{Rapport] Infection gomeo.. [Résolu]

Bonjour en recherchant comment désinfecter son pc et retirer GOMEO je suis tombé sur aidoweb Ö
J'ai lu les premiers posts de conseil et d'indication de procédure j'ai donc récupéré les deux rapports info et log.

J'aimerais savoir si il étais possible d'avoir votre aide pour évité que mon pc tombe en ruine ; /







Je vous copies les rapports je pense que sa sera plus parlant que d'expliqué le problème : /

LOG :

)\trend micro\Alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [dezpsjl] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll",Tmddtqspa
O4 - HKCU\..\Run: [Ngkbtayuug] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll",rjkel
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe






INFO :
info.txt logfile of random's system information tool 1.08 2011-03-04 11:06:01

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A94000000001}
Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
American McGee's Alice(tm)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
AVG Free 9.0-->C:\Program Files (x86)\AVG\AVG9\setup.exe /UNINSTALL
Browser Configuration Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{5B363E1D-8C36-4458-BAE4-D5081999E094}\setup.exe" -runfromtemp -l0x040c -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Gigabyte Raid Cinfigurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x40c -removeonly
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
K-Lite Mega Codec Pack 6.2.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x040c -removeonly
Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
Left 4 Dead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/500
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect 2-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mozilla Firefox (3.6.14)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
ON_OFF Charge B10.0301.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
RomStation-->C:\Program Files (x86)\RomStation\Uninstal.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Internet TV v8.0 (Premium Edition)-->"C:\Program Files (x86)\Super Internet TV\unins000.exe"
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2492475)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AB9C3240-8F97-4998-8911-3D40044124FC}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{09F56A49-A7B1-4AAB-95B9-D13094254AD1}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======System event log======

Computer Name: PC-de-Alex
Event Code: 10010
Message: Le serveur {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 1305
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100911142457.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Alex
Event Code: 1014
Message: La résolution du nom jfx.sfbay.sun.com a expiré lorsqu’aucun des serveurs DNS configurés n’a répondu.
Record Number: 1298
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100911135417.422016-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: PC-de-Alex
Event Code: 11
Message: Les bibliothèques de liens dynamiques sont chargées pour chaque application. L’administrateur système doit vérifier la liste des bibliothèques pour s’assurer qu’elles sont associées à des applications approuvées.
Record Number: 1186
Source Name: Microsoft-Windows-Wininit
Time Written: 20100911133633.146445-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-Alex
Event Code: 11
Message: Les bibliothèques de liens dynamiques sont chargées pour chaque application. L’administrateur système doit vérifier la liste des bibliothèques pour s’assurer qu’elles sont associées à des applications approuvées.
Record Number: 1104
Source Name: Microsoft-Windows-Wininit
Time Written: 20100911101610.572058-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-Alex
Event Code: 11
Message: Les bibliothèques de liens dynamiques sont chargées pour chaque application. L’administrateur système doit vérifier la liste des bibliothèques pour s’assurer qu’elles sont associées à des applications approuvées.
Record Number: 958
Source Name: Microsoft-Windows-Wininit
Time Written: 20100911100737.034048-000
Event Type: Avertissement
User: AUTORITE NT\Système

=====Application event log=====

Computer Name: PC-de-Alex
Event Code: 11
Message: Fuite de mémoire possible. L’application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 1148) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)]. Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire. L’appel provenait de l’interface avec l’UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (20). Action utilisateur : contactez le fournisseur de l’application pour obtenir une version mise à jour.
Record Number: 490
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100911133834.713057-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE LOCAL

Computer Name: PC-de-Alex
Event Code: 63
Message: Le fournisseur OffProv12 a été inscrit dans l’espace de noms Windows Management Instrumentation Root\MSAPPS12, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 437
Source Name: Microsoft-Windows-WMI
Time Written: 20100911101219.000000-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-Alex
Event Code: 63
Message: Le fournisseur OffProv12 a été inscrit dans l’espace de noms Windows Management Instrumentation Root\MSAPPS12, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 436
Source Name: Microsoft-Windows-WMI
Time Written: 20100911101219.000000-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-Alex
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3588225843-1563516491-1977704300-1000:
Process 416 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3588225843-1563516491-1977704300-1000

Record Number: 184
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100911094446.972831-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-Alex
Event Code: 1008
Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}.

Record Number: 105
Source Name: Microsoft-Windows-Search
Time Written: 20100911094414.000000-000
Event Type: Avertissement
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : Système
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911094002.648460-000
Event Type: Succès de l’audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : 37L4247E29-32$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : Système
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x1d0
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911094002.648460-000
Event Type: Succès de l’audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0
ID de la stratégie : 0x314ba
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911093959.793655-000
Event Type: Succès de l’audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : Système
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x4
Nom du processus :

Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : -
Package d’authentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911093958.218052-000
Event Type: Succès de l’audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911093958.186852-000
Event Type: Succès de l’audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1e05

-----------------EOF-----------------





C'est grave docteur ?

Voici le nouveau rapport fait avec votre tutoriel :



Rapport de ZHPDiag v1.27.1626 par Nicolas Coolman, Update du 01/03/2011
Run by Alex at 04/03/2011 15:23:32
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385

---\\ System Information
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4091 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 743 GB (79%) free of 931 GB

---\\ Logged in mode
Computer Name: PC-DE-ALEX
User Name: Alex
All Users Names: HomeGroupUser$, Alex, Administrateur,
Unselected Option: O1
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\Alex\AppData\Roaming
%LocalAppData%=C:\Users\Alex\AppData\Local
%StartMenu%=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 743 Go of 931 Go)
D:\ CD-ROM drive (Free 0 Go of 1 Go)
E:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 8 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 8 Go)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDD EN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWAL L] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK


---\\ Recherche particulière de fichiers génériques
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 07:34:59.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/12/2010 06:38:22.) -- C:\Windows\System32\wininet.dll [981504]


---\\ Processus lancés
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- C:\Windows\SysWOW64\rundll32.exe [44544]
[MD5.1BAEB483167B1568A0D95437B4B310A3] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2069344]
[MD5.95A7E88A5F4EF79C605413F00A945CD3] - (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320]
[MD5.895A62970833575772FA21B0C54C158D] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe [74752]
[MD5.87FFC1FF3B269FD8E0BB010294B697F6] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [443728]
[MD5.D88135FE55B356618FCCDF1CC5653174] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [912344]
[MD5.2187DD20EFE345C9D8D6859EC2D95975] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]
[MD5.D804D54E70E15078DFF46F9543A5E151] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [632320]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
M2 - MFEP: prefs.js [Alex - 35k8vnfr.default\{5b175400-2368-11de-8c30-0800200c9a66}] [] Oskar v1.9 (.Asker Mager.)
M2 - MFEP: prefs.js [Alex - 35k8vnfr.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)


---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R3 - URLSearchHook: SearchHook Class [64Bits] - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.DeviceVM, Inc. - Browser Configuration Utility Address Bar S.) (1.1.11.0) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1


---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter [64Bits] - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.AVG Technologies CZ, s.r.o. - Safe Search for Internet Explorer.) -- C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (.not file.)
O4 - HKCU\..\Run: [dezpsjl] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.)
O4 - HKCU\..\Run: [Ngkbtayuug] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Wow6432Node\Run: [BCU] . (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (.not file.)
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [dezpsjl] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.)
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [Ngkbtayuug] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Alex\Desktop\JDownloader.lnk . (.AppWork UG (haftungsbeschränkt).) -- C:\Program Files (x86)\JDownloader\JDownloader.exe
O4 - Global Startup: C:\Users\Alex\Desktop\Mes Jeux - Raccourci.lnk . (...) -- C:\Users\Alex\Mes Jeux
O4 - Global Startup: C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - Global Startup: C:\Users\Alex\Desktop\minecraft - Raccourci.lnk . (...) -- C:\Users\Alex\AppData\Roaming\.minecraft\minecraft.jar
O4 - Global Startup: C:\Users\Alex\Desktop\RomStation.lnk . (...) -- C:\Program Files (x86)\RomStation\RomStation.exe
O4 - Global Startup: C:\Users\Alex\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\Alex\Desktop\Super Internet TV.lnk . (.Ahusoft.) -- C:\Program Files (x86)\Super Internet TV\Super Internet TV.exe
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~1\Office12\EXCEL.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{12127297-0F44-4097-9850-F8FBDEE90A2B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12127297-0F44-4097-9850-F8FBDEE90A2B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12127297-0F44-4097-9850-F8FBDEE90A2B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: linkscanner [64Bits] - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} . (.AVG Technologies CZ, s.r.o. - Safe Search pluggable protocol.) -- C:\Program Files (x86)\AVG\AVG9\avgppa.dll
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.AVG Technologies CZ, s.r.o. - Safe Search pluggable protocol.) -- C:\Program Files (x86)\AVG\AVG9\avgppa.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: (avg9emc) . (.AVG Technologies CZ, s.r.o. - AVG E-Mail Scanner.) - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: (avg9wd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: (BCUService) . (.DeviceVM, Inc. - Browser Configuration Utility Auto-recovery.) - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: (JMB36X) . (.Pas de propriétaire - Pas de description.) - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: C:\Windows\system32\drivers\luafv.sys (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: (Steam Client Service) . (.Valve Corporation - Steam Client Service (buildbot_winslave01_s.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: C:\Windows\system32\Wat\WatUX.exe (WatAdminSvc) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\Wat\WatAdminSvc.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (.Pas de propriétaire.) -- C:\Program Files (x86)\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)
[MD5.83A170794F8DF062B02A18B3C72B2827] [APT] [{0C6B1089-97FC-406F-9B76-016D2F3D1696}] (.Skype Technologies S.A..) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{A8359639-CFC1-457B-B84B-872B56CBEBE5}] (.Pas de propriétaire.) -- C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{D973B96B-1E2E-47F3-801B-31D0FF462F77}] (.Pas de propriétaire.) -- C:\Users\Alex\AppData\Roaming\2B7FBA3D15E860C01F75934EEB60D1D6\agibck70dl.exe (.not file.)


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AppleCharger) . (.Pas de propriétaire - Pas de description.) - C:\Windows\System32\DRIVERS\AppleCharger.sys
O41 - Driver: (AvgLdx64) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\Windows\System32\Drivers\avgldx64.sys
O41 - Driver: (AvgMfx64) . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - C:\Windows\System32\Drivers\avgmfx64.sys
O41 - Driver: (AvgTdiA) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\Windows\System32\Drivers\avgtdia.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: AMD Drag and Drop Transcoding - (.ATI Technologies Inc..) [HKLM] -- {28A0318C-B98D-B6B1-64D1-4E4755A8E668}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}
O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM][64Bits] -- {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
O42 - Logiciel: AVG Free 9.0 - (.AVG Technologies.) [HKLM][64Bits] -- AVG9Uninstall
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.2 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: Akamai NetSession Interface - (.Pas de propriétaire.) [HKLM][64Bits] -- Akamai
O42 - Logiciel: American McGee's Alice(tm) - (.Pas de propriétaire.) [HKLM][64Bits] -- {77B5AD60-8F14-11D4-9BC9-0050041A1090}
O42 - Logiciel: Browser Configuration Utility - (.DeviceVM.) [HKLM][64Bits] -- {5B363E1D-8C36-4458-BAE4-D5081999E094}
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {87323561-58BA-4D5B-BADA-A791B69D1705}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
O42 - Logiciel: Gigabyte Raid Cinfigurer - (.GIGABYTE Technologies, Inc..) [HKLM][64Bits] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}
O42 - Logiciel: JDownloader - (.AppWork UG (haftungsbeschränkt).) [HKLM][64Bits] -- JDownloader
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: K-Lite Mega Codec Pack 6.2.0 - (.Pas de propriétaire.) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- {918A9082-6287-4D25-9002-5E5D5E4971CB}
O42 - Logiciel: Left 4 Dead - (.Valve.) [HKLM][64Bits] -- Steam App 500
O42 - Logiciel: Left 4 Dead 2 - (.Valve.) [HKLM][64Bits] -- Steam App 550
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mass Effect 2 - (.Electronic Arts, Inc..) [HKLM][64Bits] -- {75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}
O42 - Logiciel: Microsoft Games for Windows - LIVE - (.Microsoft Corporation.) [HKLM][64Bits] -- {86A4C6D9-29EE-4719-AFA1-BA3341862B83}
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {1FDA5A37-B22D-43FF-B582-B8964050DC13}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Mozilla Firefox (3.6.14) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox (3.6.14)
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
O42 - Logiciel: ON_OFF Charge B10.0301.1 - (.GIGABYTE.) [HKLM][64Bits] -- {3DECD372-76A1-4483-BF10-B547790A3261}
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: Realtek Ethernet Controller Driver For Windows 7 - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: RomStation - (.Pas de propriétaire.) [HKLM][64Bits] -- RomStation
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2416472) - (.Microsoft Corporation.) [HKLM][64Bits] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM][64Bits] -- {981029E0-7FC9-4CF3-AB39-6F133621921A}
O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM][64Bits] -- SpeedFan
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: Super Internet TV v8.0 (Premium Edition) - (.Ahusoft.) [HKLM][64Bits] -- Super Internet TV (Premium Edition)_is1
O42 - Logiciel: Update for 2007 Microsoft Office System (KB2284654) - (.Microsoft.) [HKLM][64Bits] -- {90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2492475) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AB9C3240-8F97-4998-8911-3D40044124FC}
O42 - Logiciel: Visual C++ 8.0 Runtime Setup Package (x64) - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
O42 - Logiciel: Warcraft III - (.Pas de propriétaire.) [HKLM][64Bits] -- Warcraft III
O42 - Logiciel: Warcraft III: All Products - (.Pas de propriétaire.) [HKCU] -- Warcraft III
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM][64Bits] -- Winamp
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM][64Bits] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM][64Bits] -- uTorrent

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5NZQ29B3L2]
[HKCU\Software\AC3filter]
[HKCU\Software\AMD]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Ahusoft]
[HKCU\Software\AppDataLow\Avg]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avg]
[HKCU\Software\Battle.net]
[HKCU\Software\BitTorrent]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\Bugsplat]
[HKCU\Software\CDDB]
[HKCU\Software\ClassesB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\DeviceVM]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\DownloadCenter]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Licenses]
[HKCU\Software\LoLBase]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Pando Networks]
[HKCU\Software\Policies]
[HKCU\Software\Portable Steam Games]
[HKCU\Software\Realtek]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\SpeedFan]
[HKCU\Software\Synthesia]
[HKCU\Software\Sysinternals]
[HKCU\Software\Troika]
[HKCU\Software\Trolltech]
[HKCU\Software\Valve]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wow6432Node]
[HKCU\Software\edjmvqqwdb]
[HKCU\Software\epsxe]
[HKCU\Software\madFlac]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DivX]
[HKLM\Software\Intel]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]


---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/09/2010 - 11:02:52 - [23316093] ----D- C:\Program Files\ATI
O43 - CFD: 11/09/2010 - 11:04:30 - [28] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 11/09/2010 - 11:04:40 - [79116103] ----D- C:\Program Files\Common Files
O43 - CFD: 14/07/2009 - 16:35:28 - [90257428] ----D- C:\Program Files\DVD Maker
O43 - CFD: 11/09/2010 - 10:44:16 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 02/10/2010 - 21:25:36 - [46684] ----D- C:\Program Files\GIGABYTE
O43 - CFD: 13/02/2011 - 23:33:24 - [5174573] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 14/07/2009 - 16:35:26 - [149236786] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 11/09/2010 - 11:10:38 - [594846] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 14/07/2009 - 06:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 02/10/2010 - 21:25:10 - [15150688] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 - [36253865] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 06:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 14/07/2009 - 16:24:10 - [4039168] ----D- C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 16:35:28 - [9224824] ----D- C:\Program Files\Windows Journal
O43 - CFD: 16/12/2010 - 06:45:28 - [6667264] ----D- C:\Program Files\Windows Mail
O43 - CFD: 15/10/2010 - 17:34:10 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 11/09/2010 - 10:44:16 - [12627124] ----D- C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 16:24:10 - [5516568] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 16:24:10 - [7044255] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 11/09/2010 - 11:04:26 - [5695302] ----D- C:\Program Files\WinRAR
O43 - CFD: 11/09/2010 - 11:04:40 - [119048] ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/11/2010 - 00:44:38 - [66375614] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 16:24:10 - [12009971] ----D- C:\Program Files\Common Files\System
O43 - CFD: 18/11/2010 - 15:04:24 - [769] ----D- C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 11/09/2010 - 11:08:02 - [187] ----D- C:\ProgramData\ATI
O43 - CFD: 11/09/2010 - 11:02:50 - [187326226] ----D- C:\ProgramData\avg9
O43 - CFD: 18/09/2010 - 21:11:56 - [133013902] ----D- C:\ProgramData\Blizzard Entertainment
O43 - CFD: 11/09/2010 - 10:44:16 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 25/09/2010 - 08:20:56 - [1636] ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 11/09/2010 - 10:44:16 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 02/10/2010 - 21:25:42 - [187] ----D- C:\ProgramData\InstallShield
O43 - CFD: 01/03/2011 - 23:07:56 - [206105515] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 20/11/2010 - 13:16:40 - [0] ----D- C:\ProgramData\Media Center Programs
O43 - CFD: 11/09/2010 - 10:44:16 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 18/11/2010 - 00:45:02 - [242894208] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 13/02/2011 - 22:04:02 - [58684] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 11/09/2010 - 10:44:16 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 27/10/2010 - 20:46:48 - [477] ----D- C:\ProgramData\PMB Files
O43 - CFD: 11/09/2010 - 14:56:18 - [30400750] ----D- C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 26/02/2011 - 15:53:32 - [81335127] ----D- C:\Users\Alex\AppData\Roaming\.minecraft
O43 - CFD: 01/03/2011 - 22:59:12 - [55444] ----D- C:\Users\Alex\AppData\Roaming\2B7FBA3D15E860C01F75934EEB60D1D6
O43 - CFD: 01/03/2011 - 22:59:06 - [2101251] ----D- C:\Users\Alex\AppData\Roaming\Adobe
O43 - CFD: 11/09/2010 - 11:08:02 - [0] ----D- C:\Users\Alex\AppData\Roaming\ATI
O43 - CFD: 25/09/2010 - 08:24:20 - [97] ----D- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 11/09/2010 - 10:44:42 - [0] ----D- C:\Users\Alex\AppData\Roaming\Identities
O43 - CFD: 27/02/2011 - 09:29:16 - [80012728] ----D- C:\Users\Alex\AppData\Roaming\Kalypso Media
O43 - CFD: 27/10/2010 - 22:37:44 - [0] ----D- C:\Users\Alex\AppData\Roaming\LolClient
O43 - CFD: 11/09/2010 - 10:47:44 - [59853] ----D- C:\Users\Alex\AppData\Roaming\Macromedia
O43 - CFD: 01/03/2011 - 23:08:00 - [4107195] ----D- C:\Users\Alex\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 16:35:06 - [0] ----D- C:\Users\Alex\AppData\Roaming\Media Center Programs
O43 - CFD: 11/09/2010 - 14:40:26 - [74] ----D- C:\Users\Alex\AppData\Roaming\Media Player Classic
O43 - CFD: 19/12/2010 - 22:04:10 - [4176500] -S--D- C:\Users\Alex\AppData\Roaming\Microsoft
O43 - CFD: 11/09/2010 - 14:39:28 - [19803321] ----D- C:\Users\Alex\AppData\Roaming\Mozilla
O43 - CFD: 15/01/2011 - 14:28:30 - [2471] ----D- C:\Users\Alex\AppData\Roaming\RIFT
O43 - CFD: 02/03/2011 - 00:05:42 - [3965623] ----D- C:\Users\Alex\AppData\Roaming\Skype
O43 - CFD: 02/03/2011 - 00:01:38 - [21016] ----D- C:\Users\Alex\AppData\Roaming\skypePM
O43 - CFD: 20/11/2010 - 13:12:26 - [36605] ----D- C:\Users\Alex\AppData\Roaming\Synthesia
O43 - CFD: 08/01/2011 - 18:10:34 - [1906] ----D- C:\Users\Alex\AppData\Roaming\Teeworlds
O43 - CFD: 13/02/2011 - 22:23:12 - [58878231] ----D- C:\Users\Alex\AppData\Roaming\Thinstall
O43 - CFD: 03/03/2011 - 18:39:30 - [3870326] ----D- C:\Users\Alex\AppData\Roaming\uTorrent
O43 - CFD: 04/03/2011 - 12:01:38 - [1658868] ----D- C:\Users\Alex\AppData\Roaming\Winamp
O43 - CFD: 17/09/2010 - 17:30:58 - [1237116] ----D- C:\Users\Alex\AppData\Roaming\WinRAR
O43 - CFD: 18/11/2010 - 15:04:24 - [244719774] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 09/10/2010 - 10:27:32 - [123382454] ----D- C:\Program Files (x86)\AGEIA Technologies
O43 - CFD: 11/09/2010 - 11:04:38 - [550101] ----D- C:\Program Files (x86)\ATI
O43 - CFD: 11/09/2010 - 11:03:50 - [58702867] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 11/09/2010 - 11:02:50 - [99111446] ----D- C:\Program Files (x86)\AVG
O43 - CFD: 26/02/2011 - 21:22:32 - [1322668129] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 25/09/2010 - 08:21:34 - [10308220] ----D- C:\Program Files (x86)\DAEMON Tools Lite
O43 - CFD: 02/10/2010 - 21:22:08 - [1219831] --H-D- C:\Program Files (x86)\DeviceVM
O43 - CFD: 18/02/2011 - 23:21:58 - [653514657] ----D- C:\Program Files (x86)\EA GAMES
O43 - CFD: 02/10/2010 - 21:25:36 - [46684] ----D- C:\Program Files (x86)\GIGABYTE
O43 - CFD: 02/03/2011 - 10:40:10 - [32290472] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 02/10/2010 - 21:22:36 - [96701] ----D- C:\Program Files (x86)\Intel
O43 - CFD: 13/02/2011 - 23:33:24 - [4477221] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 11/09/2010 - 14:53:54 - [87621679] ----D- C:\Program Files (x86)\Java
O43 - CFD: 01/03/2011 - 21:40:28 - [54714725] ----D- C:\Program Files (x86)\JDownloader
O43 - CFD: 11/09/2010 - 11:05:38 - [54898763] ----D- C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 27/02/2011 - 09:26:24 - [129378299] ----D- C:\Program Files (x86)\Kalypso Media
O43 - CFD: 31/12/2010 - 23:49:06 - [0] ----D- C:\Program Files (x86)\LimeWire
O43 - CFD: 03/03/2011 - 15:16:32 - [4945962] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 31/10/2010 - 14:48:24 - [14859302349] ----D- C:\Program Files (x86)\Mass Effect 2
O43 - CFD: 18/11/2010 - 00:36:20 - [9337482] ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
O43 - CFD: 11/09/2010 - 11:12:10 - [308599079] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 18/12/2010 - 10:31:32 - [38361211] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 11/09/2010 - 11:12:10 - [14904] ----D- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 12/09/2010 - 15:57:46 - [3726168] ----D- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 01/10/2010 - 23:28:24 - [8175999] ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 02/03/2011 - 00:38:50 - [31466254] ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 14/07/2009 - 06:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 21/12/2010 - 22:21:10 - [0] ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 27/10/2010 - 20:45:34 - [7367542] ----D- C:\Program Files (x86)\Pando Networks
O43 - CFD: 02/10/2010 - 21:24:18 - [5387151] ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 - [38597377] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 11/11/2010 - 13:41:44 - [5377540056] ----D- C:\Program Files (x86)\RomStation
O43 - CFD: 11/09/2010 - 14:56:26 - [38378705] R---D- C:\Program Files (x86)\Skype
O43 - CFD: 27/10/2010 - 21:02:34 - [5312170] ----D- C:\Program Files (x86)\SpeedFan
O43 - CFD: 03/03/2011 - 03:34:54 - [19092583709] ----D- C:\Program Files (x86)\Steam
O43 - CFD: 16/01/2011 - 09:52:04 - [39865934] ----D- C:\Program Files (x86)\Super Internet TV
O43 - CFD: 02/10/2010 - 21:25:20 - [0] --H-D- C:\Program Files (x86)\Temp
O43 - CFD: 04/03/2011 - 11:06:02 - [799530] ----D- C:\Program Files (x86)\trend micro
O43 - CFD: 14/07/2009 - 05:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 29/12/2010 - 23:31:30 - [395640] ----D- C:\Program Files (x86)\uTorrent
O43 - CFD: 03/03/2011 - 21:15:44 - [1361313741] ----D- C:\Program Files (x86)\Warcraft III
O43 - CFD: 06/11/2010 - 23:02:46 - [36984319] ----D- C:\Program Files (x86)\Winamp
O43 - CFD: 06/11/2010 - 23:02:16 - [132284] ----D- C:\Program Files (x86)\Winamp Detect
O43 - CFD: 14/07/2009 - 16:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 18/11/2010 - 00:45:14 - [61032423] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 16/12/2010 - 06:45:28 - [6180864] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 15/10/2010 - 17:34:10 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 14/07/2009 - 16:24:10 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 14/07/2009 - 16:24:10 - [5994114] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 04/03/2011 - 15:23:36 - [3456554] ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 11/09/2010 - 11:04:40 - [119048] ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/11/2010 - 00:44:38 - [66375614] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 16:24:10 - [12009971] ----D- C:\Program Files\Common Files\System


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.13000000000000000000000038EE1800] - 04/03/2011 - 14:29:08 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1335427]
O44 - LFC:[MD5.39C4D9BC0CBE57906EB8691CFB8082E3] - 04/03/2011 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1647226]
O44 - LFC:[MD5.7A1C6A785FDE1FB95186E528E5E4F016] - 04/03/2011 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [118438]
O44 - LFC:[MD5.DE18B50616CED4B55F3F827ABAB54609] - 04/03/2011 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [146006]
O44 - LFC:[MD5.A16E0F84FD3D171F15CCEED1500291B1] - 04/03/2011 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [647308]
O44 - LFC:[MD5.6A277EE4CAA12112D1F1436E7FAFC1B4] - 04/03/2011 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [740196]
O44 - LFC:[MD5.DCD620548C2EEBFCBFF40C928B93336B] - 04/03/2011 - 10:20:11 ---A- . (...) -- C:\Windows\setupact.log [75081]
O44 - LFC:[MD5.B2B40D8D9137818A0AC3B4C807F71B37] - 04/03/2011 - 10:20:09 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.33DCE519951A06370269C4882091CA5E] - 04/03/2011 - 07:53:38 ---A- . (...) -- C:\Windows\PFRO.log [13960]
O44 - LFC:[MD5.8930E9C5774AE2E5F96E7CE9E76A9415] - 02/03/2011 - 10:59:12 ---A- . (...) -- C:\Windows\DirectX.log [210640]
O44 - LFC:[MD5.39C4D9BC0CBE57906EB8691CFB8082E3] - 28/02/2011 - 03:01:44 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1625012]
O44 - LFC:[MD5.B2B5DEDF29FE0F698ED3257F9EF935C9] - 14/02/2011 - 07:16:35 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [342064]
O44 - LFC:[MD5.158D85C26868E8A9903A726CE145F66B] - 13/02/2011 - 11:52:58 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.158D85C26868E8A9903A726CE145F66B] - 13/02/2011 - 11:52:58 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.BF973CEDCD012D23F194BBF0A9B218E6] - 13/02/2011 - 11:52:58 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [366080]
O44 - LFC:[MD5.BF973CEDCD012D23F194BBF0A9B218E6] - 13/02/2011 - 11:52:58 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [294400]
O44 - LFC:[MD5.E15B492959DFABC12AA4CA070B38F21A] - 31/07/2000 - 13:28:00 ---A- . (...) -- C:\Windows\SysNative\binkw32.dll [286208]


---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.371C35D41871390FCEA2058DBF0938AE] - 03/03/2011 - 14:42:47 ---A- - C:\Windows\Prefetch\SKYPENAMES2.EXE-007BB088.pf
O45 - LFCP:[MD5.236B677D8FC7E85FA8F98574A1D95F98] - 04/03/2011 - 09:31:22 ---A- - C:\Windows\Prefetch\AVGUPD.EXE-506A94F9.pf
O45 - LFCP:[MD5.B331B477EC00299E0EE40B51BA7CC59A] - 04/03/2011 - 09:31:46 ---A- - C:\Windows\Prefetch\FIXCFG.EXE-8CB69F19.pf
O45 - LFCP:[MD5.992ECDE2B868578FA46826B242D43545] - 04/03/2011 - 09:31:48 ---A- - C:\Windows\Prefetch\AVGSRMAA.EXE-B5E63998.pf
O45 - LFCP:[MD5.D5FFD4D1972C0CEB9C1E8EB1CA868CFB] - 04/03/2011 - 10:18:11 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.1F27142E5622EDE4B71B0E54A3B6128C] - 04/03/2011 - 10:19:19 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.1B3B4665C2AEEE9000C1FF0FB778D002] - 04/03/2011 - 10:19:22 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.65AA8837E73B63741DFCB890B4BDFC28] - 04/03/2011 - 10:20:59 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
O45 - LFCP:[MD5.C8FC92B695958301395DA4A7F83EEBB7] - 04/03/2011 - 10:21:06 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf
O45 - LFCP:[MD5.CEAB3FA66DDDD972546FBD7C38BE86D1] - 04/03/2011 - 10:21:16 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
O45 - LFCP:[MD5.541232939BEA7F9689CE30A392F4659C] - 04/03/2011 - 10:22:22 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.7986513E0B300ED193865EF1C52EB5D5] - 04/03/2011 - 10:22:22 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.39585AAF33C5F8BD0A80BE8C92B25F2B] - 04/03/2011 - 10:24:28 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.8D88D183BFABB747F5AC565569661B9E] - 04/03/2011 - 10:33:18 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.80D79D454D6B15942112BE36AB61A385] - 04/03/2011 - 10:35:22 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E7777CC4.pf
O45 - LFCP:[MD5.630AB6A17D4111752A3390AE941B447F] - 04/03/2011 - 11:05:57 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
O45 - LFCP:[MD5.3C3E0CF6AE26A06601F2642BA898A5C8] - 04/03/2011 - 11:20:47 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.8CF188B46C0BEAC78519F79552B22FB3] - 04/03/2011 - 11:44:20 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf
O45 - LFCP:[MD5.90691AD80933AC85DD63CD5E41BFC96E] - 04/03/2011 - 12:01:41 ---A- - C:\Windows\Prefetch\WINAMP.EXE-015FB5E1.pf
O45 - LFCP:[MD5.054B7D0503132E90CFD7950E73C3F134] - 04/03/2011 - 12:01:50 ---A- - C:\Windows\Prefetch\MPC-HC.EXE-69B90F3F.pf
O45 - LFCP:[MD5.541955D0C77F428932A9E8E79280A5C2] - 04/03/2011 - 12:16:07 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.FFC7A2D9367202AAFE7FAF9886EDEA7D] - 04/03/2011 - 12:16:07 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.8FCF80900D959E2910B3CF0B3EDEB0C0] - 04/03/2011 - 12:16:07 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.8944FDC1138A046ADEAA84025F9D54C9] - 04/03/2011 - 12:16:07 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.387B8735849FA85312D749DA7762CBD9] - 04/03/2011 - 13:23:25 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.E0EB21C4D5AC07E870F6BF624AF073AB] - 04/03/2011 - 13:23:36 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
O45 - LFCP:[MD5.8D76DDE815A628B62CFE4149FB4C2473] - 04/03/2011 - 13:33:31 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.DF03DD617AE9D51967A91535A56F5EAF] - 04/03/2011 - 13:33:32 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.94987CCDE7230A2433612BCA9A965A41] - 04/03/2011 - 13:34:25 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.E844A4303A65F3E932718017D0A44BE0] - 04/03/2011 - 14:57:51 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3588225843-1563516491-1977704300-1000.db
O45 - LFCP:[MD5.F71FD6493FEC107955B17A12C1E4F229] - 04/03/2011 - 14:57:51 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3588225843-1563516491-1977704300-1000.db
O45 - LFCP:[MD5.B04483784914953CDBF15BAD73EFFDB3] - 04/03/2011 - 15:01:17 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.550169CD0B22791246559E5782765AE0] - 04/03/2011 - 15:10:23 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.751D79F4A69F88A25CD8BC4CE234B586] - 04/03/2011 - 15:10:25 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.1C30DD239DBFDD66DA0B445CBCA51F48] - 04/03/2011 - 15:10:25 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.53B691790078DE999EBAF121D6DF1535] - 04/03/2011 - 15:11:51 ---A- - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf
O45 - LFCP:[MD5.87B5E7881D960F9C448F55D830611FFB] - 04/03/2011 - 15:12:06 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-26889C1A.pf
O45 - LFCP:[MD5.A24EEC9CEB07258EBF05F413B657978E] - 04/03/2011 - 15:12:09 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-44CAF82C.pf
O45 - LFCP:[MD5.3688B3CA674932CCD1018228C416F3F5] - 04/03/2011 - 15:12:09 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-8E1C4552.pf
O45 - LFCP:[MD5.BA90E99397BF0176288846384101C870] - 04/03/2011 - 15:13:53 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
O45 - LFCP:[MD5.09C0F37E8668A504352AD9B0C7AD380D] - 04/03/2011 - 15:16:16 ---A- - C:\Windows\Prefetch\LADS.EXE-046BC4A8.pf
O45 - LFCP:[MD5.3A923245BBEF024CC737AC957B9C64B2] - 04/03/2011 - 15:16:17 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-AB0CE9D9.pf
O45 - LFCP:[MD5.7B48DF3F1554B7873A6A7FB1B7266E35] - 04/03/2011 - 15:16:18 ---A- - C:\Windows\Prefetch\SETACL.EXE-82C2BC90.pf
O45 - LFCP:[MD5.A825DCAB17892A2C317372223409011E] - 04/03/2011 - 15:19:06 ---A- - C:\Windows\Prefetch\SIGCHECK.EXE-F42FC051.pf
O45 - LFCP:[MD5.F1AEBFAD98247A0C1A8BCC45C8ECDB17] - 04/03/2011 - 15:20:58 ---A- - C:\Windows\Prefetch\JAVA.EXE-873AF69D.pf
O45 - LFCP:[MD5.5438D1F8DF4D5EFE1C585D2998DCAC30] - 04/03/2011 - 15:20:58 ---A- - C:\Windows\Prefetch\JP2LAUNCHER.EXE-188A8849.pf
O45 - LFCP:[MD5.32011704D984B30B11C4002F59B11C33] - 04/03/2011 - 15:21:07 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-7105D3A2.pf
O45 - LFCP:[MD5.703A0A6A39AF2B42C192000F501D5DDA] - 04/03/2011 - 15:22:41 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.4CF8911929B057010E2E47D9254574AA] - 04/03/2011 - 15:22:49 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-37549B7E.pf
O45 - LFCP:[MD5.7150F44EBEE195AE1F4EF88E7A4FB5D8] - 04/03/2011 - 15:23:17 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.59ACFBFB0EC5AB4641F0A46A112C88B2] - 04/03/2011 - 15:23:22 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
O45 - LFCP:[MD5.89577949D9F47D82D79E515961A8963F] - 04/03/2011 - 15:23:28 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf
O45 - LFCP:[MD5.C721FE35A241626293FAC5C898A5F7BD] - 04/03/2011 - 15:23:35 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.313A4E1D91492950EF0E850C45099D04] - 04/03/2011 - 15:23:35 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.6F68ECD602552931CEA9334A13612827] - 04/03/2011 - 15:23:35 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
O45 - LFCP:[MD5.25C1CDED15AFC47FD250AE26D889E4FB] - 04/03/2011 - 15:23:47 ---A- - C:\Windows\Prefetch\AVGCMGR.EXE-AA8B3C19.pf
O45 - LFCP:[MD5.466FCDAC2A4F9BF53040876AB883458A] - 25/02/2011 - 18:16:49 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.192E7B7836420B9984C5F999B0E2ED42] - 28/02/2011 - 17:31:54 ---A- -

Excusez-moi je me suis endormi devant mon pc : /
(Oui manque de sommeil : /)

voila le rapport ( complet j'éspére ) :

http://cjoint.com/data1/1deuGZsqYu8.htm

Voila désoler j'ai supprimé tout mes torrents et cracks (sauf 1 qui se trouve dans Alex/AppData/Roaming)

Voici le nouveau rapport :

http://cjoint.com/data1/1dexDKryoKc.htm

Je demendais.. Les cracks endommagent-ils le PC ?

Merci pour vos liens je vais regarder



1) J'ai réussi a désinstaller la toolbar skype sans problème.


2) Voici le rapport de systemlook :

SystemLook 04.09.10 by jpshortstuff
Log created at 12:32 on 05/03/2011 by Alex
Administrator - Elevation successful

No Context: Instructions:

========== dir ==========

C:\Users\Alex\AppData\Roaming\2B7FBA3D15E860C01F75934EEB60D1D6 - Parameters: "/s"

---Files---
enemies-names.txt --a---- 28842 bytes [21:59 01/03/2011] [21:59 01/03/2011]
local.ini --a---- 26602 bytes [21:59 01/03/2011] [21:59 01/03/2011]

No folders found.

-= EOF =-




3) Scan de C:/PhysicalDisk0_MBR.bin

http://www.virustotal.com/file-scan/report.html?id=defa2fe7187b6457a5059d71c635182d1be5cfc35daece1a0857e8df13321e2f-1299325211#



4) Voici la rapport du correctif :

http://cjoint.com/data1/1dfngRm8nHL.htm



5) EmptyTemp utilisé.



6) Rapport de Malware's bytes


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5962

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05/03/2011 13:18:10
mbam-log-2011-03-05 (13-18-10).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 159792
Temps écoulé: 1 minute(s), 40 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)




7) Rapport de Eset :

Je n'arrive pas a me rendre sur le site en question.. Erreur du chargement de la page a chaque fois : /

Arf désoler : /

voila j'espère que je ne me suis pas planté à nouveau >< (je suppose que tu voulais dire ça !! winx )

Rapport de ZHPFix 1.12.3256 par Nicolas Coolman, Update du 23/02/2011
Fichier d'export Registre : C:\ZHPExportRegistry-05-03-2011-13-26-42.txt
Run by Alex at 05/03/2011 13:26:42
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
HKCU\Software\5NZQ29B3L2 => Clé absente
HKCU\Software\edjmvqqwdb => Clé absente

========== Valeur(s) du Registre ==========
O4 - HKCU\..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (.not file.) => Valeur absente
O4 - HKCU\..\Run: [dezpsjl] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.) => Valeur absente
O4 - HKCU\..\Run: [Ngkbtayuug] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.) => Valeur absente
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (.not file.) => Valeur absente
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [dezpsjl] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.) => Valeur absente
O4 - HKUS\S-1-5-21-3588225843-1563516491-1977704300-1000\..\Run: [Ngkbtayuug] rundll32 "C:\Users\Alex\AppData\Roaming\KBDIT142U.dll (.not file.) => Valeur absente

========== Fichier(s) ==========
c:\program files (x86)\uniblue\registrybooster\launcher.exe => Supprimé et mis en quarantaine
c:\users\alex\appdata\roaming\kbdit142u.dll => Supprimé et mis en quarantaine
c:\users\alex\appdata\roaming\2b7fba3d15e860c01f75934eeb60d1d6\agibck70dl.exe (.not file.) => Fichier absent

========== Tache planifiée ==========
Task : {D973B96B-1E2E-47F3-801B-31D0FF462F77} => Tache absente


========== Récapitulatif ==========
2 : Clé(s) du Registre
6 : Valeur(s) du Registre
3 : Fichier(s)
1 : Tache planifiée


End of the scan

Bonjour

Et bien étrangement j'ai pu lancer ESET aujourd'hui.. Voici la rapport :

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=94b40b0a6aa1fe4aa3faa1481990417b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-06 04:14:52
# local_time=2011-03-06 05:14:52 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 195791 195791 0 0
# compatibility_mode=1024 16777215 100 0 15225982 15225982 0 0
# compatibility_mode=5893 16776574 100 94 15226606 51840303 0 0
# compatibility_mode=8192 67108863 100 0 3720 3720 0 0
# scanned=174614
# found=2
# cleaned=0
# scan_time=2753
C:\Users\Alex\AppData\Roaming\2B7FBA3D15E860C01F75934EEB60D1D6\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (impossible de nettoyer) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Roaming\2B7FBA3D15E860C01F75934EEB60D1D6\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (impossible de nettoyer) 00000000000000000000000000000000 I


Je ne serais plus là à partir de lundi car en semaine je ne suis plus chez moi et je n'ai plus accès a internet. Ne clôturez pas le sujet s'il vous plaît !

re,

pas de panique le sujet restera ouvert....