe

—\ Lignes supplémentaires dans le menu contextuel d’Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) – C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki… . (.Google Inc. - Google Toolbar for Internet Explorer.) – C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) – C:\PROGRA~1\MICROS~4\OFFICE11\REFBARH.ICO
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (…) – C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (…) – C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) – C:\Program Files\Messenger\msmsgs.exe

—\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) – C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) – C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) – C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) – C:\Program Files\Bonjour\mdnsNSP.dll

—\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - appldnld.apple.com.edgesuite.net…
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - download.microsoft.com…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - download.eset.com…
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - fpdownload.macromedia.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - platformdl.adobe.com…
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - gfx2.hotmail.com…

—\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip…{BF96EC60-8190-40D4-BF92-5C2EB3F700F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) – C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) – C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) – C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) – C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) – C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) – C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) – C:\Windows\System32\wlnotify.dll

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) – C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) – C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) – C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d’environnement Systray.) – C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) – C:\WINDOWS\system32\WPDShServiceObj.dll

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l’interface utilisateur du.) – C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l’interface utilisateur du.) – C:\WINDOWS\system32\browseui.dll

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AOL ACS) . (.America Online, Inc. - AOL Connectivity Service.) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d’installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gupdatem) . (.Google Inc. - Programme d’installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (McComponentHostService) . (.McAfee, Inc. - Component Host Service.) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) - Clé orpheline
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) . (.CACE Technologies, Inc. - Remote Packet Capture Daemon.) - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: (ServiceLayer) . (.Nokia. - ServiceLayer Module.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: (USBDeviceService) . (.Pas de propriétaire - USBDeviceService Module.) - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: (x10nets) . (.X10 - X10 Module.) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe

—\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Configurer mon PC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{24EA2F0B-63B0-4E92-8BFA-9A9C57691DC3}.job
[MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc…) – C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.298A1809604F11B5B6F0932DB074948A] [APT] [Configurer mon PC] (.Packard Bell BV.) – C:\Apps\SMP\PCSETUP.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc…) – C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc…) – C:\Program Files\Google\Update\GoogleUpdate.exe

—\ Pilotes lancés au démarrage (O41)
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

—\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] – {2852AC2C-B2FC-4F4A-A573-D466C872E688}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 7.0 - Français - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1036-7B44-A70000000000}
O42 - Logiciel: Adobe Shockwave Player 11 - (.Adobe Systems, Inc…) [HKLM] – Adobe Shockwave Player
O42 - Logiciel: AlerteGPS G300 - (.Pas de propriétaire.) [HKLM] – AlerteGPS G300
O42 - Logiciel: Apple Application Support - (.Apple Inc…) [HKLM] – {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc…) [HKLM] – {5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}
O42 - Logiciel: Apple Software Update - (.Apple Inc…) [HKLM] – {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] – WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] – {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Bonjour - (.Apple Inc…) [HKLM] – {2A981294-F14C-4F0F-9627-D793270922F8}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] – CCleaner
O42 - Logiciel: Codeur Windows Media Série 9 - (.Microsoft Corporation.) [HKLM] – {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Codeur Windows Media Série 9 - (.Pas de propriétaire.) [HKLM] – Windows Media Encoder 9
O42 - Logiciel: DAEMON Tools - (.DAEMON’S HOME.) [HKLM] – {3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] – {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
O42 - Logiciel: GameSpy Arcade - (.Pas de propriétaire.) [HKLM] – GameSpy Arcade
O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] – {FB4F9000-04FC-11E0-85D2-001AA037B01E}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc…) [HKLM] – {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc…) [HKLM] – {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc…) [HKLM] – {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] – KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] – KB929399
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157) - (.Microsoft Corporation.) [HKLM] – KB903157
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] – KB954550-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] – WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] – {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 4 - (.Sun Microsystems, Inc…) [HKLM] – {3248F0A8-6813-11D6-A77B-00B0D0150040}
O42 - Logiciel: Java™ 6 Update 24 - (.Sun Microsystems, Inc…) [HKLM] – {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] – {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] – Windows Media Player
O42 - Logiciel: MCE Software Encoder 1.0 - (.Pas de propriétaire.) [HKLM] – {7655E113-C306-11D9-A373-0050BAE317E1}
O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] – MSNINST
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] – {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] – {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] – {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] – {716E0306-8318-4364-8B8F-0CC4E9376BAC}
O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM] – {5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
O42 - Logiciel: Macromedia Shockwave Player - (.Macromedia, Inc…) [HKLM] – {7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
O42 - Logiciel: Malwarebytes’ Anti-Malware - (.Malwarebytes Corporation.) [HKLM] – Malwarebytes’ Anti-Malware_is1
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc…) [HKLM] – McAfee Security Scan
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB953295) - (.Microsoft Corporation.) [HKLM] – KB953295
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB979904) - (.Microsoft Corporation.) [HKLM] – KB979904
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] – {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] – Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] – M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] – {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] – {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] – Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] – {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] – MSCompPackV1
O42 - Logiciel: Microsoft Halo - (.Microsoft.) [HKLM] – Halo
O42 - Logiciel: Microsoft Halo Trial - (.Microsoft.) [HKLM] – Halo Trial
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] – IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 - (.Microsoft Corporation.) [HKLM] – Wdf01001
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] – NLSDownlevelMapping
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] – {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] – {9011040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Office Project Professional 2003 - (.Microsoft Corporation.) [HKLM] – {903B040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] – {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] – {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] – {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] – {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] – Wudf01005
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] – {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] – {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM] – {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] – {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] – {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Xbox 360 Accessories 1.1 - (.Microsoft.) [HKLM] – {9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM] – Microsoft .NET Framework 2.0 Language Pack - FRA
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] – {11964613-805F-432D-A12B-169554B793E7}
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] – Nokia PC Suite
O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] – {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
O42 - Logiciel: OFFICE One 150 Modèles de documents - (.OFFICE one …) [HKLM] – OFFICE One 150 Modèles de documents_is1
O42 - Logiciel: OFFICE One 450 Fonts - (.ISSENDIS.) [HKLM] – OFFICE One 450 Fonts_is1
O42 - Logiciel: OFFICE One 6.5 Bureautique désinstallation complète 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One 6.5 Bureautique désinstallation complète 6.5
O42 - Logiciel: OFFICE One Clock 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Clock 6.5
O42 - Logiciel: OFFICE One Coffre Fort v6 - (.OFFICE one …) [HKLM] – OFFICE One Coffre Fort v6_is1
O42 - Logiciel: OFFICE One Color Picker 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Color Picker 6.5
O42 - Logiciel: OFFICE One Comptes Bancaires v6 - (.OFFICE one …) [HKLM] – OFFICE One Comptes Bancaires v6_is1
O42 - Logiciel: OFFICE One Guide 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Guide 6.5
O42 - Logiciel: OFFICE One Notes 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One Notes 6.5
O42 - Logiciel: OFFICE One PDF Manager 6.5 - (.ISSENDIS.) [HKLM] – OFFICE One PDF Manager 6.5
O42 - Logiciel: Opera 11.10 - (.Opera Software ASA.) [HKLM] – Opera 11.10.2092
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] – {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] – {99A40651-0BC2-4095-8F9A-A40FAB224FEF}
O42 - Logiciel: PL-2303 USB-to-Serial - (.Pas de propriétaire.) [HKLM] – {ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}
O42 - Logiciel: Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) - (.Nokia.) [HKLM] – 4077F884D1BB007055BDB83B621D87220A73F30F
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] – 0C5EDC3653FED5B121F464339EAC12534D253B25
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] – B726756F5B5A5AA9D798B399386FC6205A45F19E
O42 - Logiciel: Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1) - (.Nokia.) [HKLM] – CD8424B9400BFF7D34AA18F816C71322AC4BDAA7
O42 - Logiciel: Paint.NET v3.36 - (.dotPDN LLC.) [HKLM] – {43602F34-1AA3-44FB-AEB2-D08C2C73743F}
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] – PhotoFiltre
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] – {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: QuickTime - (.Apple Inc…) [HKLM] – {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp…) [HKLM] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] – {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SmartSound Quicktracks Plugin - (.SmartSound Software Inc.) [HKLM] – InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
O42 - Logiciel: Sonic Encoders - (.Sonic Solutions.) [HKLM] – {9941F0AA-B903-4AF4-A055-83A9815CC011}
O42 - Logiciel: Sonic Express Labeler - (.Sonic Solutions.) [HKLM] – {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Sonic MyDVD LE - (.Sonic Solutions.) [HKLM] – {21657574-BD54-48A2-9450-EB03B2C7FC29}
O42 - Logiciel: Sonic RecordNow Audio - (.Sonic Solutions.) [HKLM] – {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
O42 - Logiciel: Sonic RecordNow Copy - (.Sonic Solutions.) [HKLM] – {B12665F4-4E93-4AB4-B7FC-37053B524629}
O42 - Logiciel: Sonic RecordNow Data - (.Sonic Solutions.) [HKLM] – {075473F5-846A-448B-BCB3-104AA1760205}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] – {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM] – {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: TubeMaster++ 2.1 - (.GgSofts.) [HKLM] – TubeMaster++
O42 - Logiciel: Ulead PhotoImpact 10 SE - (.Ulead System.) [HKLM] – {5A065EA0-0EEC-4E94-A2A0-40812576C122}
O42 - Logiciel: Ulead VideoStudio 9.0 SE DVD - (.Ulead System.) [HKLM] – {8EAB2384-C794-40ED-A9DD-3270A0D2BB76}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] – {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter - (.Pas de propriétaire.) [HKLM] – VN_VUIns_Rhine_VIA
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] – VLC media player
O42 - Logiciel: Virtual DJ - Atomix Productions - (.Pas de propriétaire.) [HKLM] – Virtual DJ - Atomix Productions
O42 - Logiciel: WahOO - (.Pas de propriétaire.) [HKLM] – {0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1
O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM] – WinPcapInst
O42 - Logiciel: Windows Genuine Advantage Validation Tool - (.Microsoft Corporation.) [HKLM] – WGA
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] – ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] – ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] – {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] – {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] – {9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] – {76810709-A7D3-468D-9167-A1780C1E766C}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] – {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] – {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] – {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] – {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] – WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] – Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] – wmp11
O42 - Logiciel: Windows XP Media Center Edition 2005 KB2502898 - (.Microsoft Corporation.) [HKLM] – KB2502898
O42 - Logiciel: Windows XP Media Center Edition 2005 KB908246 - (.Microsoft Corporation.) [HKLM] – KB908246
O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766 - (.Microsoft Corporation.) [HKLM] – KB925766
O42 - Logiciel: Windows XP Media Center Edition 2005 KB973768 - (.Microsoft Corporation.) [HKLM] – KB973768
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] – Windows XP Service
O42 - Logiciel: X10 Hardware™ - (.Pas de propriétaire.) [HKLM] – X10Hardware
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] – avast
O42 - Logiciel: ffdshow [rev 2033] [2008-07-05] - (.Pas de propriétaire.) [HKLM] – ffdshow_is1
O42 - Logiciel: iTunes - (.Apple Inc…) [HKLM] – {AAD47011-8518-4608-9656-951DA35B587B}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] – {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM] – uTorrentBar_FR Toolbar
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKCU] – uTorrent
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] – uTorrent

—\ HKCU & HKLM Software Keys
[HKCU\Software\3rd Eye Solutions]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\America Online]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Aspyr Media]
[HKCU\Software\BitTorrent]
[HKCU\Software\Borland]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\ESET]
[HKCU\Software\GNU]
[HKCU\Software\GameSpy]
[HKCU\Software\Google]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\Issendis]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Kiones updater]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes’ Anti-Malware]
[HKCU\Software\MicroVision]
[HKCU\Software\NEC Computers International]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\OFFICE One v6]
[HKCU\Software\OFFICE One]
[HKCU\Software\Opera Software]
[HKCU\Software\PCSuite]
[HKCU\Software\Paint.NET]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Skype]
[HKCU\Software\Sonic]
[HKCU\Software\Sun Microsystems]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Valve]
[HKCU\Software\VirtualDJ]
[HKCU\Software\WahOO]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\X10]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\uTorrentBar_FR]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVAST Software]
[HKLM\Software\Activision]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\America Online]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Aspyr Media]
[HKLM\Software\Audible]
[HKLM\Software\Borland]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\CIEL]
[HKLM\Software\Claritas UK Ltd]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\D-Tools]
[HKLM\Software\Debug]
[HKLM\Software\Eset]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\GTek]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Identification]
[HKLM\Software\Imagine IT Limited]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\Issendis]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Lake]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes’ Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NEC Computers International]
[HKLM\Software\Nero]
[HKLM\Software\Netscape]
[HKLM\Software\Nokia]
[HKLM\Software\OD2]
[HKLM\Software\ODBC]
[HKLM\Software\OFFICE One]
[HKLM\Software\On Demand Distribution]
[HKLM\Software\Opera Software]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\Paint.NET]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Prolific Technology INC]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SOFTWARE]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sage]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\SmartSound Software]
[HKLM\Software\Sonic]
[HKLM\Software\Star Division]
[HKLM\Software\Symantec]
[HKLM\Software\Sys Modules]
[HKLM\Software\TG Byte Software]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Ulead Systems]
[HKLM\Software\VN_VUIns]
[HKLM\Software\Valve]
[HKLM\Software\VideoLAN]
[HKLM\Software\VirtualDJ]
[HKLM\Software\WinPcap]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\uTorrentBar_FR]

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2011 - 17:57:22 - [627707130] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 08/05/2011 - 00:12:42 - [3804525] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 06/05/2011 - 13:16:30 - [84005843] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 10/02/2009 - 22:14:08 - [74195245] ----D- C:\Program Files\Adobe
O43 - CFD: 19/04/2009 - 17:43:28 - [5177579] ----D- C:\Program Files\AlerteGPS
O43 - CFD: 11/02/2009 - 23:05:16 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 10/02/2009 - 22:15:22 - [64524563] ----D- C:\Program Files\AOL 9.0
O43 - CFD: 10/02/2009 - 22:15:20 - [2187024] ----D- C:\Program Files\AOL Compagnon
O43 - CFD: 28/01/2011 - 17:58:04 - [2306366] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 10/02/2009 - 22:02:56 - [110731634] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 29/04/2011 - 00:15:18 - [216056512] ----D- C:\Program Files\AVAST Software
O43 - CFD: 28/01/2011 - 17:57:34 - [616874] ----D- C:\Program Files\Bonjour
O43 - CFD: 01/07/2009 - 15:09:26 - [2627743] ----D- C:\Program Files\CCleaner
O43 - CFD: 10/02/2009 - 22:02:26 - [1514774] ----D- C:\Program Files\Common Files
O43 - CFD: 23/09/2004 - 20:03:50 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 10/02/2009 - 22:25:38 - [61440] ----D- C:\Program Files\CyberLink
O43 - CFD: 18/04/2009 - 13:02:48 - [391582] ----D- C:\Program Files\D-Tools
O43 - CFD: 10/09/2009 - 20:09:28 - [795104] ----D- C:\Program Files\DIFX
O43 - CFD: 12/07/2009 - 16:59:50 - [0] ----D- C:\Program Files\driver
O43 - CFD: 06/05/2011 - 22:32:56 - [133926097] ----D- C:\Program Files\ESET
O43 - CFD: 14/02/2009 - 02:40:14 - [11310477] ----D- C:\Program Files\ffdshow
O43 - CFD: 24/11/2009 - 22:58:04 - [22069566] ----D- C:\Program Files\GameSpy Arcade
O43 - CFD: 21/03/2011 - 22:10:00 - [66912690] ----D- C:\Program Files\Google
O43 - CFD: 27/07/2009 - 22:29:54 - [48098294] ----D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 16/04/2011 - 12:54:10 - [5993114] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 28/01/2011 - 17:59:04 - [1856115] ----D- C:\Program Files\iPod
O43 - CFD: 14/02/2009 - 01:03:48 - [0] ----D- C:\Program Files\ISSENDIS
O43 - CFD: 28/01/2011 - 17:59:44 - [128361708] ----D- C:\Program Files\iTunes
O43 - CFD: 13/03/2011 - 14:21:32 - [149125488] ----D- C:\Program Files\Java
O43 - CFD: 29/11/2009 - 17:12:56 - [1861717] ----D- C:\Program Files\Lavalys
O43 - CFD: 10/02/2009 - 22:15:20 - [711772] ----D- C:\Program Files\Learn2.com
O43 - CFD: 05/05/2011 - 23:56:30 - [4922238] ----D- C:\Program Files\Malwarebytes’ Anti-Malware
O43 - CFD: 28/02/2011 - 00:29:36 - [9454922] ----D- C:\Program Files\McAfee Security Scan
O43 - CFD: 17/02/2009 - 17:47:50 - [2152579] ----D- C:\Program Files\Messenger
O43 - CFD: 24/11/2009 - 22:14:32 - [1544075] ----D- C:\Program Files\Microsoft
O43 - CFD: 16/02/2009 - 02:01:44 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 23/09/2004 - 20:15:10 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 24/11/2009 - 22:57:34 - [1783597457] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 18/04/2009 - 13:11:34 - [114207237] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 20/04/2011 - 23:03:18 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 24/11/2009 - 22:13:14 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 24/11/2009 - 22:14:04 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 26/11/2010 - 02:58:34 - [7334344] ----D- C:\Program Files\Microsoft Xbox 360 Accessories
O43 - CFD: 18/04/2009 - 13:11:30 - [131072] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 12/08/2010 - 12:02:26 - [10949041] ----D- C:\Program Files\Movie Maker
O43 - CFD: 21/08/2009 - 00:51:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 13/02/2009 - 23:20:00 - [2193160] ----D- C:\Program Files\MSN
O43 - CFD: 23/09/2004 - 19:59:50 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 04/03/2009 - 22:17:18 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 12/12/2009 - 20:37:26 - [2241832] ----D- C:\Program Files\Nero
O43 - CFD: 17/02/2009 - 17:43:16 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 28/08/2009 - 00:16:06 - [161241158] —AD- C:\Program Files\OFFICE One6.5
O43 - CFD: 17/04/2011 - 17:37:50 - [32800576] ----D- C:\Program Files\Opera
O43 - CFD: 16/12/2010 - 21:15:38 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 25/04/2009 - 04:10:12 - [9326446] ----D- C:\Program Files\Paint.NET
O43 - CFD: 10/09/2009 - 20:09:22 - [9382922] ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD: 07/03/2009 - 04:46:38 - [3737390] ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 28/01/2011 - 17:58:42 - [77427451] ----D- C:\Program Files\QuickTime
O43 - CFD: 10/02/2009 - 22:15:08 - [8442047] ----D- C:\Program Files\Real
O43 - CFD: 10/02/2009 - 21:59:58 - [47701840] ----D- C:\Program Files\Realtek
O43 - CFD: 21/08/2009 - 00:51:32 - [36400897] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 23/09/2004 - 20:08:52 - [932] ----D- C:\Program Files\Services en ligne
O43 - CFD: 10/02/2009 - 22:24:50 - [7273399] ----D- C:\Program Files\SmartSound Software
O43 - CFD: 10/02/2009 - 22:17:00 - [143900069] ----D- C:\Program Files\Sonic
O43 - CFD: 14/11/2009 - 13:17:40 - [68242915] ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 06/05/2011 - 21:59:54 - [137749699] ----D- C:\Program Files\Steam
O43 - CFD: 08/02/2011 - 23:59:56 - [11082874] ----D- C:\Program Files\TubeMaster++
O43 - CFD: 10/02/2009 - 22:23:48 - [225295084] ----D- C:\Program Files\Ulead Systems
O43 - CFD: 23/09/2004 - 20:25:48 - [0] ----D- C:\Program Files\Uninstall Information
O43 - CFD: 28/02/2011 - 22:46:50 - [399736] ----D- C:\Program Files\uTorrent
O43 - CFD: 28/02/2011 - 22:47:22 - [4135545] ----D- C:\Program Files\uTorrentBar_FR
O43 - CFD: 13/02/2009 - 21:44:52 - [61995016] ----D- C:\Program Files\VideoLAN
O43 - CFD: 31/08/2010 - 21:59:54 - [16786889] ----D- C:\Program Files\VirtualDJ
O43 - CFD: 25/07/2010 - 22:21:02 - [283160678] ----D- C:\Program Files\Western Digital
O43 - CFD: 30/04/2011 - 21:07:22 - [141906346] ----D- C:\Program Files\Windows Live
O43 - CFD: 24/11/2009 - 22:11:50 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 10/02/2009 - 22:24:10 - [14413887] ----D- C:\Program Files\Windows Media Components
O43 - CFD: 13/02/2009 - 21:39:56 - [3581070] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 13/02/2009 - 21:39:56 - [7698619] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 19/04/2009 - 22:19:56 - [1373184] ----D- C:\Program Files\Windows NT
O43 - CFD: 23/09/2004 - 20:01:58 - [0] ----D- C:\Program Files\Windows Plus
O43 - CFD: 23/09/2004 - 20:09:02 - [0] ----D- C:\Program Files\WindowsUpdate
O43 - CFD: 17/01/2011 - 23:25:50 - [237571] ----D- C:\Program Files\WinPcap
O43 - CFD: 13/02/2009 - 21:46:46 - [3525705] ----D- C:\Program Files\WinRAR
O43 - CFD: 10/02/2009 - 22:02:26 - [18261] ----D- C:\Program Files\X10 Hardware
O43 - CFD: 26/11/2010 - 02:44:58 - [6685508] ----D- C:\Program Files\XBox 360 Controller for Windows Software
O43 - CFD: 23/09/2004 - 20:15:10 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 10/02/2009 - 22:02:26 - [1514774] ----D- C:\Program Files\Common Files\X10
O43 - CFD: 13/08/2010 - 22:40:00 - [0] ----D- C:\Documents and Settings\famille mistre\Application Data\2020 Fusion
O43 - CFD: 05/03/2009 - 15:27:56 - [13862600] ----D- C:\Documents and Settings\famille mistre\Application Data\Adobe
O43 - CFD: 22/02/2009 - 19:17:40 - [0] ----D- C:\Documents and Settings\famille mistre\Application Data\AdobeUM
O43 - CFD: 30/01/2011 - 20:39:52 - [214495804] ----D- C:\Documents and Settings\famille mistre\Application Data\Apple Computer
O43 - CFD: 10/02/2009 - 22:04:14 - [0] ----D- C:\Documents and Settings\famille mistre\Application Data\ATI
O43 - CFD: 23/05/2009 - 15:31:06 - [428090] ----D- C:\Documents and Settings\famille mistre\Application Data\BlackBean
O43 - CFD: 03/03/2009 - 00:20:32 - [2560] ----D- C:\Documents and Settings\famille mistre\Application Data\CyberLink
O43 - CFD: 03/04/2011 - 21:26:00 - [199] ----D- C:\Documents and Settings\famille mistre\Application Data\dvdcss
O43 - CFD: 13/04/2009 - 03:12:48 - [0] ----D- C:\Docume

Combofix est un programme, créé par sUBs, qui recherche sur votre ordinateur certains nuisibles, et qui, s’il les trouve, essaie de nettoyer ces infections automatiquement.

5-http://nsa26.casimages.com/img/2011/04/06/110406035111121454.gifTéléchargez Combofix sur votre bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://nsa26.casimages.com/img/2011/04/21/110421024707198799.png

Enregistrez-le sur le bureau.

Désactivez les applications antivirus et anti-malware résidentes, en général via un clic droit sur l’icône de la Zone de notification, sinon elles risquent d’interférer avec l’outil.

Faites un double clic sur l’icône et suvez les invites.

Lorsque l’outil aura terminé, il affichera un rapport.

Surtout ne lancez aucune application pendant le scan et après le redémarrage parfois nécessaire et provoqué.

Attendez l’affichage du rapport.
Copiez le contenu dans votre prochaine réponse.
Il sera enregistré sous C:\Combofix.txt

:jap:
Edité le 08/05/2011 à 15:42