Infection Adware.Hotbar • page 2

[sosyyy]

Bouhoo,

J'ai remis le dique dure en place. Tout semblait aller pour le mieux.
Soudain, AVAST a signaler qu'il y avait un virus dans mesdocuments-application data-...
J'ai voulu redemarrer l'ordi
Il ne pouvait plus bouster la machine.
L'os avait disparu.

Aujourd'hui, j'a effectue de facon approfondie:
SCAN MALWAREBYTES
SCAN AVAST
SCAN NOD32

NOD32 est en court depuis pres de 6heures.
Oui, je scanne egalement mon disque dure amovible.

voici quand meme le rapport de MALWAREBYTES:

Code: Tout sélectionner

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5904

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2011 7:25:54 AM
mbam-log-2011-02-28 (07-25-54).txt

Scan type: Full scan (C:\|G:\|H:\|)
Objects scanned: 157764
Time elapsed: 21 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


je ne comprends pas

[Del-crosseur]

Bonjour ,

Pourrais-je avoir exactement le nom du virus trouvé par Avast stp... ?
Poste moi directement le rapport d'Avast au pire...

Refais un ZHPDiag comme tu la fais au début .

[sosyyy]

Hello,

Voici,
j'ai donc replace le disque dur problematique a sa place.
J'ai effectue un scan avec AVAST qui indique que l'ordinateur est clean
Ensuite le scan avec MALWAREBYTES revele ceci :

Code: Tout sélectionner

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5922

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/03/2011 1:51:13 AM
mbam-log-2011-03-02 (01-51-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 289165
Time elapsed: 3 hour(s), 28 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com (Adware.QWO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.qword.com (Adware.QWO) -> Value: www.qword.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Homepage) -> Bad: (http://www.qword.com/?s=1) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ramessou\favorites\qword search engine.url (Adware.QWO) -> Quarantined and deleted successfully.


Avant de faire ce que tu m'as propose, je viens de lancer un scan avec NOD32.
Quelle patience.
Alors, il y a une chose que je ne comprend pas tres bien.
Lorsque le disque se trouve en hote sur un autre ordinateur, MALWAREBYTE ne trouve rien.
Est-ce que c'est normal?

[Del-crosseur]

Bonjour ,

Lorsque le disque se trouve en hote sur un autre ordinateur, MALWAREBYTE ne trouve rien.
Est-ce que c'est normal?

-> Car tous simplement la première fois tu a demander à MBAM d'analyser les disques C: \ G: \ H:
Aucunes infections trouvés

->Puis maintenant tu lui a demander d'analyser les disques C: \ D:
d'ou les infections provienne du disque D:

Peut tu me faire un ZHPDiag sur le pc concerné stp...

[Skynet]

Bonjour Del-crosseur

voici le rapport de ZHPDiag

Code: Tout sélectionner

Rapport de ZHPDiag v1.27.1626 par Nicolas Coolman, Update du 01/03/2011
Run by Ramessou at 02/03/2011 1:10:12 PM
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox v3.6.13 (en-US) (Defaut)
GCIE: Google Chrome v8.0.552.224

---\\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 15 Model 31 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1279.5 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (66%) free of 76 GB

---\\ Logged in mode
Computer Name: CALGARY-MASTER
User Name: Ramessou
All Users Names: WJA, SUPPORT_388945a0, Ramessou, Nefertiti, HelpAssistant, Guest, Administrator,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Ramessou\Application Data
%LocalAppData%=C:\Documents and Settings\Ramessou\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Ramessou\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 50 Go of 76 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 73 Go of 73 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK


---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 5:00:00 AM.) -- C:\Windows\Explorer.exe [1033728]
[MD5.88014D62B5E3CDB0AC67948D86C926C8] - (.Microsoft Corporation - Internet Extensions for Win32.) (.20/12/2010 4:59:20 PM.) -- C:\Windows\System32\wininet.dll [916480]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/2008 5:00:00 AM.) -- C:\Windows\System32\Winlogon.exe [507904]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 5:00:00 AM.) -- C:\Windows\System32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 5:00:00 AM.) -- C:\Windows\System32\drivers\ntfs.sys [574976]


---\\ Running Processes
[MD5.A2322C6207EBB0761A6C8CC9003EBACF] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 258.9.) -- C:\WINDOWS\system32\nvsvc32.exe   [155752]
[MD5.25FB74EABCE5EC7836BA3CFB3C58449A] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe   [40384]
[MD5.E731921DB2E17DCD3DB472FAD5549C57] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe   [153376]
[MD5.32933B07FC16D9F778BEE12545FA1B1A] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe   [19456]
[MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe   [71096]
[MD5.3E9CD8646EBF1C15438F9135796C02B7] - (.PC Tools - StartMan Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe   [583640]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe   [3396624]
[MD5.32F1A63C86D009D95994B543511D6E5C] - (.Unknown owner - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe   [20480]
[MD5.D05D1BBCBA6C6843A7A96C5289DA22BE] - (.Unknown owner - NsWrtProc Microsoft Base Clase Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe   [24576]
[MD5.07B6ED7104BF4842C24A04432F5C76A1] - (.Almico Software (www.almico.com) - No comment.) -- C:\Program Files\SpeedFan\speedfan.exe   [4009592]
[MD5.CD2529845B83B5D952D91FDC0143A266] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [991800]
[MD5.D804D54E70E15078DFF46F9543A5E151] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [632320]


---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Ramessou] -- C:\Documents and Settings\Ramessou\Application Data\Mozilla\Firefox\Profiles\pr6rwi4c.default\searchplugins\aopa-airports.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Documents and Settings\Ramessou\Application Data\Mozilla\Firefox\Profiles\pr6rwi4c.default\searchplugins\daemon-search.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\amazondotcom.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\answers.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\creativecommons.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\McSiteAdvisor.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia.xml
M3 - MFPP: Plugins - [Ramessou] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.2".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.775.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Unknown owner - No comment.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Web Player version 2.1.0.900.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX OVS Helper,version=1.0.0] - (.DivX, LLC. - DivX OVS Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_23 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.775] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.775] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.775] - (.RealNetworks, Inc. - 6.0.12.775.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.7] - (.the VideoLAN Team - Version 1.1.7, copyright 1996-2011 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
M0 - MFSP: prefs.js [Ramessou - pr6rwi4c.default] http://www.google.ca/
M2 - MFEP: prefs.js [Ramessou - pr6rwi4c.default\fr-classique@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique» v3.9.2 (.Olivier R..)
M2 - MFEP: prefs.js [Ramessou - pr6rwi4c.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [Ramessou - pr6rwi4c.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20101113Wb1 (.Google Inc..)
M2 - MFEP: prefs.js [Ramessou - pr6rwi4c.default\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.14.2 (.The Flashblock Team.)


---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.flightplanning.navcanada.ca
G2 - GCE: Preference [User Data\Default] [cdngiadmnkhgemkimkhiilgffbjijcie] FlashBlock v.1.2.11.13 (Activé)
G2 - GCE: Preference [User Data\Default] [fnjbmmemklcjgepojigaapkoodmkgbae] DivX HiQ v.2.1.0.900 (Activé)
G2 - GCE: Preference [User Data\Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extension v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lefeecbpfmnmdoajflbekahgnbcjihcc] AT_ScottDraves v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] DivX Plus Web Player HTML5 \u003Cvideo\u003E v.2.1.0.900 (Activé)


---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-1229272821-1972579041-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-1229272821-1972579041-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} Orphean Key
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} . (.DivX, LLC - DivX Web Player version 2.1.0.900.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} . (.DivX, LLC - DivX Web Player version 2.1.0.900.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} . (.Unknown owner - No comment.) --  (.not file.)


---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Orphean Key
O4 - HKLM\..\Run: [WrtMon.exe] . (.Unknown owner - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [SpeedFan] . (.Almico Software (www.almico.com) - No comment.) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1229272821-1972579041-1417001333-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe


---\\ Other User Links (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 9.lnk . (.Adobe Systems Incorporated.)  -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CDBurnerXP.lnk . (.Canneverbe Limited.)  -- C:\Program Files\CDBurnerXP\cdbxpp.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Google Earth.lnk . (.Google.)  -- C:\Program Files\Google\Google Earth\client\googleearth.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Konfabulator.lnk . (.Yahoo, Inc..)  -- C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\La radio de Radio-Canada.lnk . (...)  -- C:\Program Files\La radio de Radio-Canada\La radio de Radio-Canada.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk . (.Malwarebytes Corporation.)  -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MBRCheck.lnk . (...)  -- C:\Program Files\ZHPDiag\mbrcheck.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Presto! PageManager 7.15.lnk . (.NewSoft Technology Corporation.)  -- C:\Program Files\NewSoft\Presto! PageManager 7.15\Prestopm.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Shaw Support.lnk . (.Shaw Communications.)  -- C:\Program Files\shaw\bin\shawsupport.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\VLC media player.lnk . (...)  -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.)  -- C:\Program Files\ZHPDiag\ZHPDiag.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPFix.lnk . (.Nicolas Coolman.)  -- C:\Program Files\ZHPDiag\ZHPFix.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\G Mes images.lnk . (...)  -- H:\Documents and Settings\NEFER\MES DOC\G Mes images (.not file.)
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\MagicISO.lnk . (.MagicISO, Inc..)  -- C:\Program Files\MagicISO\MagicISO.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\Print Screen.lnk . (.Gadwin Systems, Inc.)  -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\shutdown.exe.lnk . (.Microsoft Corporation.)  -- C:\WINDOWS\system32\shutdown.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).)  -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\WeatherEye.lnk . (.Pelmorex Media Inc..)  -- C:\Documents and Settings\Ramessou\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - Global Startup: C:\Documents And Settings\Ramessou\Desktop\wwww.lnk . (...)  -- C:\Documents and Settings\Ramessou\Desktop\TAKE OFF


---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\WINDOWS\system32\GPhotos.scr
O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe


---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.not file.) - G:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.not file.) - G:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Unknown owner - No comment.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Skype Plug-In - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\WINDOWS\system32\wshbth.dll


---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab


---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpDomain = Belkin
O17 - HKLM\System\CS2\Services\Tcpip\..\{86033703-3E33-449E-92CB-B1AC2D87E6F6}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1


---\\ Extra protocols and protocol Hijackers (O18)
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\Windows\System32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll


---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Systray shell service object.) -- C:\WINDOWS\system32\stobject.dll


---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll


---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service:  (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service:  (dmadmin) . (.Microsoft Corp., Veritas Software - Logical Disk Manager service process.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service:  (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service:  (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service:  (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service:  (McComponentHostService) . (.McAfee, Inc. - Component Host Service.) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service:  (NMSAccess) . (.Unknown owner - No comment.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service:  (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 258.9.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service:  (PCToolsSSDMonitorSvc) . (.PC Tools - StartMan Application.) - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe


---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Default MHTML Editor: Last - .(.Unknown owner - No comment.) -  (.not file.)


---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cb6c88f693ff7c.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1003.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1004.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1005.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1003.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1004.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1005.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore1cb6c88f693ff7c] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeLogonTaskS-1-5-18] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1003] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1004] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeLogonTaskS-1-5-21-1229272821-1972579041-1417001333-1005] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeScheduledTaskS-1-5-18] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1003] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1004] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
[MD5.2C1A1F91D3288E7C02B584C2553967B6] [APT] [RealUpgradeScheduledTaskS-1-5-21-1229272821-1972579041-1417001333-1005] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe


---\\ Drivers launched at startup (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - i8042 Port Driver.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Keyboard Class Driver.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver:  (kbdhid) . (.Microsoft Corporation - HID Mouse Filter Driver.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Mouse Class Driver.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver:  (Processor) . (.Microsoft Corporation - Processor Device Driver.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Serial Device Driver.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver:  (Tcpip6) . (.Microsoft Corporation - IPv6 driver.) - C:\Windows\System32\DRIVERS\tcpip6.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys


---\\ Software installed (O42)
O42 - Logiciel: 7art Crystal Clock ©  2011 by 7art-screensavers.com - (.7art-screensavers.com.) [HKLM] -- 7art Crystal Clock Screensaver_is1
O42 - Logiciel: Abacus EZ-Libraries - (.Abacus.) [HKLM] -- {C539AF6F-9DB3-458C-9274-1F3EE3291FB1}
O42 - Logiciel: ActiveSky Version 6 and ActiveSky Graphics - (.HiFi Simulation Software.) [HKLM] -- {6C06AC26-DBD1-46E5-9863-33E7633566E5}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.2 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A94000000001}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Belg7000 V2.3 (Belgium 2004) - (.Unknown owner.) [HKLM] -- Belg7000 V2.3 (Belgium 2004)
O42 - Logiciel: Belg7000 V2.3_ Exclude - (.Unknown owner.) [HKLM] -- Belg7000 V2.3_ Exclude
O42 - Logiciel: Belg7000V2.3_Effects (smoke) - (.Unknown owner.) [HKLM] -- Belg7000V2.3_Effects (smoke)
O42 - Logiciel: BitTorrent - (.BitTorrent, Inc.) [HKLM] -- BitTorrent
O42 - Logiciel: Boeing 737 Fuel Planner 1.5a - (.Unknown owner.) [HKLM] -- Boeing 737 Fuel Planner 1.5a
O42 - Logiciel: BullGuard Mobile Antivirus - (.Unknown owner.) [HKLM] -- BullGuard Mobile Antivirus
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: CPUID CPU-Z 1.54 - (.Unknown owner.) [HKLM] -- CPUID CPU-Z_is1
O42 - Logiciel: Canon MX700 series - (.Unknown owner.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series
O42 - Logiciel: Carambis Driver Updater - (.Media Fog Ltd..) [HKLM] -- {542068F1-9AAE-4E1B-8ACA-094FE03728BE}
O42 - Logiciel: Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3 - (.Cucusoft, Inc..) [HKLM] -- Cucusoft Ultimate DVD + Video Converter Suite_is1
O42 - Logiciel: CutePDF Writer 2.8 - (.Unknown owner.) [HKLM] -- CutePDF Writer Installation
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: DivX Setup - (.DivX, LLC.) [HKLM] -- DivX Setup.divx.com
O42 - Logiciel: Driver Detective - (.PC Drivers HeadQuarters.) [HKLM] -- InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}
O42 - Logiciel: DriverAgent by eSupport.com - (.Unknown owner.) [HKLM] -- DriverAgent.exe
O42 - Logiciel: EBCI2004 - Freeware Version - (.MIPISoft.) [HKLM] -- EBCI2004 by MIPISOFT_is1
O42 - Logiciel: EVEREST Ultimate Edition v5.50 - (.Lavalys, Inc..) [HKLM] -- EVEREST Ultimate Edition_is1
O42 - Logiciel: FS Copilot V3 - (.Micro Application.) [HKLM] -- {84DB3796-35CF-4B6B-8E51-40D0B08FE888}
O42 - Logiciel: FS Descent Calculator V2 - (.Unknown owner.) [HKLM] -- ST6UNST #2
O42 - Logiciel: FSFDT FSCopilot - (.Unknown owner.) [HKLM] -- FSFDT FSCopilot
O42 - Logiciel: FSFDT FSInn - (.Unknown owner.) [HKLM] -- FSFDT FSInn
O42 - Logiciel: FeelThere Caravan! Deluxe 1.11 - (.FeelThere.) [HKLM] -- FeelThere Caravan! Deluxe
O42 - Logiciel: FlightParis AutogenPack - (.Unknown owner.) [HKLM] -- FlightParis AutogenPack
O42 - Logiciel: FreshDiagnose - (.Unknown owner.) [HKLM] -- FreshDevices - FreshDiagnose_is1
O42 - Logiciel: Futuremark SystemInfo - (.Futuremark Corporation.) [HKLM] -- {BEE64C14-BEF1-4610-8A68-A16EAA47B882}
O42 - Logiciel: Gadwin PrintScreen - (.Unknown owner.) [HKLM] -- Gadwin PrintScreen
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {4286E640-B5FB-11DF-AC4B-005056C00008}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Hardware Helper - (.Driver-Soft Inc..) [HKLM] -- Hardware Helper_is1
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB2158563) - (.Microsoft Corporation.) [HKLM] -- KB2158563
O42 - Logiciel: Hotfix for Windows XP (KB2443685) - (.Microsoft Corporation.) [HKLM] -- KB2443685
O42 - Logiciel: Hotfix for Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118
O42 - Logiciel: Hotfix for Windows XP (KB981793) - (.Microsoft Corporation.) [HKLM] -- KB981793
O42 - Logiciel: IPA/SAM Phonetics Fonts - (.University College London.) [HKLM] -- IPA/SAM Phonetic Fonts_is1
O42 - Logiciel: Java(TM) 6 Update 23 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216023FF}
O42 - Logiciel: Keyboard Throttle Gauge v1.0 - (.Nikola Jovanovic.) [HKLM] -- Keyboard Throttle Gauge_is1
O42 - Logiciel: Konfabulator - (.Yahoo! Inc..) [HKLM] -- {CB06A0B3-9016-4926-9C92-97ECB2722D8F}
O42 - Logiciel: La radio de Radio-Canada - (.Radio-Canada.) [HKLM] -- WidgetRadioSRC.13BC082BABA5407D3C98AC73F5DE7F4088D231BF.1
O42 - Logiciel: La radio de Radio-Canada - (.Radio-Canada.) [HKLM] -- {DD72A4A4-84D7-47FE-8697-BFFB8C6B282D}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC}
O42 - Logiciel: Magic ISO Maker v5.5 (build 0281) - (.Unknown owner.) [HKLM] -- Magic ISO Maker v5.5 (build 0281)
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft ActiveSync 4.0 - (.Microsoft Corporation.) [HKLM] -- {B208806F-A231-4FA0-AB3F-5C1B8979223E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}
O42 - Logiciel: Microsoft Office Access MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Access Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0117-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

Code: Tout sélectionner

O42 - Logiciel: Microsoft Office Publisher MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0115-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Speech SDK 5.1 - (.Microsoft.) [HKLM] -- {A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
O42 - Logiciel: Microsoft Text-to-Speech Engine 4.0 (English) - (.Unknown owner.) [HKLM] -- MSTTS
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {A49F249F-0C91-497F-86DF-B2585E8E76B7}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual FoxPro 8.0 Runtime GDI+ Hotfix - KB887685 - (.Microsoft Corporation.) [HKLM] -- {0BD1F5EF-CC01-482D-8132-BB680DB892A3}
O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.13)
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA nView Desktop Manager - (.NVIDIA Corporation.) [HKLM] -- NVIDIA nView Desktop Manager
O42 - Logiciel: PMDG 747-400 FS9 Update V1R12 (Unifies to FSX) - (.Precision Manuals Development Group.) [HKLM] -- {304DAE83-906F-4005-BA09-2870349ABD14}
O42 - Logiciel: PMDG747_400 Queen of the Skies - (.Precision Manuals Development Group.) [HKLM] -- {97679567-0095-464E-B5F2-E218A1CF3421}
O42 - Logiciel: PMDG747_400F - (.Precision Manuals Development Group.) [HKLM] -- {164360E5-0AAD-48AD-8A36-3F8A859FAB6F}
O42 - Logiciel: PMDG_747-400_Sound_Update - (.Precision Manuals Development Group.) [HKLM] -- {2758F387-D016-4725-9D03-AB039364DF3D}
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: Platinum Collection Diamond DA40 TDI for FS2004 - (.Abacus Software.) [HKLM] -- {A9249919-AA3D-45DD-B9C9-03C0979AA51F}
O42 - Logiciel: Presto! PageManager 7.15.16 - (.NewSoft Technology Corporation.) [HKLM] -- {D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}
O42 - Logiciel: REALTEK Gigabit and Fast Ethernet NIC Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {94FB906A-CF42-4128-A509-D353026A607E}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Realtek AC'97 Audio - (.Realtek Semiconductor Corp..) [HKLM] -- {FB08F381-6533-4108-B7DD-039E11FBC27E}
O42 - Logiciel: Registry Mechanic 9.0 - (.PC Tools.) [HKLM] -- Registry Mechanic_is1
O42 - Logiciel: Registry Repair Wizard - (.SmartPCTools.) [HKLM] -- Registry Repair Wizard_is1
O42 - Logiciel: ScanSoft OmniPage SE 4 - (.Nuance Communications, Inc..) [HKLM] -- {DEE88727-779B-47A9-ACEF-F87CA5F92A65}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2416400) - (.Microsoft Corporation.) [HKLM] -- KB2416400-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2482017) - (.Microsoft Corporation.) [HKLM] -- KB2482017-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB971961) - (.Microsoft Corporation.) [HKLM] -- KB971961-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB981332) - (.Microsoft Corporation.) [HKLM] -- KB981332-IE8
O42 - Logiciel: Security Update for Windows Media Player (KB2378111) - (.Microsoft Corporation.) [HKLM] -- KB2378111_WM9
O42 - Logiciel: Security Update for Windows Media Player (KB952069) - (.Microsoft Corporation.) [HKLM] -- KB952069_WM9
O42 - Logiciel: Security Update for Windows Media Player (KB954155) - (.Microsoft Corporation.) [HKLM] -- KB954155_WM9
O42 - Logiciel: Security Update for Windows Media Player (KB973540) - (.Microsoft Corporation.) [HKLM] -- KB973540_WM9
O42 - Logiciel: Security Update for Windows Media Player (KB975558) - (.Microsoft Corporation.) [HKLM] -- KB975558_WM8
O42 - Logiciel: Security Update for Windows Media Player (KB978695) - (.Microsoft Corporation.) [HKLM] -- KB978695_WM9
O42 - Logiciel: Security Update for Windows Media Player (KB979402) - (.Microsoft Corporation.) [HKLM] -- KB979402_WM9
O42 - Logiciel: Security Update for Windows XP (KB2079403) - (.Microsoft Corporation.) [HKLM] -- KB2079403
O42 - Logiciel: Security Update for Windows XP (KB2115168) - (.Microsoft Corporation.) [HKLM] -- KB2115168
O42 - Logiciel: Security Update for Windows XP (KB2121546) - (.Microsoft Corporation.) [HKLM] -- KB2121546
O42 - Logiciel: Security Update for Windows XP (KB2160329) - (.Microsoft Corporation.) [HKLM] -- KB2160329
O42 - Logiciel: Security Update for Windows XP (KB2229593) - (.Microsoft Corporation.) [HKLM] -- KB2229593
O42 - Logiciel: Security Update for Windows XP (KB2259922) - (.Microsoft Corporation.) [HKLM] -- KB2259922
O42 - Logiciel: Security Update for Windows XP (KB2279986) - (.Microsoft Corporation.) [HKLM] -- KB2279986
O42 - Logiciel: Security Update for Windows XP (KB2286198) - (.Microsoft Corporation.) [HKLM] -- KB2286198
O42 - Logiciel: Security Update for Windows XP (KB2296011) - (.Microsoft Corporation.) [HKLM] -- KB2296011
O42 - Logiciel: Security Update for Windows XP (KB2296199) - (.Microsoft Corporation.) [HKLM] -- KB2296199
O42 - Logiciel: Security Update for Windows XP (KB2347290) - (.Microsoft Corporation.) [HKLM] -- KB2347290
O42 - Logiciel: Security Update for Windows XP (KB2360937) - (.Microsoft Corporation.) [HKLM] -- KB2360937
O42 - Logiciel: Security Update for Windows XP (KB2387149) - (.Microsoft Corporation.) [HKLM] -- KB2387149
O42 - Logiciel: Security Update for Windows XP (KB2393802) - (.Microsoft Corporation.) [HKLM] -- KB2393802
O42 - Logiciel: Security Update for Windows XP (KB2419632) - (.Microsoft Corporation.) [HKLM] -- KB2419632
O42 - Logiciel: Security Update for Windows XP (KB2423089) - (.Microsoft Corporation.) [HKLM] -- KB2423089
O42 - Logiciel: Security Update for Windows XP (KB2436673) - (.Microsoft Corporation.) [HKLM] -- KB2436673
O42 - Logiciel: Security Update for Windows XP (KB2440591) - (.Microsoft Corporation.) [HKLM] -- KB2440591
O42 - Logiciel: Security Update for Windows XP (KB2443105) - (.Microsoft Corporation.) [HKLM] -- KB2443105
O42 - Logiciel: Security Update for Windows XP (KB2476687) - (.Microsoft Corporation.) [HKLM] -- KB2476687
O42 - Logiciel: Security Update for Windows XP (KB2478960) - (.Microsoft Corporation.) [HKLM] -- KB2478960
O42 - Logiciel: Security Update for Windows XP (KB2478971) - (.Microsoft Corporation.) [HKLM] -- KB2478971
O42 - Logiciel: Security Update for Windows XP (KB2479628) - (.Microsoft Corporation.) [HKLM] -- KB2479628
O42 - Logiciel: Security Update for Windows XP (KB2483185) - (.Microsoft Corporation.) [HKLM] -- KB2483185
O42 - Logiciel: Security Update for Windows XP (KB2485376) - (.Microsoft Corporation.) [HKLM] -- KB2485376
O42 - Logiciel: Security Update for Windows XP (KB923561) - (.Microsoft Corporation.) [HKLM] -- KB923561
O42 - Logiciel: Security Update for Windows XP (KB923789) - (.Microsoft Corporation.) [HKLM] -- KB923789
O42 - Logiciel: Security Update for Windows XP (KB946648) - (.Microsoft Corporation.) [HKLM] -- KB946648
O42 - Logiciel: Security Update for Windows XP (KB950760) - (.Microsoft Corporation.) [HKLM] -- KB950760
O42 - Logiciel: Security Update for Windows XP (KB950762) - (.Microsoft Corporation.) [HKLM] -- KB950762
O42 - Logiciel: Security Update for Windows XP (KB950974) - (.Microsoft Corporation.) [HKLM] -- KB950974
O42 - Logiciel: Security Update for Windows XP (KB951376-v2) - (.Microsoft Corporation.) [HKLM] -- KB951376-v2
O42 - Logiciel: Security Update for Windows XP (KB951748) - (.Microsoft Corporation.) [HKLM] -- KB951748
O42 - Logiciel: Security Update for Windows XP (KB952004) - (.Microsoft Corporation.) [HKLM] -- KB952004
O42 - Logiciel: Security Update for Windows XP (KB952954) - (.Microsoft Corporation.) [HKLM] -- KB952954
O42 - Logiciel: Security Update for Windows XP (KB954459) - (.Microsoft Corporation.) [HKLM] -- KB954459
O42 - Logiciel: Security Update for Windows XP (KB955069) - (.Microsoft Corporation.) [HKLM] -- KB955069
O42 - Logiciel: Security Update for Windows XP (KB956572) - (.Microsoft Corporation.) [HKLM] -- KB956572
O42 - Logiciel: Security Update for Windows XP (KB956744) - (.Microsoft Corporation.) [HKLM] -- KB956744
O42 - Logiciel: Security Update for Windows XP (KB956802) - (.Microsoft Corporation.) [HKLM] -- KB956802
O42 - Logiciel: Security Update for Windows XP (KB956803) - (.Microsoft Corporation.) [HKLM] -- KB956803
O42 - Logiciel: Security Update for Windows XP (KB956844) - (.Microsoft Corporation.) [HKLM] -- KB956844
O42 - Logiciel: Security Update for Windows XP (KB958644) - (.Microsoft Corporation.) [HKLM] -- KB958644
O42 - Logiciel: Security Update for Windows XP (KB958869) - (.Microsoft Corporation.) [HKLM] -- KB958869
O42 - Logiciel: Security Update for Windows XP (KB959426) - (.Microsoft Corporation.) [HKLM] -- KB959426
O42 - Logiciel: Security Update for Windows XP (KB960225) - (.Microsoft Corporation.) [HKLM] -- KB960225
O42 - Logiciel: Security Update for Windows XP (KB960803) - (.Microsoft Corporation.) [HKLM] -- KB960803
O42 - Logiciel: Security Update for Windows XP (KB960859) - (.Microsoft Corporation.) [HKLM] -- KB960859
O42 - Logiciel: Security Update for Windows XP (KB961501) - (.Microsoft Corporation.) [HKLM] -- KB961501
O42 - Logiciel: Security Update for Windows XP (KB969059) - (.Microsoft Corporation.) [HKLM] -- KB969059
O42 - Logiciel: Security Update for Windows XP (KB970238) - (.Microsoft Corporation.) [HKLM] -- KB970238
O42 - Logiciel: Security Update for Windows XP (KB970430) - (.Microsoft Corporation.) [HKLM] -- KB970430
O42 - Logiciel: Security Update for Windows XP (KB971468) - (.Microsoft Corporation.) [HKLM] -- KB971468
O42 - Logiciel: Security Update for Windows XP (KB971657) - (.Microsoft Corporation.) [HKLM] -- KB971657
O42 - Logiciel: Security Update for Windows XP (KB971961) - (.Microsoft Corporation.) [HKLM] -- KB971961
O42 - Logiciel: Security Update for Windows XP (KB972270) - (.Microsoft Corporation.) [HKLM] -- KB972270
O42 - Logiciel: Security Update for Windows XP (KB973507) - (.Microsoft Corporation.) [HKLM] -- KB973507
O42 - Logiciel: Security Update for Windows XP (KB973869) - (.Microsoft Corporation.) [HKLM] -- KB973869
O42 - Logiciel: Security Update for Windows XP (KB973904) - (.Microsoft Corporation.) [HKLM] -- KB973904
O42 - Logiciel: Security Update for Windows XP (KB974112) - (.Microsoft Corporation.) [HKLM] -- KB974112
O42 - Logiciel: Security Update for Windows XP (KB974318) - (.Microsoft Corporation.) [HKLM] -- KB974318
O42 - Logiciel: Security Update for Windows XP (KB974392) - (.Microsoft Corporation.) [HKLM] -- KB974392
O42 - Logiciel: Security Update for Windows XP (KB974571) - (.Microsoft Corporation.) [HKLM] -- KB974571
O42 - Logiciel: Security Update for Windows XP (KB975025) - (.Microsoft Corporation.) [HKLM] -- KB975025
O42 - Logiciel: Security Update for Windows XP (KB975467) - (.Microsoft Corporation.) [HKLM] -- KB975467
O42 - Logiciel: Security Update for Windows XP (KB975560) - (.Microsoft Corporation.) [HKLM] -- KB975560
O42 - Logiciel: Security Update for Windows XP (KB975561) - (.Microsoft Corporation.) [HKLM] -- KB975561
O42 - Logiciel: Security Update for Windows XP (KB975562) - (.Microsoft Corporation.) [HKLM] -- KB975562
O42 - Logiciel: Security Update for Windows XP (KB975713) - (.Microsoft Corporation.) [HKLM] -- KB975713
O42 - Logiciel: Security Update for Windows XP (KB977816) - (.Microsoft Corporation.) [HKLM] -- KB977816
O42 - Logiciel: Security Update for Windows XP (KB977914) - (.Microsoft Corporation.) [HKLM] -- KB977914
O42 - Logiciel: Security Update for Windows XP (KB978037) - (.Microsoft Corporation.) [HKLM] -- KB978037
O42 - Logiciel: Security Update for Windows XP (KB978338) - (.Microsoft Corporation.) [HKLM] -- KB978338
O42 - Logiciel: Security Update for Windows XP (KB978542) - (.Microsoft Corporation.) [HKLM] -- KB978542
O42 - Logiciel: Security Update for Windows XP (KB978601) - (.Microsoft Corporation.) [HKLM] -- KB978601
O42 - Logiciel: Security Update for Windows XP (KB979309) - (.Microsoft Corporation.) [HKLM] -- KB979309
O42 - Logiciel: Security Update for Windows XP (KB979482) - (.Microsoft Corporation.) [HKLM] -- KB979482
O42 - Logiciel: Security Update for Windows XP (KB979559) - (.Microsoft Corporation.) [HKLM] -- KB979559
O42 - Logiciel: Security Update for Windows XP (KB979683) - (.Microsoft Corporation.) [HKLM] -- KB979683
O42 - Logiciel: Security Update for Windows XP (KB979687) - (.Microsoft Corporation.) [HKLM] -- KB979687
O42 - Logiciel: Security Update for Windows XP (KB980195) - (.Microsoft Corporation.) [HKLM] -- KB980195
O42 - Logiciel: Security Update for Windows XP (KB980218) - (.Microsoft Corporation.) [HKLM] -- KB980218
O42 - Logiciel: Security Update for Windows XP (KB980232) - (.Microsoft Corporation.) [HKLM] -- KB980232
O42 - Logiciel: Security Update for Windows XP (KB980436) - (.Microsoft Corporation.) [HKLM] -- KB980436
O42 - Logiciel: Security Update for Windows XP (KB981322) - (.Microsoft Corporation.) [HKLM] -- KB981322
O42 - Logiciel: Security Update for Windows XP (KB981349) - (.Microsoft Corporation.) [HKLM] -- KB981349
O42 - Logiciel: Security Update for Windows XP (KB981852) - (.Microsoft Corporation.) [HKLM] -- KB981852
O42 - Logiciel: Security Update for Windows XP (KB981957) - (.Microsoft Corporation.) [HKLM] -- KB981957
O42 - Logiciel: Security Update for Windows XP (KB981997) - (.Microsoft Corporation.) [HKLM] -- KB981997
O42 - Logiciel: Security Update for Windows XP (KB982132) - (.Microsoft Corporation.) [HKLM] -- KB982132
O42 - Logiciel: Security Update for Windows XP (KB982214) - (.Microsoft Corporation.) [HKLM] -- KB982214
O42 - Logiciel: Security Update for Windows XP (KB982381) - (.Microsoft Corporation.) [HKLM] -- KB982381
O42 - Logiciel: Security Update for Windows XP (KB982665) - (.Microsoft Corporation.) [HKLM] -- KB982665
O42 - Logiciel: Security Update for Windows XP (KB982802) - (.Microsoft Corporation.) [HKLM] -- KB982802
O42 - Logiciel: Shaw Internet Update 3.3.1 - (.Shaw Cable.) [HKLM] -- Shaw Internet Update_is1
O42 - Logiciel: Shaw Support 3.3.2 - (.Shaw Cable.) [HKLM] -- {72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
O42 - Logiciel: Skype™ 5.0 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
O42 - Logiciel: Sound Blaster Live! Web 2K/XP - (.Unknown owner.) [HKLM] -- {3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}
O42 - Logiciel: SpeedFan (remove only) - (.Unknown owner.) [HKLM] -- SpeedFan
O42 - Logiciel: SquawkBox - (.Unknown owner.) [HKLM] -- SquawkBox
O42 - Logiciel: System Requirements Lab - (.Unknown owner.) [HKLM] -- SystemRequirementsLab
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2492475) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AB9C3240-8F97-4998-8911-3D40044124FC}
O42 - Logiciel: Update for Windows Internet Explorer 8 (KB976662) - (.Microsoft Corporation.) [HKLM] -- KB976662-IE8
O42 - Logiciel: Update for Windows XP (KB2141007) - (.Microsoft Corporation.) [HKLM] -- KB2141007
O42 - Logiciel: Update for Windows XP (KB2345886) - (.Microsoft Corporation.) [HKLM] -- KB2345886
O42 - Logiciel: Update for Windows XP (KB2467659) - (.Microsoft Corporation.) [HKLM] -- KB2467659
O42 - Logiciel: Update for Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461
O42 - Logiciel: Update for Windows XP (KB951978) - (.Microsoft Corporation.) [HKLM] -- KB951978
O42 - Logiciel: Update for Windows XP (KB955759) - (.Microsoft Corporation.) [HKLM] -- KB955759
O42 - Logiciel: Update for Windows XP (KB967715) - (.Microsoft Corporation.) [HKLM] -- KB967715
O42 - Logiciel: Update for Windows XP (KB968389) - (.Microsoft Corporation.) [HKLM] -- KB968389
O42 - Logiciel: Update for Windows XP (KB971737) - (.Microsoft Corporation.) [HKLM] -- KB971737
O42 - Logiciel: Update for Windows XP (KB973687) - (.Microsoft Corporation.) [HKLM] -- KB973687
O42 - Logiciel: Update for Windows XP (KB973815) - (.Microsoft Corporation.) [HKLM] -- KB973815
O42 - Logiciel: VB Runtime - (.Unknown owner.) [HKLM] -- VB Runtime
O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421}
O42 - Logiciel: VIA Platform Device Manager - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
O42 - Logiciel: VLC media player 1.1.7 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: WeatherEye - (.Unknown owner.) [HKCU] -- WeatherEye
O42 - Logiciel: WidevieW 2004 - (.Unknown owner.) [HKLM] -- ST6UNST #1
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WinZip 14.5 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] -- KB952011
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM] -- uTorrent

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3Filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASProtect]
[HKCU\Software\Abacus]
[HKCU\Software\Acro Software Inc]
[HKCU\Software\Adobe]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\Avance]
[HKCU\Software\Canneverbe Limited]
[HKCU\Software\Canon]
[HKCU\Software\Carambis]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Creative Tech]
[HKCU\Software\DT Soft]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\ESET]
[HKCU\Software\FreshDevices]
[HKCU\Software\Futuremark]
[HKCU\Software\GNU]
[HKCU\Software\Gadwin Systems]
[HKCU\Software\Google]
[HKCU\Software\Imaging]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lavalys]
[HKCU\Software\Level 27 Technologies]
[HKCU\Software\MMTWN]
[HKCU\Software\Macromedia]
[HKCU\Software\MagicISO]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\NirSoft]
[HKCU\Software\ODBC]
[HKCU\Software\PCTools]
[HKCU\Software\Phoenix Technologies]
[HKCU\Software\Piriform]
[HKCU\Software\Pixoria]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\SCC]
[HKCU\Software\ScanSoft]
[HKCU\Software\Skype]
[HKCU\Software\SmartPCTools]
[HKCU\Software\SpeedFan]
[HKCU\Software\Sunisoft]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VapiSoft]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\eSellerate]
[HKCU\Software\newsoft]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AMPing]
[HKLM\Software\Abacus]
[HKLM\Software\Acro Software Inc]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Inc.]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Canneverbe Limited]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ClsID]
[HKLM\Software\ComputerAssociates]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cucusoft]
[HKLM\Software\DT Soft]
[HKLM\Software\Data Fellows]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\Driver-Soft]
[HKLM\Software\Eset]
[HKLM\Software\FSFDT]
[HKLM\Software\Florenc]
[HKLM\Software\France VFR]
[HKLM\Software\GNU]
[HKLM\Software\GPL Ghostscript]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HiFi]
[HKLM\Software\InstallShield]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\LanSetup]
[HKLM\Software\Level 27 Technologies]
[HKLM\Software\Licenses]
[HKLM\Software\Logitech]
[HKLM\Software\MSI]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\NewSoft]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\ODBC]
[HKLM\Software\PCTools]
[HKLM\Software\Piriform]
[HKLM\Software\Pixoria]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\SCC]
[HKLM\Software\ScanSoft]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sunisoft]
[HKLM\Software\Totalidea Software]
[HKLM\Software\VIA Technologies, Inc]
[HKLM\Software\Via4in1Driver]
[HKLM\Software\VideoLAN]
[HKLM\Software\Voice]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wondershare]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\Yahoo]
[HKLM\Software\eSellerate]
[HKLM\Software\mozilla.org]
[HKLM\Software\shaw cable]


---\\ Contents of the Common Files folders (O43)
O43 - CFD: 19/07/2010 - 10:35:32 AM - [299586] ----D- C:\Program Files\Acro Software
O43 - CFD: 04/09/2010 - 2:02:26 PM - [2847840] ----D- C:\Program Files\ActiveXplorer
O43 - CFD: 06/10/2010 - 3:38:58 PM - [144094117] ----D- C:\Program Files\Adobe
O43 - CFD: 18/07/2010 - 1:12:32 PM - [141488175] ----D- C:\Program Files\Alwil Software
O43 - CFD: 11/11/2010 - 5:33:50 PM - [2221118] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 17/07/2010 - 5:36:58 PM - [1608243] ----D- C:\Program Files\Ask.com
O43 - CFD: 25/07/2010 - 10:25:34 PM - [1111409] ----D- C:\Program Files\BitTorrent
O43 - CFD: 07/12/2010 - 6:12:54 PM - [1691608] ----D- C:\Program Files\Boeing737FPL
O43 - CFD: 09/09/2010 - 4:14:14 PM - [28164236] --H-D- C:\Program Files\CanonBJ
O43 - CFD: 18/07/2010 - 1:16:54 PM - [5777175] ----D- C:\Program Files\Carambis
O43 - CFD: 29/07/2010 - 4:23:20 PM - [2961016] ----D- C:\Program Files\CCleaner
O43 - CFD: 05/11/2010 - 7:42:56 PM - [12653020] ----D- C:\Program Files\CDBurnerXP
O43 - CFD: 27/01/2011 - 1:47:16 AM - [449536601] ----D- C:\Program Files\Common Files
O43 - CFD: 17/07/2010 - 2:00:16 PM - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 17/07/2010 - 5:37:02 PM - [3099402] ----D- C:\Program Files\CPUID
O43 - CFD: 07/11/2003 - 2:17:26 AM - [12601174] ----D- C:\Program Files\Creative
O43 - CFD: 05/11/2010 - 8:20:48 PM - [34322678] ----D- C:\Program Files\Cucusoft
O43 - CFD: 07/11/2003 - 12:04:06 AM - [10382532] ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 31/12/2010 - 3:00:38 AM - [162842] ----D- C:\Program Files\DecentCalc
O43 - CFD: 29/07/2010 - 4:26:22 PM - [3488944] ----D- C:\Program Files\Defraggler
O43 - CFD: 19/12/2010 - 7:25:16 PM - [99692736] ----D- C:\Program Files\DivX
O43 - CFD: 25/07/2010 - 10:52:08 PM - [19367059] ----D- C:\Program Files\Driver-Soft
O43 - CFD: 20/07/2010 - 11:51:44 PM - [10241927] ----D- C:\Program Files\FreshDevices
O43 - CFD: 10/11/2010 - 2:00:28 AM - [13748561] ----D- C:\Program Files\FSFDT
O43 - CFD: 18/11/2010 - 6:47:38 AM - [3650837] ----D- C:\Program Files\Gadwin Systems
O43 - CFD: 26/12/2010 - 8:57:02 PM - [478975894] ----D- C:\Program Files\Google
O43 - CFD: 19/07/2010 - 10:36:28 AM - [8075602] ----D- C:\Program Files\GPLGS
O43 - CFD: 06/12/2010 - 12:45:34 PM - [5197824] ----D- C:\Program Files\HiFi
O43 - CFD: 07/11/2003 - 7:14:26 PM - [36121913] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 08/02/2011 - 3:11:32 PM - [5190311] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 19/07/2010 - 10:13:44 AM - [90845502] ----D- C:\Program Files\Java
O43 - CFD: 21/11/2010 - 11:28:30 AM - [4957816] ----D- C:\Program Files\La radio de Radio-Canada
O43 - CFD: 17/07/2010 - 5:30:04 PM - [16759797] ----D- C:\Program Files\Lavalys
O43 - CFD: 19/11/2010 - 7:09:04 AM - [0] ----D- C:\Program Files\Lavasoft
O43 - CFD: 06/11/2003 - 11:02:20 PM - [3103783] ----D- C:\Program Files\MagicISO
O43 - CFD: 01/03/2011 - 5:14:56 PM - [4918866] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 19/07/2010 - 10:05:12 AM - [2410567] ----D- C:\Program Files\McAfee Security Scan
O43 - CFD: 18/07/2010 - 3:31:06 PM - [2162183] ----D- C:\Program Files\Messenger
O43 - CFD: 19/10/2010 - 3:00:46 PM - [44290338] ----D- C:\Program Files\Micro Application
O43 - CFD: 23/09/2010 - 4:01:48 PM - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 17/07/2010 - 2:13:08 PM - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 17/11/2010 - 11:00:38 AM - [5370802909] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 23/08/2010 - 11:55:10 PM - [539447916] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 01/03/2011 - 12:52:56 PM - [38371963] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 31/12/2010 - 7:50:40 PM - [26517525] ----D- C:\Program Files\Microsoft Speech SDK 5.1
O43 - CFD: 23/08/2010 - 11:55:04 PM - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 23/08/2010 - 11:51:50 PM - [1262854] ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 24/08/2010 - 12:17:18 AM - [3726168] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 23/08/2010 - 11:54:08 PM - [8152064] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 23/08/2010 - 10:01:40 PM - [10285692] ----D- C:\Program Files\Movie Maker
O43 - CFD: 17/12/2010 - 6:31:22 PM - [32665467] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 23/08/2010 - 11:55:26 PM - [26521] ----D- C:\Program Files\MSBuild
O43 - CFD: 25/07/2010 - 11:11:52 PM - [4057916] ----D- C:\Program Files\MSI
O43 - CFD: 17/07/2010 - 1:58:12 PM - [0] ----D- C:\Program Files\MSN
O43 - CFD: 17/07/2010 - 1:58:46 PM - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 23/09/2010 - 4:01:32 PM - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 17/07/2010 - 2:03:06 PM - [3258723] ----D- C:\Program Files\NetMeeting
O43 - CFD: 23/09/2010 - 9:17:24 AM - [196947340] ----D- C:\Program Files\NewSoft
O43 - CFD: 14/10/2010 - 4:10:08 PM - [69731852] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 01/09/2010 - 9:14:12 PM - [1007] ----D- C:\Program Files\Online Services
O43 - CFD: 14/12/2010 - 2:37:08 PM - [4322949] ----D- C:\Program Files\Outlook Express
O43 - CFD: 25/07/2010 - 9:47:36 PM - [5469094] ----D- C:\Program Files\PC Drivers HeadQuarters
O43 - CFD: 26/08/2010 - 10:04:32 PM - [10864318] ----D- C:\Program Files\Pixoria
O43 - CFD: 31/08/2010 - 1:15:56 PM - [129731283] ----D- C:\Program Files\Real
O43 - CFD: 18/07/2010 - 5:27:04 PM - [43563540] ----D- C:\Program Files\Realtek AC97
O43 - CFD: 18/07/2010 - 6:17:44 PM - [36400897] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 10/02/2011 - 1:43:10 AM - [29305829] ----D- C:\Program Files\Registry Mechanic
O43 - CFD: 23/09/2010 - 9:14:50 AM - [121555479] ----D- C:\Program Files\ScanSoft
O43 - CFD: 26/01/2011 - 3:40:20 PM - [14070465] ----D- C:\Program Files\shaw
O43 - CFD: 09/12/2010 - 11:01:14 PM - [28205147] R---D- C:\Program Files\Skype
O43 - CFD: 10/09/2010 - 3:02:10 PM - [7564715] ----D- C:\Program Files\SmartPCTools
O43 - CFD: 02/03/2011 - 12:57:14 PM - [5121203] ----D- C:\Program Files\SpeedFan
O43 - CFD: 13/01/2011 - 5:11:16 PM - [13235081] ----D- C:\Program Files\SquawkBox
O43 - CFD: 01/09/2010 - 1:42:00 PM - [1117297] ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD: 13/09/2010 - 1:49:04 PM - [140691] ----D- C:\Program Files\Tweak-XP Pro 4
O43 - CFD: 17/07/2010 - 2:38:46 PM - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 01/09/2010 - 8:14:56 PM - [618617] ----D- C:\Program Files\Universal
O43 - CFD: 10/01/2011 - 11:11:20 AM - [2398938] ----D- C:\Program Files\utopia12
O43 - CFD: 19/07/2010 - 11:57:14 AM - [322352] ----D- C:\Program Files\uTorrent
O43 - CFD: 18/07/2010 - 1:26:12 PM - [3450493] ----D- C:\Program Files\VIA
O43 - CFD: 05/09/2010 - 4:10:08 PM - [82928145] ----D- C:\Program Files\VideoLAN
O43 - CFD: 17/07/2010 - 2:12:20 PM - [3236610] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 17/07/2010 - 1:58:38 PM - [3921663] ----D- C:\Program Files\Windows NT
O43 - CFD: 17/07/2010 - 2:04:32 PM - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 17/07/2010 - 5:29:34 PM - [3727750] ----D- C:\Program Files\WinRAR
O43 - CFD: 17/07/2010 - 5:28:18 PM - [19370777] ----D- C:\Program Files\WinZip
O43 - CFD: 17/07/2010 - 2:13:08 PM - [0] ----D- C:\Program Files\xerox
O43 - CFD: 18/07/2010 - 5:38:00 PM - [0] ----D- C:\Program Files\Yahoo!
O43 - CFD: 02/03/2011 - 1:11:00 PM - [3455220] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 06/10/2010 - 3:39:08 PM - [5493209] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 21/11/2010 - 11:19:58 AM - [30826314] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 11/11/2010 - 5:34:14 PM - [44307712] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 23/08/2010 - 11:55:04 PM - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 19/12/2010 - 7:24:18 PM - [24006656] ----D- C:\Program Files\Common Files\DivX Shared
O43 - CFD: 31/08/2010 - 8:35:28 PM - [2256577] ----D- C:\Program Files\Common Files\Futuremark Shared
O43 - CFD: 23/09/2010 - 9:15:48 AM - [16528670] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 19/07/2010 - 10:15:30 AM - [1243079] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 06/11/2003 - 11:00:42 PM - [0] ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD: 31/12/2010 - 7:59:06 PM - [170313366] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 17/07/2010 - 2:03:02 PM - [284160] ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD: 12/11/2010 - 1:55:48 PM - [3710120] ----D- C:\Program Files\Common Files\NewSoft
O43 - CFD: 17/07/2010 - 7:45:34 AM - [0] ----D- C:\Program Files\Common Files\ODBC
O43 - CFD: 01/08/2010 - 5:02:08 PM - [1693947] ----D- C:\Program Files\Common Files\PC Tools
O43 - CFD: 12/11/2010 - 1:55:02 PM - [18977220] ----D- C:\Program Files\Common Files\PDFView
O43 - CFD: 31/08/2010 - 1:16:02 PM - [20845948] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 23/09/2010 - 9:15:52 AM - [210472] ----D- C:\Program Files\Common Files\ScanSoft Shared
O43 - CFD: 17/07/2010 - 2:03:06 PM - [8106] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 09/12/2010 - 11:00:52 PM - [2164104] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 17/07/2010 - 7:45:10 AM - [65288580] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 24/08/2010 - 12:24:24 AM - [40933129] ----D- C:\Program Files\Common Files\System
O43 - CFD: 31/08/2010 - 1:15:52 PM - [352256] ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 06/10/2010 - 6:34:38 PM - [816245] ----D- C:\Documents and Settings\Ramessou\Application Data\Adobe
O43 - CFD: 05/09/2010 - 4:35:08 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\Bassic Technologies
O43 - CFD: 21/10/2010 - 12:07:22 PM - [123079] ----D- C:\Documents and Settings\Ramessou\Application Data\BitTorrent
O43 - CFD: 05/11/2010 - 7:44:36 PM - [1631] ----D- C:\Documents and Settings\Ramessou\Application Data\Canneverbe Limited
O43 - CFD: 23/09/2010 - 10:42:28 PM - [354428] ----D- C:\Documents and Settings\Ramessou\Application Data\Canon
O43 - CFD: 18/07/2010 - 1:18:10 PM - [151980] ----D- C:\Documents and Settings\Ramessou\Application Data\Carambis
O43 - CFD: 06/11/2003 - 10:54:12 PM - [97] ----D- C:\Documents and Settings\Ramessou\Application Data\DAEMON Tools Lite
O43 - CFD: 20/12/2010 - 12:06:26 PM - [143360] ----D- C:\Documents and Settings\Ramessou\Application Data\DivX
O43 - CFD: 26/08/2010 - 10:46:00 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\FreshDiagnose
O43 - CFD: 15/10/2010 - 10:48:00 AM - [27125] ----D- C:\Documents and Settings\Ramessou\Application Data\fs_earth_9
O43 - CFD: 18/07/2010 - 4:22:52 PM - [1294] ----D- C:\Documents and Settings\Ramessou\Application Data\GetRightToGo
O43 - CFD: 15/10/2010 - 9:54:04 AM - [54431] ----D- C:\Documents and Settings\Ramessou\Application Data\Google
O43 - CFD: 06/12/2010 - 12:45:34 PM - [1176] ----D- C:\Documents and Settings\Ramessou\Application Data\HiFi
O43 - CFD: 17/07/2010 - 2:38:54 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\Identities
O43 - CFD: 18/10/2010 - 5:33:16 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\InstallShield
O43 - CFD: 19/12/2010 - 7:25:16 PM - [1232785747] ----D- C:\Documents and Settings\Ramessou\Application Data\Local
O43 - CFD: 06/11/2003 - 11:00:44 PM - [11636] ----D- C:\Documents and Settings\Ramessou\Application Data\Logishrd
O43 - CFD: 06/11/2003 - 11:00:30 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\Logitech
O43 - CFD: 18/07/2010 - 2:57:12 PM - [2886714] ----D- C:\Documents and Settings\Ramessou\Application Data\Macromedia
O43 - CFD: 01/03/2011 - 5:15:16 PM - [3297] ----D- C:\Documents and Settings\Ramessou\Application Data\Malwarebytes
O43 - CFD: 22/12/2010 - 2:32:34 AM - [12621214] -S--D- C:\Documents and Settings\Ramessou\Application Data\Microsoft
O43 - CFD: 18/07/2010 - 1:24:32 PM - [16541009] ----D- C:\Documents and Settings\Ramessou\Application Data\Mozilla
O43 - CFD: 27/11/2010 - 10:07:12 AM - [51233] ----D- C:\Documents and Settings\Ramessou\Application Data\NewSoft
O43 - CFD: 24/12/2010 - 9:48:20 PM - [1631672] ----D- C:\Documents and Settings\Ramessou\Application Data\Real
O43 - CFD: 01/08/2010 - 5:07:56 PM - [3109] ----D- C:\Documents and Settings\Ramessou\Application Data\Registry Mechanic
O43 - CFD: 23/09/2010 - 9:16:16 AM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\ScanSoft
O43 - CFD: 11/01/2011 - 2:30:00 PM - [12704076] ----D- C:\Documents and Settings\Ramessou\Application Data\ScreenShot
O43 - CFD: 09/01/2011 - 8:38:30 PM - [4670680] ----D- C:\Documents and Settings\Ramessou\Application Data\Skype
O43 - CFD: 09/01/2011 - 4:00:08 PM - [22136] ----D- C:\Documents and Settings\Ramessou\Application Data\skypePM
O43 - CFD: 19/07/2010 - 10:12:26 AM - [19182359] ----D- C:\Documents and Settings\Ramessou\Application Data\Sun
O43 - CFD: 01/09/2010 - 1:42:00 PM - [1163264] ----D- C:\Documents and Settings\Ramessou\Application Data\SystemRequirementsLab
O43 - CFD: 11/01/2011 - 10:51:24 PM - [18546] ----D- C:\Documents and Settings\Ramessou\Application Data\uTorrent
O43 - CFD: 21/11/2010 - 11:28:36 AM - [674] ----D- C:\Documents and Settings\Ramessou\Application Data\WidgetRadioSRC.13BC082BABA5407D3C98AC73F5DE7F4088D231BF.1
O43 - CFD: 17/07/2010 - 5:32:40 PM - [12] ----D- C:\Documents and Settings\Ramessou\Application Data\WinRAR
O43 - CFD: 17/07/2010 - 5:31:54 PM - [0] ----D- C:\Documents and Settings\Ramessou\Application Data\Yahoo!
O43 - CFD: 06/10/2010 - 3:38:32 PM - [1591303] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Adobe
O43 - CFD: 11/11/2010 - 5:34:02 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Apple
O43 - CFD: 11/11/2010 - 5:33:34 PM - [10472] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Apple Computer
O43 - CFD: 21/09/2010 - 1:24:10 PM - [208007] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\AskToolbar
O43 - CFD: 05/09/2010 - 4:36:56 PM - [2754] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Bassic_Technologies
O43 - CFD: 05/11/2010 - 8:20:52 PM - [502271] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Cucusoft
O43 - CFD: 23/09/2010 - 9:43:44 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\CutePDF Writer
O43 - CFD: 25/07/2010 - 9:46:36 PM - [2575645] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Downloaded Installations
O43 - CFD: 08/09/2010 - 12:49:56 AM - [572728] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\eSupport.com
O43 - CFD: 26/12/2010 - 9:01:42 PM - [399956558] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Google
O43 - CFD: 31/12/2010 - 2:27:48 AM - [31058707] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Microsoft
O43 - CFD: 23/08/2010 - 11:46:42 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Microsoft Help
O43 - CFD: 18/07/2010 - 1:24:08 PM - [54587687] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Mozilla
O43 - CFD: 27/11/2010 - 10:06:28 AM - [66921] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\NewSoft
O43 - CFD: 31/08/2010 - 12:38:00 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\NOS
O43 - CFD: 25/07/2010 - 9:50:02 PM - [8087] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\PC_Drivers_Headquarters
O43 - CFD: 26/08/2010 - 10:04:50 PM - [4163276] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Pixoria
O43 - CFD: 31/08/2010 - 1:16:28 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Real
O43 - CFD: 24/09/2010 - 8:00:02 AM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Scansoft
O43 - CFD: 13/12/2010 - 2:31:54 PM - [0] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\Temp
O43 - CFD: 09/11/2010 - 10:10:00 AM - [2554050] ----D- C:\Documents and Settings\Ramessou\Local Settings\Application Data\TheWeatherNetwork
O43 - CFD: 17/07/2010 - 2:12:26 PM - [15589] R---D- C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Accessories
O43 - CFD: 17/07/2010 - 7:44:08 AM - [84] R---D- C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup


---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C20EF89AC08AF7AD4F24954BDFB805A3] - 01/03/2011 - 3:06:29 PM ---A- . (...) -- C:\WINDOWS\ntbtlog.txt   [192366]
O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 01/03/2011 - 5:14:45 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys   [20952]
O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 01/03/2011 - 5:14:50 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys   [38224]
O44 - LFC:[MD5.5C635C0520B5EA3125F063A6AACFB624] - 02/03/2011 - 1:01:38 PM ---A- . (...) -- C:\WINDOWS\setupact.log   [258]
O44 - LFC:[MD5.BA75E0D828E4FFDED3296B38EFCDE178] - 03/12/2008 - 7:19:44 PM ---A- . (...) -- C:\WINDOWS\Crystal Clock.scr   [1929728]
O44 - LFC:[MD5.7F3F64D19A4F52064D4D3D1D7AA590D5] - 08/02/2011 - 8:06:51 PM ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT   [285312]
O44 - LFC:[MD5.F4D021E764F6FA554606F4A735A3151B] - 08/02/2011 - 9:01:15 PM ---A- . (...) -- C:\WINDOWS\system.ini   [227]
O44 - LFC:[MD5.A994A421C5712C62823730D2AC1C49D3] - 08/02/2011 - 9:01:15 PM ---A- . (...) -- C:\WINDOWS\win.ini   [644]
O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 08/02/2011 - 9:01:15 PM -SH-- . (...) -- C:\boot.ini   [211]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2011 - 2:54:36 PM ---A- . (...) -- C:\WINDOWS\setuperr.log   [0]
O44 - LFC:[MD5.F8DA5A36315932DC2E67FFDE1218E50B] - 02/03/2011 - 12:54:46 PM ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl   [2206]
O44 - LFC:[MD5.B0ED1300F915817C00FCFD7F84EE1300] - 02/03/2011 - 12:51:47 PM ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log   [1530763]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/03/2011 - 12:50:40 PM ---A- . (...) -- C:\WINDOWS\0.log   [0]
O44 - LFC:[MD5.B0ED1300F915817C00FCFD7F84EE1300] - 02/03/2011 - 12:50:19 PM ---A- . (...) -- C:\WINDOWS\wiadebug.log   [159]
O44 - LFC:[MD5.B0ED1300F915817C00FCFD7F84EE1300] - 02/03/2011 - 12:50:08 PM ---A- . (...) -- C:\WINDOWS\wiaservc.log   [48]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 02/03/2011 - 12:47:29 PM -S-A- . (...) -- C:\WINDOWS\bootstat.dat   [2048]
O44 - LFC:[MD5.8429A93BF6EED51139D20332D23551D1] - 02/03/2011 - 12:19:45 PM ---A- . (...) -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000006-00001102-00000002-80641102}.rfx   [24888]
O44 - LFC:[MD5.8429A93BF6EED51139D20332D23551D1] - 02/03/2011 - 12:19:44 PM ---A- . (...) -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000006-00001102-00000002-80641102}.rfx   [24888]
O44 - LFC:[MD5.8829921DCE99C6055DF048A8C054915D] - 02/03/2011 - 12:19:44 PM ---A- . (...) -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000006-00001102-00000002-80641102}.rfx   [16420]
O44 - LFC:[MD5.8829921DCE99C6055DF048A8C054915D] - 02/03/2011 - 12:19:44 PM ---A- . (...) -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000006-00001102-00000002-80641102}.rfx   [16420]
O44 - LFC:[MD5.B546F6882DB99755E95B14FDDC04A58A] - 02/03/2011 - 12:19:44 PM ---A- . (...) -- C:\WINDOWS\System32\settings.sfm   [1080]
O44 - LFC:[MD5.B546F6882DB99755E95B14FDDC04A58A] - 02/03/2011 - 12:19:44 PM ---A- . (...) -- C:\WINDOWS\System32\settingsbkup.sfm   [1080]
O44 - LFC:[MD5.B679A50E1F43C6A798D2B26189ED58B6] - 02/03/2011 - 12:19:43 PM ---A- . (...) -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000006-00001102-00000002-80641102}.dat   [24]
O44 - LFC:[MD5.B679A50E1F43C6A798D2B26189ED58B6] - 02/03/2011 - 12:19:43 PM ---A- . (...) -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000006-00001102-00000002-80641102}.dat   [24]
O44 - LFC:[MD5.83BE5E3285D4072B3B94E9AE3872F40F] - 01/03/2011 - 12:56:09 PM ---A- . (...) -- C:\WINDOWS\setupapi.log   [25838]
O44 - LFC:[MD5.89C1DF2E959BA942F5C9B219AE22F50D] - 03/02/2011 - 10:06:18 PM ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.dat   [7816]


---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Microsoft® Remote Desktop Help Session Manager.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" [Enabled] .(.Unknown owner - No comment.) -- D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\bittorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpvsetup.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay Voice Test.) -- C:\WINDOWS\system32\dpvsetup.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" [Enabled] .(.Microsoft Corporation - Microsoft Flight Simulator.) -- C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Earth\client\googleearth.exe" [Enabled] .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FSFDT\FWInn\FWINN.exe" [Enabled] .(.Unknown owner - FSInn Application.) -- C:\Program Files\FSFDT\FWInn\FWINN.exe
O47 - AAKE:Key Export SP - "C:\Program Files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O47 - AAKE:Key Export SP - "G:\Program Files\Microsoft ActiveSync\rapimgr.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export SP - "G:\Program Files\Microsoft ActiveSync\wcescomm.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export SP - "G:\Program Files\Microsoft ActiveSync\WCESMgr.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Microsoft® Remote Desktop Help Session Manager.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "G:\Program Files\Microsoft ActiveSync\rapimgr.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export DP - "G:\Program Files\Microsoft ActiveSync\wcescomm.exe" [Enabled] Orphean Key
O47 - AAKE:Key Export DP - "G:\Program Files\Microsoft ActiveSync\WCESMgr.exe" [Enabled] Orphean Key


---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll
O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Unknown owner - No comment.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"ctwdm32.dll"="Creative inf(WDM)" . (.Creative Technology Ltd. - Creative WDM Driver.) -- C:\WINDOWS\System32\ctwdm32.dll
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Unknown owner - No comment.) -- (.not file.)


---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM  [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher  [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\avast5  [Key] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O53 - SMSR:HKLM\...\startupreg\DivX Download Manager  [Key] . (.DivX, LLC - DivX Download Manager Service.) -- C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
O53 - SMSR:HKLM\...\startupreg\DivXUpdate  [Key] . (.Unknown owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O53 - SMSR:HKLM\...\startupreg\FSFDTCP  [Key] . (.FS - French Dev Team - FSFDT Control Panel.) -- C:\Program Files\FSFDT\Control Panel\FSFDTCP.exe
O53 - SMSR:HKLM\...\startupreg\Gadwin PrintScreen  [Key] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O53 - SMSR:HKLM\...\startupreg\H/PC Connection Agent  [Key] . (.Unknown owner - No comment.) -- G:\Program Files\Microsoft ActiveSync\wcescomm.exe
O53 - SMSR:HKLM\...\startupreg\Jet Detection  [Key] . (.Unknown owner - Creative JetDetect.) -- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O53 - SMSR:HKLM\...\startupreg\NvCplDaemon  [Key] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O53 - SMSR:HKLM\...\startupreg\NvMediaCenter  [Key] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O53 - SMSR:HKLM\...\startupreg\OpwareSE4  [Key] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
O53 - SMSR:HKLM\...\startupreg\Registry Repair Wizard Scheduler  [Key] . (.SmartPCTools - Registry Repair Wizard Scheduler.) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
O53 - SMSR:HKLM\...\startupreg\Skype  [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O53 - SMSR:HKLM\...\startupreg\SSBkgdUpdate  [Key] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched  [Key] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\TkBellExe  [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O53 - SMSR:HKLM\...\startupreg\UpdReg  [Key] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\WINDOWS\UpdReg.exe
O53 - SMSR:HKLM\...\startupreg\WeatherEye  [Key] . (.Pelmorex Media Inc. - No comment.) -- C:\Documents and Settings\WJA\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O53 - SMSR:HKLM\...\startupreg\WINDVDPatch  [Key] . (.Creative Technology Ltd - CtHelper Application.) -- C:\Windows\System32\CTHELPER.exe


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - DPA Client for 32 bit platforms.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - DPA Client for 32 bit platforms.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1


---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.479C9835B91147BE1A92CB76FAD9C6DE] - 13/01/2011 - 1:37:11 AM ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys   [29392]
O58 - SDL:[MD5.DD8520280304B6145A6BE31008748C7C] - 24/09/2008 - 9:40:22 AM R--A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\alcxwdm.sys   [4122368]
O58 - SDL:[MD5.CBA53C5E29AE0A0CE76F9A2BE3A40D9E] - 13/01/2011 - 1:37:09 AM ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys   [17744]
O58 - SDL:[MD5.701D741F60983B0319560523294E5D5B] - 13/01/2011 - 1:39:50 AM ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys   [94544]
O58 - SDL:[MD5.A1C52B822B7B8A5C2162D38F579F97B7] - 13/01/2011 - 1:40:04 AM ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys   [100176]
O58 - SDL:[MD5.B6E8C5874377A42756C282FAC2E20836] - 13/01/2011 - 1:37:30 AM ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys   [23632]
O58 - SDL:[MD5.B93A553C9B0F14263C8F016A44C3258C] - 13/01/2011 - 1:41:16 AM ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys   [294608]
O58 - SDL:[MD5.1408421505257846EB336FEEEF33352D] - 13/01/2011 - 1:40:16 AM ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys   [47440]
O58 - SDL:[MD5.B562592B7F5759C99E179CA467ECFB4C] - 14/04/2008 - 5:00:00 AM ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\drivers\cinemst2.sys   [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 14/04/2008 - 5:00:00 AM ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys   [11776]
O58 - SDL:[MD5.2F8653034A35526DF88EA0C62B035A42] - 10/03/2010 - 4:25:58 PM ---A- . (.Windows (R) Win 7 DDK provider - CPUID Driver.) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys   [20968]
O58 - SDL:[MD5.4B6096745F72B4FD36514617E2EA5D37] - 19/07/2002 - 10:46:28 AM ---A- . (.Creative Technology Ltd - Creative AC3 SW Decoder Device Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctac32k.sys   [127948]
O58 - SDL:[MD5.3576EC792347ED15699F6D830E0F5437] - 19/07/2002 - 10:47:52 AM ---A- . (.Creative Technology Ltd - Creative WDM Audio Device Driver.) -- C:\WINDOWS\system32\drivers\ctaud2k.sys   [837548]
O58 - SDL:[MD5.7FFA171CCE6A8BFC774862A578BA39A2] - 17/08/2001 - 12:19:28 PM ---A- . (.Creative Technology Ltd. - Creative SB Live! Interface Driver.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys   [6912]
O58 - SDL:[MD5.71007BD2E1E26927FE3E4EB00C0BEEDF] - 17/08/2001 - 12:19:20 PM ---A- . (.Creative Technology Ltd. - Creative Joyport Enabler.) -- C:\WINDOWS\system32\drivers\ctljystk.sys   [3712]
O58 - SDL:[MD5.F29184BDC81C398B6027A67FF6A19895] - 19/07/2002 - 10:48:04 AM ---A- . (.Creative Technology Ltd. - Creative OS Services Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctoss2k.sys   [195432]
O58 - SDL:[MD5.097D42574E3C6D98CD5A2EE7647FA6BF] - 19/07/2002 - 10:48:08 AM ---A- . (.Creative Technology Ltd - Creative Proxy Device Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys   [11068]
O58 - SDL:[MD5.C58A2507EF62B20B9BD670C666088B50] - 19/07/2002 - 10:48:22 AM ---A- . (.Creative Technology Ltd - SoundFont(R) Manager (WDM).) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys   [213860]
O58 - SDL:[MD5.651554E483712B708EDE864D0CA1AA73] - 08/09/2010 - 12:49:51 AM ---A- . (.Phoenix Technologies - DriverAgent Direct I/O for 32-bit Windows.) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys   [23456]
O58 - SDL:[MD5.01F83E1B5DCE05F5CB7D99113CA9E890] - 17/08/2001 - 12:19:26 PM ---A- . (.Creative Technology Ltd. - Creative SB Live! Adapter Driver.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys   [283904]
O58 - SDL:[MD5.A9D94B89372F3F9609A1A5EEC631A260] - 19/07/2002 - 10:48:32 AM ---A- . (.Creative Technology Ltd - E-mu Plug-in Architecture Driver (WDM).) -- C:\WINDOWS\system32\drivers\emupia2k.sys   [156604]
O58 - SDL:[MD5.DC9847CDC43665ED4CC780947516209C] - 24/07/2002 - 1:52:26 PM ---A- . (.Creative Technology Ltd - Creative EMU10KX HAL (WDM).) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys   [998004]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 5:00:00 AM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys   [144384]
O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 6:08:40 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys   [20952]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 6:09:00 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys   [38224]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 14/04/2008 - 5:00:00 AM ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys   [12032]
O58 - SDL:[MD5.ED9816DBAF6689542EA7D022631906A1] - 09/07/2010 - 3:38:00 PM ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys   [10604128]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 5:00:00 AM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys   [17792]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 14/04/2008 - 5:00:00 AM ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys   [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 14/04/2008 - 5:00:00 AM ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys   [12032]
O58 - SDL:[MD5.31C3EBB3A71FE56B8109BFB4ED20AE69] - 31/12/2003 - 10:58:46 AM ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys   [69504]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14/04/2008 - 5:00:00 AM ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys   [20480]
O58 - SDL:[MD5.0B1A5E9CACB5CDD54A2815107BD7C772] - 17/08/2001 - 12:19:34 PM ---A- . (.Creative Technology Ltd. - SoundFont(R) Manager.) -- C:\WINDOWS\system32\drivers\sfmanm.sys   [36480]
O58 - SDL:[MD5.B0ED1300F915817C00FCFD7F84EE1300] - 07/11/2003 - 12:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys   [691696]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 1:48:56 PM ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys   [7168]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 14/04/2008 - 5:00:00 AM ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys   [21376]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 5:00:00 AM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys   [58112]
O58 - SDL:[MD5.4B039BBD037B01F5DB5A144C837F283A] - 02/07/2003 - 4:42:00 AM ---A- . (.VIA Technologies, Inc. - VIA NT AGP Filter.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS   [27904]
O58 - SDL:[MD5.9F3F276C7300ED211129757A411B605F] - 31/03/2006 - 1:18:30 AM ---A- . (.VIA Technologies inc,.ltd - VIA AHCI RAID DRIVER FOR WIN 2000/XP.) -- C:\WINDOWS\system32\drivers\viamraid.sys   [100992]
O58 - SDL:[MD5.C9A8BA443F809B70BCCCCD60CC73FA5C] - 04/08/2003 - 12:29:08 AM ---A- . (.VIA Technologies, Inc. - VIA USB Host Controller Lower Filter Driver.) -- C:\WINDOWS\system32\drivers\vulfnth.sys   [6912]
O58 - SDL:[MD5.2D8C55889616F7767E9FB8ADEE37A02A] - 04/08/2003 - 12:29:32 AM ---A- . (.VIA Technologies, Inc. - VIA USB Roothub Lower Filter Driver.) -- C:\WINDOWS\system32\drivers\vulfntr.sys   [11392]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\country.sys   [27097]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 12:33:26 PM ---A- . (...) -- C:\WINDOWS\system32\giveio.sys   [5248]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\himem.sys   [4768]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\key01.sys   [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys   [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys   [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys   [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys   [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys   [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys   [29146]
O58 - SDL:[MD5.4FE09F868CE65B334B42862C372C69CC] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys   [33840]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys   [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys   [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys   [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 5:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys   [34560]
O58 - SDL:[MD5.5D6401DB90EC81B71F8E2C5C8F0FEF23] - 24/09/2006 - 6:28:46 AM ---A- . (.Windows (R) 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys   [5248]


---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - () - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {18C5C270-3147-4830-8D35-5A583D0F4B07} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {7D6174A9-EAC5-4687-A6AF-9C91ADD56B9A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Secure Search) - http://ca.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} - (Qword) - http://www.qword.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} [DefaultScope] - (Qword) - http://www.qword.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} [DefaultScope] - (Qword) - http://www.qword.com


---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 13/01/2011 40384 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 14/04/2008 224768 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SS - | Disabled 31/08/2010 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/06/2010 136120 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 11/01/2011 153376 |  (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SS - | Demand 15/01/2010 227232 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
SR - | Auto 04/03/2010 71096 |  (NMSAccess) . (.Unknown owner.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 09/07/2010 155752 |  (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/10/2009 583640 |  (PCToolsSSDMonitorSvc) . (.PC Tools.) - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe


---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by Ramessou at 02/03/2011 1:14:58 PM

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spya.sys >>UNKNOWN [0x8A0CF938]<<
spya.sys 
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A017030]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000071[0x8A082F18]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A05F940]
kernel: MBR read successfully
user & kernel MBR OK


---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ramessou at 02/03/2011 1:14:58 PM
Use the desktop link 'MBRCheck' to have full report
Dump file Name : C:\PhysicalDisk0_MBR.bin



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:[MD5.B0ED1300F915817C00FCFD7F84EE1300] - 07/11/2003 - 12:00:00 AM ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys   [691696]


---\\ Infection BT - BHO/Toolbar (Possible)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll
[HKCU\Software\Ask.com]



End of the scan (1235 lines in 46mn AMs)(0)


[Del-crosseur]

Hello ,

Message Blanc

[Skynet]

J'ai corrigé .

@+

[Del-crosseur]

re ,

@Skynet
Merci !

@Sosyyy

La chasse est ouverte !!!

• Télécharge AD-Remover (de C_XX) sur ton Bureau.
/!\ Déconnecte toi et ferme toutes les applications en cours /!\
• Double-clique sur l'icône AD-Remover
• Au menu principal, clique sur "SCAN"
• Confirme le lancement de l'analyse et laisse l'outil travailler
• Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-Scan.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Bonne soirée

[sosyyy]

Merci,

Ca a ete vite cette fois-ci:
Tout a l'air d'etre clean.
Je ne sais pas ce que tu en penses, voici le rapport:

Code: Tout sélectionner

======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 16:41:34 on 02/03/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Ramessou@CALGARY-MASTER ( )
 
============== SEARCH ==============


Folder found: C:\Program Files\Ask.com
Folder found: C:\Documents and Settings\Ramessou\Local Settings\Application Data\AskToolbar

Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key found: HKCU\Software\Ask.com
Key found: HKCU\Software\AskToolbar
Key found: HKU\.DEFAULT\Software\AskToolbar
Key found: HKU\S-1-5-18\Software\AskToolbar
Key found: HKLM\Software\Canneverbe Limited\OpenCandy
Key found: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ClickPotatoLiteSA
Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (en-US)] ****

Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/)
Searchplugins\answers.xml (hxxp://www.answers.com/main/ntquery)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4)
Searchplugins\McSiteAdvisor.xml (   hxxp://ca.search.yahoo.com/search)
Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search)
HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

-- C:\Documents and Settings\Ramessou\Application Data\Mozilla\FireFox\Profiles\pr6rwi4c.default --
Extensions\fr-classique@dictionaries.addons.mozilla.org (Dictionnaire français «Classique»)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} (Flashblock)
Searchplugins\aopa-airports.xml (?)
Prefs.js - browser.download.dir, I:\\DOWNLOAD\\FS2004\\utilitaires
Prefs.js - browser.download.lastDir, I:\\DOWNLOAD\\FS2004\\172 panel
Prefs.js - browser.search.defaultenginename, Secure Search
Prefs.js - browser.search.selectedEngine, Secure Search
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

-- C:\Documents and Settings\Nefertiti\Application Data\Mozilla\FireFox\Profiles\syv0wbxj.default --
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Documents and Settings\WJA\Application Data\Mozilla\FireFox\Profiles\xdilvar6.default --
Extensions\fr-classique@dictionaries.addons.mozilla.org (Dictionnaire français «Classique»)
Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} (Flashblock)
Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Ramessou\\My Documents\\BUSINESS\\LUNY FRENCH\\LUNY ADMIN
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|Search Page - hxxp://www.Google.com/
HKCU_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (x)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} - "Qword" (hxxp://www.qword.com/search.php?q={searchTerms}&s=2)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC)
HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (G:\PROGRA~1\MICROS~1\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 02/03/2011 16:44:28 (6600 Byte(s))

End at: 16:45:40, 02/03/2011
 
============== E.O.F ==============


a bientot

J'ai corrigé .

@+

merci SKYNET. Je ne sais pas ce qui s'est passe...

[Del-crosseur]

re ,

Relance AD-REMOVER puis choisit l'option "Nettoyer"
Ferme toute les applications en cours et ne touche pas au pc afin d'éviter le plantage du programme.
Une fois le nettoyage effectuer , si l'on te propose de redémarrer le pc fais le ! Si pas fais le manuellement...
Tu pourras ensuite retrouver le rapport de nettoyage ici -> C:\Ad-report-Clean[1].txt
Poste le rapport...

Bonne nuit ZzZzZzZz

[Skynet]

De rien.

Je ne sais pas ce qui s'est passe...

Le rapport était juste trop long .

[sosyyy]

Bonjour Del-crosseur, bien dormi?

Voici le rapport d'Ad-remover:

Code: Tout sélectionner

 ======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 02:59:36 on 04/03/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Ramessou@CALGARY-MASTER ( )
 
============== ACTION(S) ==============


Folder deleted: C:\Program Files\Ask.com
Folder deleted: C:\Documents and Settings\Ramessou\Local Settings\Application Data\AskToolbar

(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key deleted: HKCU\Software\Ask.com
Key deleted: HKCU\Software\AskToolbar
Key deleted: HKU\.DEFAULT\Software\AskToolbar
Key deleted: HKLM\Software\Canneverbe Limited\OpenCandy
Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ClickPotatoLiteSA
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (en-US)] ****

Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/)
Searchplugins\answers.xml (hxxp://www.answers.com/main/ntquery)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4)
Searchplugins\McSiteAdvisor.xml (   hxxp://ca.search.yahoo.com/search)
Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search)
HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

-- C:\Documents and Settings\Ramessou\Application Data\Mozilla\FireFox\Profiles\pr6rwi4c.default --
Extensions\fr-classique@dictionaries.addons.mozilla.org (Dictionnaire français «Classique»)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} (Flashblock)
Searchplugins\aopa-airports.xml (?)
Prefs.js - browser.download.dir, I:\\DOWNLOAD\\FS2004\\utilitaires
Prefs.js - browser.download.lastDir, I:\\DOWNLOAD\\FS2004\\172 panel
Prefs.js - browser.search.defaultenginename, Secure Search
Prefs.js - browser.search.selectedEngine, Secure Search
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

-- C:\Documents and Settings\Nefertiti\Application Data\Mozilla\FireFox\Profiles\syv0wbxj.default --
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Documents and Settings\WJA\Application Data\Mozilla\FireFox\Profiles\xdilvar6.default --
Extensions\fr-classique@dictionaries.addons.mozilla.org (Dictionnaire français «Classique»)
Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} (Flashblock)
Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Ramessou\\My Documents\\BUSINESS\\LUNY FRENCH\\LUNY ADMIN
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (x)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} - "Qword" (hxxp://www.qword.com/search.php?q={searchTerms}&s=2)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (G:\PROGRA~1\MICROS~1\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 10 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 04/03/2011 03:06:47 (6391 Byte(s))
C:\Ad-Report-SCAN[1].txt - 02/03/2011 16:44:28 (7443 Byte(s))

End at: 03:08:08, 04/03/2011
 
============== E.O.F ==============


Est-ce que tu y vois quelque chose?

[Del-crosseur]

Bonjour Sosyyy

Très bien et vous ?

Bien sûr , AD-REMOVER a bien travailler
Met à jours <<JaVa>>

Peut tu refaire un ZHPDiag stp...

[sosyyy]

Bonjour Del-croseur

Ca fait longtemps. J'ai ete occupe ces derniers jours.
En tout les cas, merci beaucoup pour le boulot que vous faites.
Merci aussi a pc-infopratique

J'ai un message qui s'affiche a l'ouverture de mon PC depuis un moment:
"One of the files containing the system's Registry data had to be recovered by use of a log or altenate copy. The recovery was successful."

Voici le rapport de ZHPDiag:
http://cjoint.com/?3dhd6oMy8gT

a bientot

[Del-crosseur]

Hello ,

Comment se comporte le pc depuis ??
Il nous reste 3 petite choses à faire avant de boucler le sujet si tous roule bien pour toi
Une fois la désinfection terminé je te dirais dans quelle catégorie du forum poster concernant le message d'erreur que tu rencontre...


***Dans "Programmes" tu as ZHPDiag , cliques dessus pour le lancer
Lorsque la fenêtre de l'interface sera ouverte clique sur cette icône -->
Une nouvelle interface va se présenter (tu seras sur ZHPFix), dans celle-ci applique cette procédure :

• Dans la fenêtre d'application (blanche et vierge) copie et colle ceci dedans :

G0 - GCSP: Preference [User Data\Default][HomePage] http://www.flightplanning.navcanada.ca
O69 - SBI: SearchScopes [HKCU] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} - (Qword) - http://www.qword.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} [DefaultScope] - (Qword) - http://www.qword.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} [DefaultScope] - (Qword) - http://www.qword.com
[HKLM\Software\Florenc]
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Orphean Key
O24 - Default MHTML Editor: Last - .(.Unknown owner - No comment.) - (.not file.)
O4 - HKLM\..\Run: [KernelFaultCheck] Orphean Key
EmptyFlash
Emptytemp

• En haut dans la barre de commandes clique sur --> H
pour activer les lignes Helpers.

***Clique sur "OK", puis sur "Tous", et pour terminer le lancement sur "Nettoyer".
Ne touche pas au pc pendant que ZHPFix travail , risque de plantage du logiciel.
Une fois le Scan terminer , tu obtiendras un rapport de nettoyage.
Poste-moi le rapport.

Ensuite ::

Lance Malwarebytes -> met-le à jours -> effectuer un Scan rapide
Poste le rapport...

Si tout est OK nous passerons à la suppression des programmes qui nous ont servit à la désinfection !!
Bonne soirée