---\\ Web Browser

nebraskaslowSoftware and s/w Development

Oct 31, 2013 (3 years and 9 months ago)

374 views

Rapport de ZHPDiag v1.30.17 par Nicolas Coolman, Update du 25/04/2012

Run by ROTH at 25/04/2012 21:17:26

Web site : http://www.premiumorange.com/zeb
-
help
-
process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

State : Version à jour.



---
\
\

W
eb Browser

MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

MFIE: Mozilla Firefox 11.0 v11.0

GCIE: Google Chrome v18.0.1025.162


---
\
\

Windows Product Information

~ Langage: Français

Windows XP Professional Service Pack 2 (Build 2600)

Windows Automatic Upd
ates : OK

Windows Genuine Advantage : OK


---
\
\

System Information

~ Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1535 MB (50% free)

System Restore: Activé (Enable)

System

drive C: has 16 GB (21%) free of 76 GB


---
\
\

Logged in mode

~ Computer Name: XPSP2
-
1593B48D5

~ User Name: ROTH

~ All Users Names: SUPPORT_388945a0, ROTH, HelpAssistant, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O82,O89

Logged in as Admini
strator


---
\
\

Environnement Variables

~ System Unit : C:
\

~ %AppData% : C:
\
Documents and Settings
\
ROTH
\
Application Data
\

~ %Desktop% : C:
\
Documents and Settings
\
ROTH
\
Bureau
\

~ %Favorites% : C:
\
Documents and Settings
\
ROTH
\
Favoris
\

~ %LocalAppData% : C:
\
Doc
uments and Settings
\
ROTH
\
Local Settings
\
Application Data
\

~ %StartMenu% : C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\

~ %Windir% : C:
\
WINDOWS
\

~ %System% : C:
\
WINDOWS
\
system32
\


---
\
\

DOS/Devices

C:
\

Hard drive, Flash drive, Thumb drive (Free 16 Go of 76

Go)

D:
\

CD
-
ROM drive (Free 0 Go of 1 Go)

F:
\

Floppy drive, Flash card reader, USB Key (Not Inserted)

G:
\

Floppy drive, Flash card reader, USB Key (Not Inserted)

H:
\

Floppy drive, Flash card reader, USB Key (Not Inserted)

I:
\

Floppy drive, Flash card reade
r, USB Key (Not Inserted)




---
\
\

Security Center & Tools Informations

[HKLM
\
SOFTWARE
\
Microsoft
\
Security Center] AntiVirusOverride: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Security Center] AntiVirusDisableNotify: Modified

[HKLM
\
SOFTWARE
\
Microsoft
\
Security Center] Fir
ewallDisableNotify: Modified

[HKLM
\
SOFTWARE
\
Microsoft
\
Security Center] FirewallOverride: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Security Center] UpdatesDisableNotify: Modified

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Advanced
\
Folder
\
Hidden
\
NOHIDDEN] C
heckedValue: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Advanced
\
Folder
\
Hidden
\
SHOWALL] CheckedValue: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Associations] Application: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Associations] Intl: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Associations] XMLLookup: OK

[HKLM
\
SOFTWARE
\
Microsoft
\
Windows NT
\
CurrentVersion
\
Winlogon] Shell: OK

[HKCU
\
SOFTWARE
\
Microsoft
\
Windows NT
\
CurrentVersion
\
Windows] Load: O
K

~ Scan Security Center in 00mn 00s




---
\
\

Recherche particulière de fichiers génériques

[MD5.2A7BD330924252A2FD80344FC949BB72]
-

(.Microsoft Corporation
-

Explorateur Windows.)
(.19/08/2004
-

15:09:54.)
--

C:
\
WINDOWS
\
Explorer.exe [1036288]

[MD5.6CE32F7
778061CCC5814D5E0F282D369]
-

(.Microsoft Corporation
-

Internet Extensions for Win32.) (.08/03/2009
-

03:34:58.)
--

C:
\
WINDOWS
\
system32
\
wininet.dll [914944]

[MD5.123EEA158F74D0F67A51DCDF065D1091]
-

(.Microsoft Corporation
-

Application d'ouverture de sessi
on Windows NT.)
(.19/08/2004
-

15:10:06.)
--

C:
\
WINDOWS
\
system32
\
Winlogon.exe [506368]

[MD5.5AC495F4CB807B2B98AD2AD591E6D92E]
-

(.Microsoft Corporation
-

Ancillary Function Driver for WinSock.) (.03/08/2004
-

22:14:16.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
AFD.s
ys [138496]

[MD5.CDFE4411A69C224BD1D11B2DA92DAC51]
-

(.Microsoft Corporation
-

IDE/ATAPI Port Driver.) (.03/08/2004
-

21:59:44.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
atapi.sys [95360]

[MD5.CD7D5152DF32B47F4E36F710B35AAE02]
-

(.Microsoft Corporation
-

CD
-
ROM File

System Driver.) (.03/08/2004
-

22:14:12.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Cdfs.sys [63744]

[MD5.AF9C19B3100FE010496B1A27181FBF72]
-

(.Microsoft Corporation
-

SCSI CD
-
ROM Driver.) (.03/08/2004
-

21:59:54.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Cdrom.sys [49536]

[M
D5.8B121FF880683607AB2AEF0340721718]
-

(.Microsoft Corporation
-

Pilote de cryptographie FIPS.) (.24/08/2001
-

12:00:00.)
-
-

C:
\
WINDOWS
\
system32
\
Drivers
\
Fips.sys [35072]

[MD5.D1EFCBD693B5BA21314D06368C471070]
-

(.Microsoft Corporation
-

Pilote de port i804
2.)
(.19/08/2004
-

14:56:40.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
i8042prt.sys [54400]

[MD5.F8AA320C6A0409C0380E5D8A99D76EC6]
-

(.Microsoft Corporation
-

IMAPI Kernel Driver.) (.03/08/2004
-

22:00:16.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Imapi.sys [41856]

[MD5.51916
73215C91FF13CEAA83EF8E9653F]
-

(.Microsoft Corporation
-

IP Network Address Translator.) (.05/11/2006
-

20:04:37.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
IpNat.sys [134912]

[MD5.64537AA5C003A6AFEEE1DF819062D0D1]
-

(.Microsoft Corporation
-

IPSec Driver.) (.03/08/2
004
-

22:14:30.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
IPSec.sys [74752]

[MD5.3ECC5F53A627B28A23AA7CC8C9376DB4]
-

(.Microsoft Corporation
-

Windows NT SMB Minirdr.) (.05/11/2006
-

20:07:03.)
-
-

C:
\
WINDOWS
\
system32
\
Drivers
\
MRxSmb.sys [454656]

[MD5.0C80E410CD2F4713
4407EE7DD19CC86B]
-

(.Microsoft Corporation
-

MBT Transport driver.) (.03/08/2004
-

22:14:38.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
netBT.sys [162816]

[MD5.B78BE402C3F63DD55521F73876951CDD]
-

(.Microsoft Corporation
-

NT File System Driver.) (.03/08/2004
-

22:15
:10.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ntfs.sys [574592]

[MD5.318696359AC7DF48D1E51974EC527DD2]
-

(.Microsoft Corporation
-

Pilote de port parallèle.) (.05/11/2006
-

20:15:16.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Parport.sys [80384]

[MD5.98FAEB4A4DCF812BA1C6FCA4A
A3E115C]
-

(.Microsoft Corporation
-

RAS L2TP mini
-
port/call
-
manager driver.)
(.03/08/2004
-

22:14:24.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Rasl2tp.sys [51328]

[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD]
-

(.Microsoft Corporation
-

Microsoft RDP Device redirector.)
(.03/08/2004
-

17:01:16.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
rdpdr.sys [196864]

[MD5.2CC30B68DD62B73D444A41322CD7FC4C]
-

(.Microsoft Corporation
-

Pilote de filtre audio Livre rouge.) (.19/08/2004
-

11:54:52.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
redbook.sys [58496]

[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7]
-

(.Microsoft Corporation
-

Pilote de cliché instantané du volume.)
(.19/08/2004
-

14:59:14.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
volsnap.sys [53376]

~ Scan Generic Processes in 00mn 00s




---
\
\

Etat des fichiers cachés
(Caché/Total)

~ Mes images (My Pictures) : Non accessible (Not found)

~ Mes musiques (My Musics) : 17/344

~ Mes Videos (My Videos) : Non accessible (Not found)

~ Mes Favoris (My Favorites) : 2/148

~ Mes Documents (My Documents) : 307/11272

~ Mon Bureau (My

Desktop) : 9/19925

~ Menu demarrer (Programs) : 7/66

~ Scan Hidden Files in 00mn 43s




---
\
\

Processus lancés

[MD5.39BE36B74B2D17B336146E82373E0396]
-

(.ATI Technologies Inc.
-

ATI External Event Utility EXE Module.)
--

C:
\
WINDOWS
\
system32
\
Ati2evxx.exe

[446464] [PID.]

[MD5.4041D31508A2A084DFB42C595854090F]
-

(.AVAST Software
-

avast! Service.)
--

C:
\
Program Files
\
AVAST
Software
\
Avast
\
AvastSvc.exe [44768] [PID.]

[MD5.46EE79E42E5E056E91EA4EB07E7B807A]
-

(.NVIDIA Corporation
-

NVIDIA nForce Mixer Tray Ap
plication.)
--

C:
\
Program
Files
\
NVIDIA Corporation
\
NvMixer
\
NVMixerTray.exe [131072] [PID.]

[MD5.5BA8A7DA5D0573F7923E02B260AAD2F1]
-

(.Logitech Inc.
-

LVCom Server.)
--

C:
\
WINDOWS
\
system32
\
LVCOMSX.exe
[221184] [PID.]

[MD5.B114DB354D13A21C1AC2B1807EE2F50
0]
-

(.RealNetworks, Inc.
-

RealNetworks Scheduler.)
--

C:
\
Program
Files
\
Real
\
RealPlayer
\
update
\
realsched.exe [273544] [PID.]

[MD5.B8E421C0890356CD4A793D8A346D9096]
-

(.Adobe Systems Incorporated
-

Adobe Reader and Acrobat Manager.)
--

C:
\
Program Files
\
F
ichiers communs
\
Adobe
\
ARM
\
1.0
\
AdobeARM.exe [843712] [PID.]

[MD5.C5F1D82D9CC8979971CC748FCB2EE7CA]
-

(.Lavasoft
-

Ad
-
Aware Browsing Protection.)
--

C:
\
Documents and Settings
\
All
Users
\
Application Data
\
Ad
-
Aware Browsing Protection
\
adawarebp.exe [198032]
[PID.]

[MD5.782FEF655DBF8653C9F2722BEBF7A8A6]
-

(.AVAST Software
-

avast! Antivirus.)
--

C:
\
Program Files
\
AVAST
Software
\
Avast
\
avastUI.exe [4241512] [PID.]

[MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44]
-

(.Pas de propriétaire
-

DivX Update.)
--

C:
\
Program Files
\
DivX
\
DivX
Update
\
DivXUpdate.exe [1259376] [PID.]

[MD5.84B62A6221E30488FE3470FB0EF929B4]
-

(.Nero AG
-

Nero Home.)
--

C:
\
Program Files
\
Fichiers
communs
\
Ahead
\
Lib
\
NMBgMonitor.exe [94208] [PID.]

[MD5.08FC1FAD357F053043016597B6559BDC]
-

(.Safer Networking

Limited
-

System settings protector.)
--

C:
\
Program
Files
\
Spybot
-

Search & Destroy
\
TeaTimer.exe [2156368] [PID.]

[MD5.E616A6A6E91B0A86F2F6217CDE835FFE]
-

(.Google Inc.
-

GoogleToolbarNotifier.)
--

C:
\
Program
Files
\
Google
\
GoogleToolbarNotifier
\
GoogleToo
lbarNotifier.exe [68856] [PID.]

[MD5.660A60936E67C926FA9860356CF48EB8]
-

(.Beepa P/L
-

Fraps.)
--

C:
\
PROGRAM FILES
\
FRAPS.exe [1031848] [PID.]

[MD5.334CCEA05934B9A00C591E2AC2213CE9]
-

(.PIXELA CORPORATION
-

ImageMixer Menu.)
--

C:
\
Documents and
Settings
\
ROTH
\
Mes documents
\
Logiciels
\
video
\
Camescope
\
IMx3Launcher.exe [1871872] [PID.]

[MD5.0A5709543986843D37A92290B7838340]
-

(.Sun Microsystems, Inc.
-

Java(TM) Quick Starter Service.)
--

C:
\
Program
Files
\
Java
\
jre6
\
bin
\
jqs.exe [153376] [PID.]

[MD5.11F714F8
5530A2BD134074DC30E99FCA]
-

(.Microsoft Corporation
-

Machine Debug Manager.)
--

C:
\
Program Files
\
Fichiers
communs
\
Microsoft Shared
\
VS7DEBUG
\
MDM.exe [322120] [PID.]

[MD5.831883B107684301F48ACE752C963984]
-

(...)
--

C:
\
WINDOWS
\
system32
\
PnkBstrA.exe [668
72] [PID.]

[MD5.637F2BDC0E53704D121DDD27A1F62090]
-

(.Mozilla Corporation
-

Firefox.)
--

C:
\
Program Files
\
Mozilla Firefox
\
firefox.exe
[924600] [PID.]

[MD5.1AA987A15080E19E83F0872F8FC0FFC2]
-

(.Mozilla Corporation
-

Plugin Container for Firefox.)
--

C:
\
Pr
ogram Files
\
Mozilla
Firefox
\
plugin
-
container.exe [16824] [PID.]

[MD5.B4DAFB3C1E8D616761167F93065223C8]
-

(...)
--

C:
\
Program Files
\
ZHPDiag
\
ZHPDiag.exe [4509184] [PID.]

[MD5.B43CC0F07752D456038CD0268E4D84E9]
-

(.Microsoft Corporation
-

Application Layer

Gateway Service.)
--

C:
\
WINDOWS
\
System32
\
alg.exe [44544] [PID.]

~ Scan Processes Running in 00mn 01s




---
\
\

Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Google
\
Chrome
\
User Data
\
Default
\
Preferences

G1
-

GCS: Preference [User Data
\
Default] None

G0
-

GCSP: Preference [User Data
\
Default][HomePage] http://www.google.com

G2
-

GCE: Preference [User Data
\
Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extens
ion v.1.4
(Activé)

~ Scan Google Browser in 00mn 00s




---
\
\

Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions
(P2,M0,M1,M2,M3)

C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Mozilla
\
Firefox
\
Profiles
\
57a3gavs.default
\
prefs.js

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Documents and Settings
\
ROTH
\
Application
Data
\
Mozilla
\
Firefox
\
Profiles
\
57a3gavs.default
\
searchplugins
\
bing.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Documents and Settings
\
ROTH
\
Application
Data
\
Mozilla
\
Firefox
\
Profiles
\
57a3gavs.default
\
searchplugin
s
\
LiveSearch.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Documents and Settings
\
ROTH
\
Application
Data
\
Mozilla
\
Firefox
\
Profiles
\
57a3gavs.default
\
searchplugins
\
SearchTheWeb.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
amazon
-
fr
ance.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
bing.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
cnrtl
-
tlfi
-
fr.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
eBay
-
france.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
google.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
SearchTheWeb.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program
Files
\
Mozilla FireFox
\
searchplugins
\
wikipedia
-
fr.xml

M3
-

MFPP: Plugins
-

[ROTH]
--

C:
\
Program Files
\
Mozilla FireFox
\
searchplugins
\
yahoo
-
france.xml

M0
-

MFSP: prefs.js [ROTH
-

57a3gavs.default] www.google.fr

M2
-

MFEP: prefs.js [SUPPORT_388945a0
-

57a3gavs
.default
\
{3112ca9c
-
de6d
-
4884
-
a869
-
9855de68056c}] [] Google Toolbar for
Firefox v7.1.20101113Wb1 (.Google Inc..)

M2
-

MFEP: prefs.js [SUPPORT_388945a0
-

57a3gavs.default
\
{4d51f677
-
2a0b
-
43e2
-
b444
-
a2b384d24b91}] [] SFT_France
Community Toolbar v3.12.2.3 (.Con
duit Ltd..)

M2
-

MFEP: prefs.js [SUPPORT_388945a0
-

57a3gavs.default
\
{b9db16a4
-
6edc
-
47ec
-
a1f4
-
b86292ed211d}] [dwhelper]
DownloadHelper v4.9.9 (.Michel Gutierrez.)

M2
-

MFEP: prefs.js [SUPPORT_388945a0
-

57a3gavs.default
\
{C9B68337
-
E93A
-
44EA
-
94DC
-
CB300EC0644
4}] [] IMinent Toolbar
v4.20.0 (.IMinent.)

P2
-

FPN:Firefox Plugin Navigator . (.Microsoft Corporation
-

np
-
mswmp.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
np
-
mswmp.dll

P2
-

FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc.
-

NPRuntime Script Plu
g
-
in Library for Java(TM) Deploy.)
--

C:
\
Program
Files
\
Mozilla Firefox
\
Plugins
\
npdeployJava1.dll

P2
-

FPN:Firefox Plugin Navigator . (.Adobe Systems Inc.
-

Adobe PDF Plug
-
In For Firefox and Netscape "9.5.0".)
--

C:
\
Program
Files
\
Mozilla Firefox
\
Plugins
\
npp
df32.dll

P2
-

FPN:Firefox Plugin Navigator . (.RealNetworks, Inc.
-

RealPlayer(tm) LiveConnect
-
Enabled Plug
-
In.)
--

C:
\
Program Files
\
Mozilla
Firefox
\
Plugins
\
nppl3260.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to
view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin2.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin3.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc
.
-

The QuickTime Plugin allows you to view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin4.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to view a wide variety of multimedia

c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin5.dll

P2
-

FPN:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin6.dll

P2
-

FP
N:Firefox Plugin Navigator . (.Apple Inc.
-

The QuickTime Plugin allows you to view a wide variety of multimedia c.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npqtplugin7.dll

P2
-

FPN:Firefox Plugin Navigator . (.RealNetworks, Inc.
-

RealJukebox Netscape

Plugin.)
--

C:
\
Program Files
\
Mozilla
Firefox
\
Plugins
\
nprjplug.dll

P2
-

FPN:Firefox Plugin Navigator . (.RealNetworks, Inc.
-

12.0.1.647.)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
nprpjplug.dll

P2
-

FPN:Firefox Plugin Navigator . (.Zylom
-

Zylom Plugin.
)
--

C:
\
Program Files
\
Mozilla Firefox
\
Plugins
\
npzylomgamesplayer.dll

P2
-

FPN: [HKLM] [@adobe.com/FlashPlayer]
-

(...)
--

C:
\
WINDOWS
\
system32
\
Macromed
\
Flash
\
NPSWF32.dll

P2
-

FPN: [HKLM] [@adobe.com/ShockwavePlayer]
-

(.Adobe Systems, Inc.
-

Adobe Shockwave

for Director Netscape plug
-
in,
version 11.6.3.633.)
--

C:
\
WINDOWS
\
system32
\
Adobe
\
Director
\
np32dsw.dll

P2
-

FPN: [HKLM] [@bitmanagement.com/BS Contact]
-

(...)
--

C:
\
Program Files
\
Bitmanagement Software
\
BS
Contact
\
npBSContact.dll (.not file.)

P2
-

FPN: [HK
LM] [@bitmanagement.com/BSVersion,version=1.006]
-

(...)
--

C:
\
Program Files
\
Bitmanagement Software
\
BS
Contact
\
npBSVersion_6.dll (.not file.)

P2
-

FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0]
-

(.DivX, LLC
-

DivX Plus Web Player version 2.2.0.
52.)
--

C:
\
Program Files
\
DivX
\
DivX Plus Web Player
\
npdivx32.dll

P2
-

FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0]
-

(...)
--

C:
\
Program Files
\
DivX
\
DivX Content
Uploader
\
npUpload.dll (.not file.)

P2
-

FPN: [HKLM] [@divx.com/DivX VOD Help
er,version=1.0.0]
-

(.DivX, LLC.
-

DivX VOD Helper Plug
-
in.)
--

C:
\
Program
Files
\
DivX
\
DivX OVS Helper
\
npovshelper.dll

P2
-

FPN: [HKLM] [@Google.com/GoogleEarthPlugin]
-

(.Google
-

GEPlugin.)
--

C:
\
Program Files
\
Google
\
Google
Earth
\
plugin
\
npgeplugin.dll

P2
-

FPN: [HKLM] [@java.com/JavaPlugin]
-

(.Sun Microsystems, Inc.
-

Next Generation Java Plug
-
in 1.6.0_31 for Mozilla browsers.)
--

C:
\
Program Files
\
Java
\
jre6
\
bin
\
plugin2
\
npjp2.dll

P2
-

FPN: [HKLM] [@ma
-
config.com/HardwareDetection]
-

(...)
--

C:
\
Program Fil
es
\
ma
-
config.com
\
nphardwaredetection.dll (.not file.)

P2
-

FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0]
-

(. Microsoft Corporation
-

3.0.40624.0.)
--

c:
\
Program Files
\
Microsoft
Silverlight
\
3.0.40624.0
\
npctrl.dll

P2
-

FPN: [HKLM] [@microsoft.com/OfficeLi
ve,version=1.3]
-

(.Microsoft Corp.
-

Office Live Update v1.3.)
--

C:
\
Program
Files
\
Microsoft
\
Office Live
\
npOLW.dll

P2
-

FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416]
-

(.Microsoft Corporation
-

NPWLPG.)
--

C:
\
Program
Files
\
Windows Live
\
Photo Ga
llery
\
NPWLPG.dll

P2
-

FPN: [HKLM] [@pack.google.com/Google Updater;version=14]
-

(.Google
-

Google Updater plugin<br><a
href="http://pack.google.com/">http://pack.)
--

C:
\
Program Files
\
Google
\
Google Updater
\
2.4.2432.1652
\
npCIDetect14.dll

P2
-

FPN: [HKLM] [
@real.com/nppl3260;version=12.0.1.647]
-

(.RealNetworks, Inc.
-

RealPlayer(tm) LiveConnect
-
Enabled Plug
-
In.)
--

C:
\
Program Files
\
Real
\
RealPlayer
\
Netscape6
\
nppl3260.dll

P2
-

FPN: [HKLM] [@real.com/nprjplug;version=12.0.1.647]
-

(.RealNetworks, Inc.
-

RealJu
kebox Netscape Plugin.)
--

C:
\
Program
Files
\
Real
\
RealPlayer
\
Netscape6
\
nprjplug.dll

P2
-

FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.647]
-

(.RealNetworks, Inc.
-

RealNetworks(tm)
RealPlayer Chrome Background Extension Plug
-
In.)
--

C:
\
D
ocuments and Settings
\
All Users
\
Application
Data
\
Real
\
RealPlayer
\
BrowserRecordPlu

P2
-

FPN: [HKLM] [@real.com/nprphtml5videoshim;version=12.0.1.647]
-

(.RealNetworks, Inc.
-

RealPlayer(tm) HTML5VideoShim
Plug
-
In.)
--

C:
\
Documents and Settings
\
All Users
\
App
lication
Data
\
Real
\
RealPlayer
\
BrowserRecordPlugin
\
MozillaPlugins
\
nprphtml5videos

P2
-

FPN: [HKLM] [@real.com/nprpjplug;version=12.0.1.647]
-

(.RealNetworks, Inc.
-

12.0.1.647.)
--

C:
\
Program
Files
\
Real
\
RealPlayer
\
Netscape6
\
nprpjplug.dll

P2
-

FPN: [HKLM] [@
tools.google.com/Google Update;version=3]
-

(.Google Inc.
-

Google Update.)
--

C:
\
Program
Files
\
Google
\
Update
\
1.3.21.111
\
npGoogleUpdate3.dll

P2
-

FPN: [HKLM] [@tools.google.com/Google Update;version=9]
-

(.Google Inc.
-

Google Update.)
--

C:
\
Program
Files
\
Google
\
Update
\
1.3.21.111
\
npGoogleUpdate3.dll

P2
-

FPN: [HKLM] [@zylom.com/ZylomGamesPlayer]
-

(.Zylom
-

Zylom Plugin.)
--

C:
\
Documents and Settings
\
All Users
\
Application
Data
\
Zylom
\
ZylomGamesPlayer
\
npzylomgamesplayer.dll

P2
-

FPN: [HKLM] [Adobe Reader]
-

(
.Adobe Systems Inc.
-

Adobe PDF Plug
-
In For Firefox and Netscape "9.5.0".)
--

C:
\
Program
Files
\
Adobe
\
Reader 9.0
\
Reader
\
AIR
\
nppdf32.dll

P2
-

FPN: [HKCU] [@bitmanagement.com/BS Contact]
-

(...)
--

C:
\
Program Files
\
Bitmanagement Software
\
BS
Contact
\
npBSContac
t.dll (.not file.)

P2
-

FPN: [HKCU] [@bitmanagement.com/BSVersion,version=1.006]
-

(...)
--

C:
\
Program Files
\
Bitmanagement Software
\
BS
Contact
\
npBSVersion_6.dll (.not file.)

P2
-

FPN: [HKCU] [@powerchallenge.com/PowerLoader]
-

(.Power Challenge Sweden AB
-

Game Loader Plugin for Power
Challenge Games.)
--

C:
\
Documents and Settings
\
ROTH
\
Application Data
\
PowerChallenge
\
nppowerloader.dll

P2
-

FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0]
-

(.Unity Technologies ApS
-

Unity Player 3.1.0f4.)
--

C:
\
Documents
and
Settings
\
ROTH
\
Local Settings
\
Application Data
\
Unity
\
WebPlayer
\
loader
\
npUnity3D32.dll

~ Scan Firefox Browser in 00mn 02s




---
\
\

Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing
(R0,R1,R3,R4)

R0
-

HKCU
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Main,Start Page = http://search.conduit.com

R0
-

HKLM
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Main,Start Page = http://go.microsoft.com

R1
-

HKCU
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Main,Search Page = http://www.google.com

R1
-

HKLM
\
SOFTWARE
\
Microsoft
\
Inter
net Explorer
\
Main,Extensions Off Page = about:noadd
-
ons

R1
-

HKLM
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Main,Security Risk Page = about:securityrisk

R1
-

HKLM
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R1
-

HKCU
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Search,SearchAssistant = http://www.google.com

R1
-

HKLM
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
Search,SearchAssistant = http://www.google.com

R3
-

URLSearchHook: Microsoft Url Search Hook
-

{CFBFAE00
-
17A6
-
11D0
-
99CB
-
00C04
FD64497} . (.Microsoft Corporation
-

Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308
-
0339))
--

C:
\
WINDOWS
\
system32
\
ieframe.dll

R4
-

HKLM
\
SOFTWARE
\
Microsoft
\
Internet Explorer
\
PhishingFilter,EnabledV8 = 0

~ Scan IE Browser in 00mn 00s




---
\
\

Internet Explorer, Proxy Management (R5)

R5
-

HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,ProxyServer = no key

R5
-

HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,ProxyEnable = 0

R5
-

HKCU
\
Software
\
Microsoft
\
Wi
ndows
\
CurrentVersion
\
Internet Settings,MigrateProxy = 1

R5
-

HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,EnableHttp1_1 = 1

R5
-

HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,ProxyHttp1.1 = 1

R5
-

HKCU
\
Software
\
Micros
oft
\
Windows
\
CurrentVersion
\
Internet Settings,AutoConfigProxy = wininet.dll

R5
-

HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,EnableHttp1_1 = 1

R5
-

HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Internet Settings,ProxyHttp1.1 = 1

~ Scan

Proxy management in 00mn 00s




---
\
\

Modification d'une valeur Ini (Changed inifile value, mapped to Registry)
(F2)

F2
-

REG:system.ini: UserInit=C:
\
WINDOWS
\
system32
\
userinit.exe,

F2
-

REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s




---
\
\

Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 01s

~ Nombre de lignes (Lines number): 10061




---
\
\

Browser Helper Objects de navigateur (O2)

O2
-

BHO: Ai
de pour le lien d'Adobe PDF Reader
-

{06849E9F
-
C8D7
-
4D59
-
B87D
-
784B7D6BE0B3} . (.Adobe Systems Incorporated
-

Adobe PDF Helper for Internet Explorer.)
--

C:
\
Program Files
\
Fichiers communs
\
Adobe
\
Acrobat
\
ActiveX
\
AcroIEHelper.dll

O2
-

BHO: AcroIEHelperStub
-

{
18DF081C
-
E8AD
-
4283
-
A596
-
FA578C2EBDC3} . (.Adobe Systems Incorporated
-

Adobe PDF
Helper for Internet Explorer.)
--

C:
\
Program Files
\
Fichiers communs
\
Adobe
\
Acrobat
\
ActiveX
\
AcroIEHelperShim.dll

O2
-

BHO: RealPlayer Download and Record Plugin for Internet Exp
lorer
-

{3049C3E9
-
B461
-
4BC5
-
8870
-
4C09146192CA} .
(.RealPlayer
-

RealPlayer Download and Record Plugin.)
--

C:
\
Documents and Settings
\
All Users
\
Application
Data
\
Real
\
RealPlayer
\
BrowserRecordP

O2
-

BHO: Increase performance and video formats for your HTML5 <
video>
-

{326E768D
-
4182
-
46FD
-
9C16
-
1449A49795F4} .
(.DivX, LLC
-

DivX Plus Web Player HTML5 <video> version.)
--

C:
\
Program Files
\
DivX
\
DivX Plus Web
Player
\
ie
\
DivXHTML5
\
DivXHTML5.dll

O2
-

BHO: Windows Live Family Safety Browser Helper
-

{4f3ed5cd
-
0726
-
42a9
-
87f5
-
d13f3d2976ac} . (.Microsoft Corporation
-

Family Safety Browser Helper Object Library.)
--

C:
\
Program Files
\
Windows Live
\
Family Safety
\
fssbho.dll

O2
-

BHO: Spybot
-
S&D IE Protection
-

{53707962
-
6F74
-
2D53
-
2644
-
206D7942484F} . (.Safer Networking Limited
-

SBSD IE
Protection.)
--

C:
\
Program Files
\
Spybot
-

Search & Destroy
\
SDHelper.dll

O2
-

BHO: TBSB01620
-

{58124A0B
-
DC32
-
4180
-
9BFF
-
E0E21AE34026} .
(...)
--

C:
\
Program Files
\
IMinent Toolbar
\
tbcore3.dll

O2
-

BHO: (no name)
-

{5C255C8A
-
E604
-
49b4
-
9D64
-
90988571CE
CB} Clé orpheline

O2
-

BHO: EoRezoBHO
-

{64F56FC1
-
1272
-
44CD
-
BA6E
-
39723696E350} .
(...)
--

C:
\
Documents and Settings
\
ROTH
\
Mes
documents
\
Logiciels
\
Montage video
\
graveur
\
EoAdv
\
EoRezoBHO.dll

O2
-

BHO: Search Helper
-

{6EBF7485
-
159F
-
4bff
-
A14F
-
B9E3AAC4465B} . (.
Microsoft Corp.
-

Microsoft Search Helper Extention.)
--

C:
\
Program Files
\
Microsoft
\
Search Enhancement Pack
\
Search Helper
\
SearchHelper.dll

O2
-

BHO: SSVHelper Class
-

{761497BB
-
D6F0
-
462C
-
B6EB
-
D4DAF1D92D43} . (.Sun Microsystems, Inc.
-

Java(TM) Platform SE
binary.)
--

C:
\
Program Files
\
Java
\
jre6
\
bin
\
ssv.dll

O2
-

BHO: avast! WebRep
-

{8E5E2654
-
AD2D
-
48bf
-
AC2D
-
D17F00898D06} . (.AVAST Software
-

avast! WebRep Plugin.)
--

C:
\
Program Files
\
AVAST Software
\
Avast
\
aswWebRepIE.dll

O2
-

BHO: IMinent WebBooster
-

{A09AB6E
B
-
31B5
-
454C
-
97EC
-
9B294D92EE2A} . (...)
--

C:
\
Program
Files
\
Iminent
\
IMBooster4Web
\
Iminent.WebBooster.dll

O2
-

BHO: Google Toolbar Helper
-

{AA58ED58
-
01DD
-
4d91
-
8333
-
CF10577473F7} . (.Google Inc.
-

Google Toolbar.)
--

C:
\
Program
Files
\
Google
\
Google Toolbar
\
Go
ogleToolbar_32.dll

O2
-

BHO: Google Toolbar Notifier BHO
-

{AF69DE43
-
7D58
-
4638
-
B6FA
-
CE66B5AD205D} . (.Google Inc.
-

GoogleToolbarNotifier.)
-
-

C:
\
Program Files
\
Google
\
GoogleToolbarNotifier
\
5.7.7227.1100
\
swg.dll

O2
-

BHO: PDFCreator Toolbar Helper
-

{C451C0
8A
-
EC37
-
45DF
-
AAAD
-
18B51AB5E837} . (.Pas de propriétaire
-

PDFCreator
Toolbar.)
--

C:
\
Program Files
\
PDFCreator Toolbar
\
v3.0.0.0
\
PDFCreator_Toolbar.dll

O2
-

BHO: (no name)
-

{C84D72FE
-
E17D
-
4195
-
BB24
-
76C02E2E7C4E} Clé orpheline

O2
-

BHO: Java(tm) Plug
-
In 2 SS
V Helper
-

{DBC80044
-
A445
-
435b
-
BC74
-
9C25C1C588A9} . (.Sun Microsystems, Inc.
-

Java(TM)
Platform SE binary.)
--

C:
\
Program Files
\
Java
\
jre6
\
bin
\
jp2ssv.dll

O2
-

BHO: Windows Live Toolbar Helper
-

{E15A8DC0
-
8516
-
42A1
-
81EA
-
DC94EC1ACF10} . (.Microsoft Corporati
on
-

Windows Live
Toolbar Core.)
--

C:
\
Program Files
\
Windows Live
\
Toolbar
\
wltcore.dll

O2
-

BHO: JQSIEStartDetectorImpl
-

{E7E6F031
-
17CE
-
4C07
-
BC86
-
EABFE594F69C} . (.Sun Microsystems, Inc.
-

Java(TM) Quick
Starter binary.)
--

C:
\
Program Files
\
Java
\
jre6
\
lib
\
d
eploy
\
jqs
\
ie
\
jqs_plugin.dll

~ Scan BHO in 00mn 01s




---
\
\

Internet Explorer Toolbars (O3)

O3
-

Toolbar: PDFCreator Toolbar
-

{31CF9EBE
-
5755
-
4A1D
-
AC25
-
2834D952D9B4} . (.Pas de propriétaire
-

PDFCreator Toolbar.)
--

C:
\
Program Files
\
PDFCreator Toolbar
\
v3.0
.0.0
\
PDFCreator_Toolbar.dll

O3
-

Toolbar: &Windows Live Toolbar
-

{21FA44EF
-
376D
-
4D53
-
9B0F
-
8A89D3229068} . (.Microsoft Corporation
-

Windows Live
Toolbar Core.)
--

C:
\
Program Files
\
Windows Live
\
Toolbar
\
wltcore.dll

O3
-

Toolbar: IMinent Toolbar
-

{977AE9CC
-
AF83
-
45E8
-
9E03
-
E2798216E2D5} .
(...)
--

C:
\
Program Files
\
IMinent Toolbar
\
tbcore3.dll

O3
-

Toolbar: (no name)
-

{30F9B915
-
B755
-
4826
-
820B
-
08FBA6BD249D} . (...)
--

(.not file.)

O3
-

Toolbar: avast! WebRep
-

{8E5E2654
-
AD2D
-
48bf
-
AC2D
-
D17F00898D06} . (.AVAST So
ftware
-

avast! WebRep Plugin.)
--

C:
\
Program Files
\
AVAST Software
\
Avast
\
aswWebRepIE.dll

~ Scan Toolbar in 00mn 00s




---
\
\

Applications démarrées par registre & par dossier (O4)

O4
-

HKLM
\
..
\
Run: [NVMixerTray] . (.NVIDIA Corporation
-

NVIDIA nForce Mixer

Tray Application.)
--

C:
\
Program Files
\
NVIDIA
Corporation
\
NvMixer
\
NVMixerTray.exe

O4
-

HKLM
\
..
\
Run: [LVCOMSX] . (.Logitech Inc.
-

LVCom Server.)
--

C:
\
WINDOWS
\
system32
\
LVCOMSX.exe

O4
-

HKLM
\
..
\
Run: [EoEngine] C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Logiciels
\
Montage video
\
graveur
\
EoEngine.exe
(.not file.)

O4
-

HKLM
\
..
\
Run: [EoWeather] Clé orpheline

O4
-

HKLM
\
..
\
Run: [NWEReboot] Clé orpheline

O4
-

HKLM
\
..
\
Run: [QuickTime Task] . (.Apple Inc.
-

QuickTime Task.)
--

C:
\
Documents and Settings
\
ROTH
\
Mes

documents
\
Logiciels
\
video
\
QuickTime
\
qttask.exe

O4
-

HKLM
\
..
\
Run: [NeroFilterCheck] . (.Nero AG
-

NeroCheck.)
--

C:
\
Program Files
\
Fichiers communs
\
Ahead
\
Lib
\
NeroCheck.exe

O4
-

HKLM
\
..
\
Run: [fssui] . (.Microsoft Corporation
-

Windows Live Family Safety Fi
lter.)
--

C:
\
Program Files
\
Windows Live
\
Family
Safety
\
fsui.exe

O4
-

HKLM
\
..
\
Run: [TkBellExe] . (.RealNetworks, Inc.
-

RealNetworks Scheduler.)
--

C:
\
Program
Files
\
Real
\
RealPlayer
\
update
\
realsched.exe

O4
-

HKLM
\
..
\
Run: [nod32kui] C:
\
Program Files
\
Eset
\
nod
32kui.exe (.not file.)

O4
-

HKLM
\
..
\
Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated
-

Adobe Acrobat SpeedLauncher.)
--

C:
\
Program Files
\
Adobe
\
Reader 9.0
\
Reader
\
Reader_sl.exe

O4
-

HKLM
\
..
\
Run: [Adobe ARM] . (.Adobe Systems Incorporated
-

Adobe Reader and Acrobat Manager.)
--

C:
\
Program
Files
\
Fichiers communs
\
Adobe
\
ARM
\
1.0
\
AdobeARM.exe

O4
-

HKLM
\
..
\
Run: [Ad
-
Aware Browsing Protection] . (.Lavasoft
-

Ad
-
Aware Browsing Protection.)
--

C:
\
Documents and Settings
\
All
Users
\
Application Data
\
Ad
-
A
ware Browsing Protection
\
adawarebp.exe

O4
-

HKLM
\
..
\
Run: [avast] . (.AVAST Software
-

avast! Antivirus.)
--

C:
\
Program Files
\
AVAST Software
\
Avast
\
avastUI.exe

O4
-

HKLM
\
..
\
Run: [DivXUpdate] . (.Pas de propriétaire
-

DivX Update.)
--

C:
\
Program Files
\
DivX
\
DivX Update
\
DivXUpdate.exe

O4
-

HKLM
\
..
\
Run: [SunJavaUpdateSched] C:
\
Program Files
\
Java
\
jre6
\
bin
\
jusched.exe (.not file.)

O4
-

HKCU
\
..
\
Run: [ctfmon.exe] . (.Microsoft Corporation
-

CTF Loader.)
--

C:
\
WINDOWS
\
system32
\
ctfmon.exe

O4
-

HKCU
\
..
\
Run: [BgMoni
tor_{79662E04
-
7C6C
-
4d9f
-
84C7
-
88D8A56B10AA}] . (.Nero AG
-

Nero Home.)
--

C:
\
Program
Files
\
Fichiers communs
\
Ahead
\
Lib
\
NMBgMonitor.exe

O4
-

HKCU
\
..
\
Run: [Philips Intelligent Agent] Clé orpheline

O4
-

HKCU
\
..
\
Run: [Microsoft Windows logon process] C:
\
Docume
nts and Settings
\
ROTH
\
Application
Data
\
Microsoft
\
Windows
\
winlogon.exe (.not file.)

O4
-

HKCU
\
..
\
Run: [SpybotSD TeaTimer] . (.Safer Networking Limited
-

System settings protector.)
--

C:
\
Program Files
\
Spybot
-

Search & Destroy
\
TeaTimer.exe

O4
-

HKCU
\
..
\
Ru
n: [swg] . (.Google Inc.
-

GoogleToolbarNotifier.)
--

C:
\
Program
Files
\
Google
\
GoogleToolbarNotifier
\
GoogleToolbarNotifier.exe

O4
-

HKCU
\
..
\
Run: [EA Core] C:
\
Program Files
\
Electronic Arts
\
EADM
\
Core.exe (.not file.)

O4
-

HKCU
\
..
\
Run: [Ygupipu] C:
\
WINDOWS
\
m
sonrom.dll (.not file.)

O4
-

HKCU
\
..
\
Run: [Steam] . (.Valve Corporation
-

Steam.)
--

C:
\
Valve
\
Steam
\
Steam.exe

O4
-

HKCU
\
..
\
Run: [msnmsgr] . (.Microsoft Corporation
-

Windows Live Messenger.)
--

C:
\
Program Files
\
Windows
Live
\
Messenger
\
msnmsgr.exe

O4
-

HK
CU
\
..
\
Run: [Fraps] . (.Beepa P/L
-

Fraps.)
--

C:
\
PROGRAM FILES
\
FRAPS.exe

O4
-

HKCU
\
..
\
RunOnce: [AutoLaunch] . (...)
--

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AutoLaunch.exe

O4
-

HKCU
\
..
\
RunOnce: [FlashPlayerUpdate] C:
\
WINDOWS
\
system32
\
Macromed
\
Flash
\
FlashUti
l10t_ActiveX.exe (.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [ctfmon.exe] . (.Microsoft Corporation
-

CTF Loader.)
--

C:
\
WINDOWS
\
system32
\
ctfmon.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [BgMonitor
_{79662E04
-
7C6C
-
4d9f
-
84C7
-
88D8A56B10AA}] .
(.Nero AG
-

Nero Home.)
--

C:
\
Program Files
\
Fichiers communs
\
Ahead
\
Lib
\
NMBgMonitor.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [Philips Intelligent Agent] Clé orpheline

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [Microsoft Windows logon process] C:
\
Documents and
Settings
\
ROTH
\
Application Data
\
Microsoft
\
Windows
\
winlogon.exe (.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [SpybotSD TeaTimer] .
(.Safer Networking Limited
-

System
settings protector.)
--

C:
\
Program Files
\
Spybot
-

Search & Destroy
\
TeaTimer.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [swg] . (.Google Inc.
-

GoogleToolbarNotifier.)
--

C:
\
Program
Files
\
Google
\
G
oogleToolbarNotifier
\
GoogleToolbarNotifier.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [EA Core] C:
\
Program Files
\
Electronic Arts
\
EADM
\
Core.exe
(.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [Ygupipu] C
:
\
WINDOWS
\
msonrom.dll (.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [Steam] . (.Valve Corporation
-

Steam.)
--

C:
\
Valve
\
Steam
\
Steam.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [msnmsgr] . (.Microsoft C
orporation
-

Windows Live
Messenger.)
--

C:
\
Program Files
\
Windows Live
\
Messenger
\
msnmsgr.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
Run: [Fraps] . (.Beepa P/L
-

Fraps.)
--

C:
\
PROGRAM
FILES
\
FRAPS.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [Conf
ig] . (...)
--

C:
\
WINDOWS
\
system32
\
run.cmd

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [nlsf] . (.Microsoft Corporation
-

Interpréteur de commandes Windows.)
--

C:
\
WINDOWS
\
system32
\
cmd.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [tscuninstall] . (.Microsoft Corporation
-

DLL
d'action personnalisée d'installation.)
--

C:
\
WINDOWS
\
system32
\
tscupgrd.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [IETI] C:
\
Program Files
\
Skype
\
Phone
\
IEPlugin
\
unins000.exe (.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [AutoLaunch] . (...)
--

C:
\
Program Files
\
Lava
soft
\
Ad
-
Aware
\
AutoLaunch.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [Config] . (...)
--

C:
\
WINDOWS
\
system32
\
run.cmd

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [nlsf] . (.Microsoft Corporation
-

Interpréteur de commandes Windows.)
--

C:
\
WINDOWS
\
system32
\
cmd.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [tscuninstall] . (.Microsoft Corporation
-

DLL d'action personnalisée d'installation.)
--

C:
\
WINDOWS
\
system32
\
tscupgrd.exe

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [IETI] C:
\
Program Files
\
Skype
\
Phone
\
IEPlugin
\
unins000.exe (.not file.)

O4
-

HKUS
\
S
-
1
-
5
-
18
\
..
\
RunOnce: [AutoLaunch] . (...)
--

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AutoLaunch.exe

O4
-

HKUS
\
S
-
1
-
5
-
19
\
..
\
RunOnce: [Config] . (...)
--

C:
\
WINDOWS
\
system32
\
run.cmd

O4
-

HKUS
\
S
-
1
-
5
-
19
\
..
\
RunOnce: [nlsf] . (.Microsoft Corporation
-

Interpréteur d
e commandes Windows.)
--

C:
\
WINDOWS
\
system32
\
cmd.exe

O4
-

HKUS
\
S
-
1
-
5
-
19
\
..
\
RunOnce: [tscuninstall] . (.Microsoft Corporation
-

DLL d'action personnalisée d'installation.)
--

C:
\
WINDOWS
\
system32
\
tscupgrd.exe

O4
-

HKUS
\
S
-
1
-
5
-
20
\
..
\
RunOnce: [Config] . (...)

--

C:
\
WINDOWS
\
system32
\
run.cmd

O4
-

HKUS
\
S
-
1
-
5
-
20
\
..
\
RunOnce: [nlsf] . (.Microsoft Corporation
-

Interpréteur de commandes Windows.)
--

C:
\
WINDOWS
\
system32
\
cmd.exe

O4
-

HKUS
\
S
-
1
-
5
-
20
\
..
\
RunOnce: [tscuninstall] . (.Microsoft Corporation
-

DLL d'action pe
rsonnalisée d'installation.)
--

C:
\
WINDOWS
\
system32
\
tscupgrd.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003
\
..
\
RunOnce: [AutoLaunch] . (...)
--

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AutoLaunch.exe

O4
-

HKUS
\
S
-
1
-
5
-
21
-
602162358
-
1326574676
-
68200333
0
-
1003
\
..
\
RunOnce: [FlashPlayerUpdate]
C:
\
WINDOWS
\
system32
\
Macromed
\
Flash
\
FlashUtil10t_ActiveX.exe (.not file.)

~ Scan Application in 00mn 00s




---
\
\

Autres liens utilisateurs (O4)

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
P
rogrammes
\
Adobe Bridge.lnk . (.Adobe Systems, Inc..)
--

C:
\
Program Files
\
Adobe
\
Adobe Bridge
\
Bridge.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Help Center.lnk . (.Adobe Systems
Incorporated.)
--

C:
\
Program
Files
\
Adobe
\
Adobe Help Center
\
ahc.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe ImageReady CS2.lnk . (.Adobe
Systems Incorporated.)
--

C:
\
Program Files
\
Adobe
\
Adobe Photoshop CS2
\
ImageReady.exe

O4
-

Global Star
tup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Photoshop CS2.lnk . (.Adobe
Systems, Incorporated.)
--

C:
\
Program Files
\
Adobe
\
Adobe Photoshop CS2
\
Photoshop.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Reader 9.lnk . (...)
--

C:
\
WINDOWS
\
Installer
\
{AC76BA86
-
7AD7
-
1036
-
7B44
-
A95000000001}
\
SC_Reader.ico

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Stock Photos.lnk . (.Adobe Systems,
Inc..)
--

C:
\
Pr
ogram Files
\
Adobe
\
Adobe Bridge
\
Bridge.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Apple Software Update.lnk . (...)
--

C:
\
WINDOWS
\
Installer
\
{B74F042E
-
E1B9
-
4A5B
-
8D46
-
387BB172F0A4}
\
AppleSoftwareUpdateIco.exe

O4
-

Gl
obal Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Geonaute KeyMaze 500
-
700.lnk .
(.Geonaute.)
--

C:
\
Program Files
\
Geonaute KeyMaze 500
-
700
\
KeyMaze500
-
700.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
P
rogrammes
\
Mozilla Firefox.lnk . (.Mozilla Corporation.)
--

C:
\
Program Files
\
Mozilla Firefox
\
firefox.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Windows Movie Maker.lnk . (.Microsoft
Corporation.)
--

C:
\
Program Fi
les
\
Movie Maker
\
moviemk.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Assistance à distance.lnk . (.Microsoft
Corporation.)
--

C:
\
WINDOWS
\
system32
\
rcimlby.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Déma
rrer
\
Programmes
\
Internet Explorer.lnk . (.Microsoft Corporation.)
--

C:
\
Program Files
\
Internet Explorer
\
iexplore.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Lecteur Windows Media.lnk . (.Microsoft
Corporation.)
--

C:
\
Program Files
\
Windows Media Player
\
wmplayer.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Outlook Express.lnk . (.Microsoft Corporation.)
--

C:
\
Program Files
\
Outlook Express
\
msimn.exe

O4
-

Global Startup: C:
\
Documents An
d Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
SymInstallStub.lnk . (.Symantec Corporation.)
--

C:
\
WINDOWS
\
system32
\
Macromed
\
Shockwave 10
\
SymInstallStub.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Bridge.lnk . (.A
dobe Systems, Inc..)
--

C:
\
Program Files
\
Adobe
\
Adobe Bridge
\
Bridge.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Help Center.lnk . (.Adobe Systems
Incorporated.)
--

C:
\
Program Files
\
Adobe
\
Adobe Help Center
\
ah
c.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe ImageReady CS2.lnk . (.Adobe
Systems Incorporated.)
--

C:
\
Program Files
\
Adobe
\
Adobe Photoshop CS2
\
ImageReady.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
A
ll Users
\
Menu Démarrer
\
Programmes
\
Adobe Photoshop CS2.lnk . (.Adobe
Systems, Incorporated.)
--

C:
\
Program Files
\
Adobe
\
Adobe Photoshop CS2
\
Photoshop.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Reader 9.lnk .
(...)
--

C:
\
WINDOWS
\
Installer
\
{AC76BA86
-
7AD7
-
1036
-
7B44
-
A95000000001}
\
SC_Reader.ico

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Adobe Stock Photos.lnk . (.Adobe Systems,
Inc..)
--

C:
\
Program Files
\
Adobe
\
Adobe Bridge
\
B
ridge.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Apple Software Update.lnk . (...)
--

C:
\
WINDOWS
\
Installer
\
{B74F042E
-
E1B9
-
4A5B
-
8D46
-
387BB172F0A4}
\
AppleSoftwareUpdateIco.exe

O4
-

Global Startup: C:
\
Documents And S
ettings
\
All Users
\
Menu Démarrer
\
Programmes
\
Geonaute KeyMaze 500
-
700.lnk .
(.Geonaute.)
--

C:
\
Program Files
\
Geonaute KeyMaze 500
-
700
\
KeyMaze500
-
700.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Mozilla Firefox.lnk .
(.Mozilla Corporation.)
--

C:
\
Program Files
\
Mozilla Firefox
\
firefox.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
All Users
\
Menu Démarrer
\
Programmes
\
Windows Movie Maker.lnk . (.Microsoft
Corporation.)
--

C:
\
Program Files
\
Movie Maker
\
moviemk.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Assistance à distance.lnk . (.Microsoft
Corporation.)
--

C:
\
WINDOWS
\
system32
\
rcimlby.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Internet Explore
r.lnk . (.Microsoft Corporation.)
--

C:
\
Program Files
\
Internet Explorer
\
iexplore.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Lecteur Windows Media.lnk . (.Microsoft
Corporation.)
--

C:
\
Program Files
\
Windows Media Play
er
\
wmplayer.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Outlook Express.lnk . (.Microsoft Corporation.)
--

C:
\
Program Files
\
Outlook Express
\
msimn.exe

O4
-

Global Startup: C:
\
Documents And Settings
\
ROTH
\
Menu Démarrer
\
Pr
ogrammes
\
SymInstallStub.lnk . (.Symantec Corporation.)
--

C:
\
WINDOWS
\
system32
\
Macromed
\
Shockwave 10
\
SymInstallStub.exe

~ Scan Global Startup in 00mn 06s




---
\
\

Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9
-

Extra button: C
onsole Java (Sun)
-

{08B0E5C0
-
4FCB
-
11CF
-
AAA5
-
00401C608501}
--

Clé orpheline

O9
-

Extra button: &Ajout Direct dans Windows Live Writer
-

{219C3416
-
8CB2
-
491a
-
A3C7
-
D9FCDDC9D600} . (.Microsoft
Corporation
-

Windows Live Writer Blog This Extension.)
--

C:
\
Progr
am Files
\
Windows Live
\
Writer
\
WriterBrowserExtension.dll

O9
-

Extra button: &Ajout Direct dans Windows Live Writer
-

{92780B25
-
18CC
-
41C8
-
B9BE
-
3C9C571A8263} . (...)
--

C:
\
Program
Files
\
Microsoft Office
\
OFFICE11
\
REFBARH.ICO

O9
-

Extra button: Spybot
-

Search
& Destroy Configuration
-

{DFB852A3
-
47F8
-
48C4
-
A200
-
58CAB36FD2A2} . (...)
--

C:
\
Program
Files
\
Microsoft Office
\
OFFICE11
\
REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s




---
\
\

Winsock hijacker (Layered Service Provider) (O10)

O10
-

WLSP:
\
000000000001
\
Winso
ck LSP File . (.Microsoft Corporation
-

Fournisseur de service Sockets 2.0 de Microsoft
Windows.)
--

C:
\
WINDOWS
\
system32
\
mswsock.dll

O10
-

WLSP:
\
000000000002
\
Winsock LSP File . (.Microsoft Corporation
-

LDAP RnR Provider DLL.)
--

C:
\
WINDOWS
\
system32
\
winrnr
.dll

O10
-

WLSP:
\
000000000003
\
Winsock LSP File . (.Microsoft Corporation
-

Fournisseur de service Sockets 2.0 de Microsoft
Windows.)
--

C:
\
WINDOWS
\
system32
\
mswsock.dll

~ Scan Winsock in 00mn 00s




---
\
\

Objets ActiveX (Downloaded Program Files)(O16)

O16
-

DPF: {00000055
-
9980
-
0010
-
8000
-
00AA00389B71} ()
-

http://codecs.microsoft.com/codecs/i386/fhg.CAB

O16
-

DPF: {1C11B948
-
582A
-
433F
-
A98D
-
A8C4D5CC64F2} (20
-
20 3D Viewer)
-

http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab

O16
-

DPF: {59DBDDA
6
-
9A80
-
42A4
-
B824
-
9BC50CC172F5} ()
-

http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab

O16
-

DPF: {5D6F45B3
-
9043
-
443D
-
A792
-
115447494D24} (UnoCtrl Class)
-

http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.c
ab

O16
-

DPF: {67DABFBF
-
D0AB
-
41FA
-
9C46
-
CC0F21721616} (DivXBrowserPlugin Object)
-

http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16
-

DPF: {C3F79A2B
-
B9B4
-
4A66
-
B012
-
3EE46475B072} (MessengerStatsClient Class)
-

http://messenger.zone.msn.com/binary/Messenge
rStatsPAClient.cab56907.cab

O16
-

DPF: {E2883E8F
-
472F
-
4FB0
-
9522
-
AC9BF37916A7} ()
-

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

~ Scan Objets ActiveX in 00mn 00s




---
\
\

Modification Domaine/Adresses DNS (O17)

O17
-

HKLM
\
System
\
CCS
\
Services
\
Tcpi
p
\
..
\
{A13208EE
-
80B3
-
4A5C
-
A5D5
-
5F80B231E24F}: DhcpNameServer = 192.168.1.1

O17
-

HKLM
\
System
\
CCS
\
Services
\
Tcpip
\
..
\
{F84B4E36
-
F741
-
4A08
-
9027
-
C412100F90A0}: DhcpNameServer = 192.168.1.1
192.168.1.1

O17
-

HKLM
\
System
\
CS1
\
Services
\
Tcpip
\
..
\
{A13208EE
-
80B3
-
4A5C
-
A
5D5
-
5F80B231E24F}: DhcpNameServer = 192.168.1.1

O17
-

HKLM
\
System
\
CS1
\
Services
\
Tcpip
\
..
\
{F84B4E36
-
F741
-
4A08
-
9027
-
C412100F90A0}: DhcpNameServer = 192.168.1.1
192.168.1.1

O17
-

HKLM
\
System
\
CS2
\
Services
\
Tcpip
\
..
\
{A13208EE
-
80B3
-
4A5C
-
A5D5
-
5F80B231E24F}: DhcpNam
eServer = 192.168.1.1

O17
-

HKLM
\
System
\
CS2
\
Services
\
Tcpip
\
..
\
{F84B4E36
-
F741
-
4A08
-
9027
-
C412100F90A0}: DhcpNameServer = 192.168.1.1
192.168.1.1

~ Scan Domain in 00mn 00s




---
\
\

Protocole additionnel (O18)

O18
-

Handler: about
-

{3050F406
-
98B5
-
11CF
-
BB82
-
00
AA00BDCE0B} . (.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
--

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: cdl
-

{3dd53d40
-
7b8b
-
11D0
-
b013
-
00aa0059ce02} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18

-

Handler: dvd
-

{12D51199
-
0DB5
-
46FE
-
A120
-
47A3D7D937CC} .
(.Microsoft Corporation
-

Contrôle ActiveX pour le flux vidéo.)
--

C:
\
WINDOWS
\
system32
\
msvidctl.dll

O18
-

Handler: file
-

{79eac9e7
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporation
-

OLE32 Ex
tensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: ftp
-

{79eac9e3
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: gopher
-

{79eac9e4
-
baf9
-
11ce
-
8c82
-
0
0aa004ba90b} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: http
-

{79eac9e2
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: https
-

{79eac9e5
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: its
-

{9D148291
-
B9C8
-
11D0
-
A4CC
-
0000F80149F6} . (.Microsoft Corporation
-

Microsoft® Info
Tech Storage System
Library.)
--

C:
\
WINDOWS
\
system32
\
itss.dll

O18
-

Handler: javascript
-

{3050F3B2
-
98B5
-
11CF
-
BB82
-
00AA00BDCE0B} . (.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
-
-

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: livecall
-

{828030A1
-
2
2C1
-
4009
-
854F
-
8E305202313F} . (.Microsoft Corporation
-

Windows Live Messenger Protocol
Handler Mod.)
--

C:
\
Program Files
\
Windows Live
\
Messenger
\
msgrapp.14.0.8117.0416.dll

O18
-

Handler: local
-

{79eac9e7
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporat
ion
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: mailto
-

{3050f3DA
-
98B5
-
11CF
-
BB82
-
00AA00BDCE0B} .
(.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
--

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: mhtml
-

{05300401
-
B
CBC
-
11d0
-
85E3
-
00C04FD85AB4} .
(.Microsoft Corporation
-

Microsoft Internet Messaging API.)
--

C:
\
WINDOWS
\
system32
\
inetcomm.dll

O18
-

Handler: mk
-

{79eac9e6
-
baf9
-
11ce
-
8c82
-
00aa004ba90b} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Handler: ms
-
its
-

{9D148291
-
B9C8
-
11D0
-
A4CC
-
0000F80149F6} . (.Microsoft Corporation
-

Microsoft® InfoTech Storage
System Library.)
--

C:
\
WINDOWS
\
system32
\
itss.dll

O18
-

Handler: ms
-
itss
-

{0A9007C0
-
4076
-
11D3
-
8789
-
0000F8105754} . (
.Microsoft Corporation
-

Microsoft® InfoTech Storage
System Library.)
--

C:
\
Program Files
\
Fichiers communs
\
Microsoft Shared
\
Information Retrieval
\
MSITSS.dll

O18
-

Handler: msnim
-

{828030A1
-
22C1
-
4009
-
854F
-
8E305202313F} . (.Microsoft Corporation
-

Windows L
ive Messenger Protocol
Handler Mod.)
--

C:
\
Program Files
\
Windows Live
\
Messenger
\
msgrapp.14.0.8117.0416.dll

O18
-

Handler: mso
-
offdap11
-

{32505114
-
5902
-
49B2
-
880A
-
1F7738E5A384} . (.Microsoft Corporation
-

Microsoft Office Web
Components 2003.)
--

C:
\
Program

Files
\
Fichiers communs
\
Microsoft Shared
\
Web Components
\
11
\
OWC11.dll

O18
-

Handler: res
-

{3050F3BC
-
98B5
-
11CF
-
BB82
-
00AA00BDCE0B} . (.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
--

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: sysimage
-

{76E67A63
-
0
6E9
-
11D2
-
A840
-
006008059382} .
(.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
--

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: tv
-

{CBD30858
-
AF45
-
11D2
-
B6D6
-
00C04FBBDE6E} . (.Microsoft Corporation
-

Contrôle ActiveX pour le flux vidéo.)
-
-

C:
\
WINDOWS
\
system32
\
msvidctl.dll

O18
-

Handler: vbscript
-

{3050F3B2
-
98B5
-
11CF
-
BB82
-
00AA00BDCE0B} . (.Microsoft Corporation
-

Microsoft (R) HTML Viewer.)
--

C:
\
WINDOWS
\
system32
\
mshtml.dll

O18
-

Handler: wia
-

{13F3EA8B
-
91D7
-
4F0A
-
AD76
-
D2853AC8BECE} . (.Microsoft Corp
oration
-

WIA Scripting Layer.)
--

C:
\
WINDOWS
\
system32
\
wiascr.dll

O18
-

Handler: wlmailhtml
-

{03C514A3
-
1EFB
-
4856
-
9F99
-
10D7BE1653C0} . (.Microsoft Corporation
-

Windows Live Mail.)
--

C:
\
Program Files
\
Windows Live
\
Mail
\
mailcomm.dll

O18
-

Filter: applicatio
n/octet
-
stream
-

{1E66F26B
-
79EE
-
11D2
-
8710
-
00C04F79ED0D} . (.Microsoft Corporation
-

Microsoft .NET
Runtime Execution Engine.)
--

C:
\
WINDOWS
\
system32
\
mscoree.dll

O18
-

Filter: application/x
-
complus
-

{1E66F26B
-
79EE
-
11D2
-
8710
-
00C04F79ED0D} . (.Microsoft Corp
oration
-

Microsoft .NET
Runtime Execution Engine.)
--

C:
\
WINDOWS
\
system32
\
mscoree.dll

O18
-

Filter: application/x
-
msdownload
-

{1E66F26B
-
79EE
-
11D2
-
8710
-
00C04F79ED0D} . (.Microsoft Corporation
-

Microsoft .NET
Runtime Execution Engine.)
--

C:
\
WINDOWS
\
syste
m32
\
mscoree.dll

O18
-

Filter: Class Install Handler
-

{32B533BB
-
EDAE
-
11d0
-
BD5A
-
00AA00B92AF1} . (.Microsoft Corporation
-

OLE32 Extensions for
Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Filter: deflate
-

{8f6b0360
-
b80d
-
11d0
-
a9b3
-
006097942311} . (.Micro
soft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Filter: gzip
-

{8f6b0360
-
b80d
-
11d0
-
a9b3
-
006097942311} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Filter: lzdhtml
-

{8f6b0360
-
b80d
-
11d0
-
a9b3
-
006097942311} . (.Microsoft Corporation
-

OLE32 Extensions for Win32.)
--

C:
\
WINDOWS
\
system32
\
urlmon.dll

O18
-

Filter: text/webviewhtml
-

{733AC4CB
-
F1A4
-
11d0
-
B951
-
00A0C90312E1} . (.Microsoft Corporation
-

DLL commune du shell
Wind
ows.)
--

C:
\
WINDOWS
\
system32
\
SHELL32.dll

O18
-

Filter: text/xml
-

{807553E5
-
5146
-
11D5
-
A672
-
00B0D022E945} .
(.Microsoft Corporation
-

Microsoft Office XML MIME Filter.)
--

C:
\
Program Files
\
Fichiers communs
\
Microsoft Shared
\
OFFICE11
\
MSOXMLMF.dll

~ Scan Proto
cole Additionnel in 00mn 01s




---
\
\

Valeur de Registre AppInit_DLLs et sous
-
clés Winlogon Notify (autorun)
(O20)

O20
-

Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc.
-

ATI External Event Utility DLL Module.)
--

C:
\
WINDOWS
\
system32
\
Ati2evxx.dll

O2
0
-

Winlogon Notify: crypt32chain . (.Microsoft Corporation
-

Crypto API32.)
--

C:
\
WINDOWS
\
system32
\
crypt32.dll

O20
-

Winlogon Notify: cryptnet . (.Microsoft Corporation
-

Crypto Network Related API.)
--

C:
\
WINDOWS
\
system32
\
cryptnet.dll

O20
-

Winlogon Noti
fy: cscdll . (.Microsoft Corporation
-

Agent réseau hors connexion.)
--

C:
\
WINDOWS
\
system32
\
cscdll.dll

O20
-

Winlogon Notify: ScCertProp .
(.Microsoft Corporation
-

DLL commune de réception des notifications.)
--

C:
\
WINDOWS
\
system32
\
wlnotify.dll

O20
-

Winl
ogon Notify: Schedule . (.Microsoft Corporation
-

DLL commune de réception des notifications.)
--

C:
\
WINDOWS
\
system32
\
wlnotify.dll

O20
-

Winlogon Notify: sclgntfy . (.Microsoft Corporation
-

DLL secondaire de notification de service d.)
--

C:
\
WINDOWS
\
syste
m32
\
sclgntfy.dll

O20
-

Winlogon Notify: SensLogn . (.Microsoft Corporation
-

DLL commune de réception des notifications.)
--

C:
\
WINDOWS
\
system32
\
WlNotify.dll

O20
-

Winlogon Notify: termsrv . (.Microsoft Corporation
-

DLL commune de réception des notificati
ons.)
--

C:
\
WINDOWS
\
system32
\
wlnotify.dll

O20
-

Winlogon Notify: wlballoon . (.Microsoft Corporation
-

DLL commune de réception des notifications.)
--

C:
\
WINDOWS
\
system32
\
wlnotify.dll

~ Scan Winlogon in 00mn 00s




---
\
\

Clé de Registre autorun ShellServic
eObjectDelayLoad (SSO/SSODL)
(O21)

O21
-

SSODL: PostBootReminder
-

{7849596a
-
48ea
-
486e
-
8937
-
a2a3009f31a9} . (.Microsoft Corporation
-

DLL commune du shell
Windows.)
--

C:
\
WINDOWS
\
system32
\
SHELL32.dll

O21
-

SSODL: CDBurn
-

{fbeb8a05
-
beee
-
4442
-
804e
-
409d6c451
5e9} . (.Microsoft Corporation
-

DLL commune du shell Windows.)
--

C:
\
WINDOWS
\
system32
\
SHELL32.dll

O21
-

SSODL: WebCheck
-

{E6FB5E20
-
DE35
-
11CF
-
9C87
-
00AA005127ED} . (.Microsoft Corporation
-

Web Site Monitor.)
--

C:
\
WINDOWS
\
system32
\
webcheck.dll

O21
-

SSODL
: SysTray
-

{35CEC8A3
-
2BE6
-
11D2
-
8773
-
92E220524153} .
(.Microsoft Corporation
-

Objet du service
d'environnement Systray.)
--

C:
\
WINDOWS
\
system32
\
stobject.dll

O21
-

SSODL: WPDShServiceObj
-

{AAA288BA
-
9A4C
-
45B0
-
95D7
-
94D524869DB5} . (.Microsoft Corporation
-

Windows Portable
Device Shell Service Objec.)
--

C:
\
WINDOWS
\
system32
\
WPDShServiceObj.dll

~ Scan SSODL in 00mn 00s




---
\
\

Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22
-

SharedTaskScheduler: (no name)
-

{8C7461EF
-
2B13
-
11d2
-
BE35
-
3078302C2030}

.
(.Microsoft Corporation
-

Bibliothèque de
l'interface utilisateur du.)
--

C:
\
WINDOWS
\
system32
\
browseui.dll

~ Scan STS/SSO in 00mn 00s




---
\
\

Liste des services NT non Microsoft et non désactivés (O23)

O23
-

Service: (Ati HotKey Poller) . (.ATI Techno
logies Inc.
-

ATI External Event Utility EXE Module.)
-

C:
\
WINDOWS
\
system32
\
Ati2evxx.exe

O23
-

Service: ATI Smart (ATI Smart) . (.Pas de propriétaire
-

ATI Smart.)
-

C:
\
WINDOWS
\
system32
\
ati2sgag.exe

O23
-

Service: avast! Antivirus (avast! Antivirus) . (.AV
AST Software
-

avast! Service.)
-

C:
\
Program Files
\
AVAST
Software
\
Avast
\
AvastSvc.exe

O23
-

Service: Service Google Update (gupdate1c9f5c63a4 (gupdate1c9f5c63a45491e) . (.Google Inc.
-

Programme d'installation de
Google.)
-

C:
\
Program Files
\
Google
\
Update
\
Go
ogleUpdate.exe

O23
-

Service: Google Software Updater (gusvc) . (.Google
-

gusvc.)
-

C:
\
Program Files
\
Google
\
Common
\
Google
Updater
\
GoogleUpdaterService.exe

O23
-

Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc.
-

Java(TM) Qu
ick Starter Service.)
-

C:
\
Program Files
\
Java
\
jre6
\
bin
\
jqs.exe

O23
-

Service: Lavasoft Ad
-
Aware Service (Lavasoft Ad
-
Aware Service) . (.Lavasoft Limited
-

Ad
-
Aware Service Application.)
-

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AAWService.exe

O23
-

Service: Pnk
BstrA (PnkBstrA) . (...)
-

C:
\
WINDOWS
\
system32
\
PnkBstrA.exe

~ Scan Services in 00mn 00s




---
\
\

Enumération Active Desktop & MHTML Editor (O24)

O24
-

Default MHTML Editor: Last
-

.(...)
-

(.not file.)

~ Scan Desktop Component in 00mn 00s




---
\
\

BootExe
cute (O34)

O34
-

HKLM BootExecute: (autocheck autochk *)
-

File not found

O34
-

HKLM BootExecute: (lsdelete)
-

File not found

~ Scan Keys in 00mn 00s




---
\
\

Tâches planifiées en automatique (O39)

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
Ad
-
Aware Update (Weekly).job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
AppleSoftwareUpdate.job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
Google Software Updater.job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
GoogleUpdateT
askMachineCore.job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
GoogleUpdateTaskMachineUA.job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
RealUpgradeLogonTaskS
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003.job

O39
-

APT:Automatic Planifie
d Task
-

C:
\
WINDOWS
\
Tasks
\
RealUpgradeScheduledTaskS
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003.job

O39
-

APT:Automatic Planified Task
-

C:
\
WINDOWS
\
Tasks
\
SymInstallStub.job

[MD5.98070A7FCE5B4AFB24A142C6F4C25CC1] [APT] [Ad
-
Aware Update (Weekly)] (.Lavasoft

Limited.)
--

C:
\
Program
Files
\
Lavasoft
\
Ad
-
Aware
\
Ad
-
AwareAdmin.exe

[MD5.7A4D5C521E6C11268C1D2131E7951B5D] [APT] [AppleSoftwareUpdate] (.Apple Inc..)
--

C:
\
Program Files
\
Apple Software
Update
\
SoftwareUpdate.exe

[MD5.408DDD80EEDE47175F6844817B90213E] [APT] [
Google Software Updater] (.Google.)
--

C:
\
Program
Files
\
Google
\
Common
\
Google Updater
\
GoogleUpdaterService.exe

[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..)
--

C:
\
Program
Files
\
Google
\
Update
\
GoogleUpdate.exe

[MD5
.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..)
--

C:
\
Program
Files
\
Google
\
Update
\
GoogleUpdate.exe

[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeLogonTaskS
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003] (.RealNe
tworks, Inc..)
--

C:
\
Program Files
\
Real
\
RealUpgrade
\
realupgrade.exe

[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeScheduledTaskS
-
1
-
5
-
21
-
602162358
-
1326574676
-
682003330
-
1003] (.RealNetworks, Inc..)
--

C:
\
Program Files
\
Real
\
RealUpgrade
\
realupgrade.
exe

[MD5.9AE726C3F5CB32848218703B6620A25F] [APT] [SymInstallStub] (.Symantec Corporation.)
--

C:
\
WINDOWS
\
system32
\
Macromed
\
Shockwave 10
\
SymInstallStub.exe

~ Scan Scheduled Task in 00mn 01s




---
\
\

Composants installés (ActiveSetup Installed Components) (O
40)

O40
-

ASIC: Mise à jour de la version d’Internet Explorer
-

<{12d0ed0d
-
0ee0
-
4f90
-
8827
-
78cefb8f4988} .
(.Microsoft Corporation
-

IE
Per User Active Setup Uninstall Utility.)
--

C:
\
WINDOWS
\
system32
\
ieudinit.exe

O40
-

ASIC: Microsoft Windows Media Player
-

>{22d6f312
-
b0f6
-
11d0
-
94ab
-
0080c74c7e95} . (.Microsoft Corporation
-

Utilitaire
d'installation du Lecteur Windows Media Microsoft.)
--

C:
\
WINDOWS
\
inf
\
unregmp2.exe

O40
-

ASIC: Internet Explorer
-

>{26923b43
-
4d38
-
484f
-
9b9e
-
de460746276c} . (.Microsoft Corpor
ation
-

Utilitaire d’initialisation
d’Internet Explorer par utilisateur.)
--

C:
\
WINDOWS
\
system32
\
ie4uinit.exe.mui

O40
-

ASIC: Browser Customizations
-

>{60B49E34
-
C7CC
-
11D0
-
8953
-
00A0C90347FF} . (.Microsoft Corporation
-

IEAK branding.)
-
-

C:
\
WINDOWS
\
system3
2
\
iedkcs32.dll

O40
-

ASIC: Java (Sun)
-

{08B0E5C0
-
4FCB
-
11CF
-
AAA5
-
00401C608500} . (.Sun Microsystems, Inc.
-

Java(TM) Platform SE binary.)
--

C:
\
Program Files
\
Java
\
jre6
\
bin
\
regutils.dll

O40
-

ASIC: Microsoft NetShow Player
-

{2179C5D3
-
EBFF
-
11CF
-
B6FD
-
00AA00B
4E220} . (.Microsoft Corporation
-

Windows Media
6.4 Player Shim.)
--

C:
\
WINDOWS
\
system32
\
wmpdxm.dll

O40
-

ASIC: Lecteur Windows Media Microsoft 6.4
-

{22d6f312
-
b0f6
-
11d0
-
94ab
-
0080c74c7e95} . (...)
--

C:
\
WINDOWS
\
INF
\
mswmp.inf

O40
-

ASIC: Browsing Enhanceme
nts
-

{630b1da0
-
b465
-
11d1
-
9948
-
00c04f98bbc9} . (.Microsoft Corporation
-

Extension Shell
dossier FTP Microsoft Internet Explorer..)
--

C:
\
WINDOWS
\
system32
\
msieftp.dll

O40
-

ASIC: Microsoft Windows Media Player
-

{6BF52A52
-
394A
-
11d3
-
B153
-
00C04F79FAA6} . (..
.)
--

C:
\
WINDOWS
\
INF
\
wmp.inf

O40
-

ASIC: Internet Explorer
-

{89820200
-
ECBD
-
11cf
-
8B85
-
00AA005B4383} .
(.Microsoft Corporation
-

Utilitaire d’initialisation
d’Internet Explorer par utilisateur.)
--

C:
\
WINDOWS
\
system32
\
ie4uinit.exe.mui

O40
-

ASIC: (no name)
-

{89B4C1CD
-
B018
-
4511
-
B0A1
-
5476DBF70820} . (.Microsoft Corporation
-

Microsoft .NET IE SECURITY
REGISTRATION.)
--

C:
\
WINDOWS
\
system32
\
mscories.dll

O40
-

ASIC: Adobe Flash Player
-

{D27CDB6E
-
AE6D
-
11cf
-
96B8
-
444553540000} . (.Adobe Systems, Inc.
-

Adobe Flash

Player 11.1
r102.)
--

C:
\
WINDOWS
\
system32
\
Macromed
\
Flash
\
Flash11f.ocx

~ Scan Active Setup in 00mn 00s




---
\
\

Pilotes lancés au démarrage (O41)

O41
-

Driver: (AFD) . (.Microsoft Corporation
-

Ancillary Function Driver for WinSock.)
-

C:
\
WINDOWS
\
system32
\
drivers
\
afd.sys

O41
-

Driver: (Cdrom) . (.Microsoft Corporation
-

SCSI CD
-
ROM Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
cdrom.sys

O41
-

Driver: (i8042prt) . (.Microsoft Corporation
-

Pilote de port i8042.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
i8042prt.sys

O41
-

D
river: (Imapi) . (.Microsoft Corporation
-

IMAPI Kernel Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
imapi.sys

O41
-

Driver: (IPSec) . (.Microsoft Corporation
-

IPSec Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
ipsec.sys

O41
-

Driver: (Kbdclass) . (.Microsoft Corp
oration
-

Pilote de la classe Clavier.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
kbdclass.sys

O41
-

Driver: (kbdhid) . (.Microsoft Corporation
-

Pilote de filtre souris HID.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
kbdhid.sys

O41
-

Driver: (Mouclass) . (.Microsoft Corporatio
n
-

Pilote de la classe Souris.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
mouclass.sys

O41
-

Driver: (MRxSmb) . (.Microsoft Corporation
-

Windows NT SMB Minirdr.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
mrxsmb.sys

O41
-

Driver: (NetBIOS) . (.Microsoft Corporation
-

NetBIOS i
nterface driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
netbios.sys

O41
-

Driver: (NetBT) . (.Microsoft Corporation
-

MBT Transport driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
netbt.sys

O41
-

Driver: (Processor) . (.Microsoft Corporation
-

Pilote de périphérique proc
esseur.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
processr.sys

O41
-

Driver: (RasAcd) . (.Microsoft Corporation
-

RAS Automatic Connection Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
rasacd.sys

O41
-

Driver: (Rdbss) . (.Microsoft Corporation
-

Redirected Drive Buffering

SubSystem Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
rdbss.sys

O41
-

Driver: (RDPCDD) . (.Microsoft Corporation
-

RDP Miniport.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
RDPCDD.sys

O41
-

Driver: (redbook) . (.Microsoft Corporation
-

Pilote de filtre audio Livre rouge.)

-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
redbook.sys

O41
-

Driver: (Serial) . (.Microsoft Corporation
-

Pilote de périphérique série.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
serial.sys

O41
-

Driver: (Tcpip) . (.Microsoft Corporation
-

TCP/IP Protocol Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
tcpip.sys

O41
-

Driver: (TermDD) . (.Microsoft Corporation
-

Terminal Server Driver.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
ter mdd.sys

O41
-

Driver: (VgaSave) . (.Microsoft Corporation
-

VGA/Super VGA Video Driver.)
-

C:
\
WINDOWS
\
system32
\
drivers
\
vga.sys

O41
-

Driver: (wceusbsh) . (.Microsoft Corporation
-

Hôte série USB Windows CE.)
-

C:
\
WINDOWS
\
system32
\
DRIVERS
\
wceusbsh.sys

~ Scan Drivers in 00mn 00s




---
\
\

Logiciels installés (O42)

O42
-

Logiciel: ATI Display Driver
-

(.Pas de propriétaire.)
[HKLM]
--

ATI Display Driver

O42
-

Logiciel: AVS Update Manager 1.0
-

(.Online Media Technologies Ltd..) [HKLM]
--

AVS Update Manager_is1

O42
-

Logiciel: AVS Video Converter 7
-

(.Online Media Technologies Ltd..) [HKLM]
--

AVS4YOU Video Converter 7_is1

O42

-

Logiciel: AVS4YOU Software Navigator 1.4
-

(.Online Media Technologies Ltd..) [HKLM]
--

AVS4YOU Software Navigator_is1

O42
-

Logiciel: Ad
-
Aware
-

(.Lavasoft Limited.) [HKLM]
--

{932D0FC7
-
6DF1
-
4136
-
A2EC
-
166E8DEFD6A4}

O42
-

Logiciel: Ad
-
Aware Browsing Pro
tection
-

(.Lavasoft.) [HKLM]
--

Ad
-
Aware Browsing Protection

O42
-

Logiciel: Adobe AIR
-

(.Adobe Systems Inc..) [HKLM]
--

{A2BCA9F1
-
566C
-
4805
-
97D1
-
7FDC93386723}

O42
-

Logiciel: Adobe Bridge 1.0
-

(.Adobe Systems.) [HKLM]
--

{B74D4E10
-
6884
-
0000
-
0000
-
000000
000103}

O42
-

Logiciel: Adobe Common File Installer
-

(.Adobe System Incorporated.) [HKLM]
--

{8EDBA74D
-
0686
-
4C99
-
BFDD
-
F894678E5101}

O42
-

Logiciel: Adobe Flash Player 11 ActiveX
-

(.Adobe Systems Incorporated.) [HKLM]
--

Adobe Flash Player ActiveX

O42
-

L
ogiciel: Adobe Flash Player 11 Plugin
-

(.Adobe Systems Incorporated.) [HKLM]
--

Adobe Flash Player Plugin

O42
-

Logiciel: Adobe Help Center 1.0
-

(.Adobe Systems.) [HKLM]
--

{E9787678
-
119F
-
4D52
-
B551
-
6739B2B22101}

O42
-

Logiciel: Adobe Photoshop CS2
-

(.Ad
obe Systems, Inc..) [HKLM]
--

Adobe Photoshop CS2
-

{236BB7C4
-
4419
-
42FD
-
040C
-
1E257A25E34D}

O42
-

Logiciel: Adobe Reader 9.5.0
-

Français
-

(.Adobe Systems Incorporated.) [HKLM]
--

{AC76BA86
-
7AD7
-
1036
-
7B44
-
A95000000001}

O42
-

Logiciel: Adobe Shockwave Playe
r 11.6
-

(.Adobe Systems, Inc..) [HKLM]
--

Adobe Shockwave Player

O42
-

Logiciel: Adobe Stock Photos 1.0
-

(.Adobe Systems.) [HKLM]
--

{EE0D5DCD
-
2B97
-
4473
-
98DF
-
E93C0BD92F7A}

O42
-

Logiciel: Age of Empires III
-

(.Microsoft Game Studios.)
[HKLM]
--

InstallS
hield_{485775E8
-
AEB8
-
46BD
-
922B
-
242879E03DD5}

O42
-

Logiciel: Apple Software Update
-

(.Apple Inc..) [HKLM]
--

{B74F042E
-
E1B9
-
4A5B
-
8D46
-
387BB172F0A4}

O42
-

Logiciel: Archiveur WinRAR
-

(.Pas de propriétaire.) [HKLM]
--

WinRAR archiver

O42
-

Logiciel: Assist
ant de connexion Windows Live
-

(.Microsoft Corporation.) [HKLM]
--

{DCE8CD14
-
FBF5
-
4464
-
B9A4
-
E18E473546C7}

O42
-

Logiciel: Configuration DivX
-

(.DivX, LLC.) [HKLM]
--

DivX Setup

O42
-

Logiciel: Fraps
-

(.Pas de propriétaire.)
[HKLM]
--

Fraps

O42
-

Logicie
l: Galerie de photos Windows Live
-

(.Microsoft Corporation.) [HKLM]
--

{1EE04769
-
91C4
-
4A06
-
92B7
-
FCAFE6BABDD9}

O42
-

Logiciel: Geonaute KeyMaze 500
-
700
-

(.Pas de propriétaire.)
[HKLM]
--

{B8906BF4
-
2B85
-
42C9
-
A40B
-
2C8A13DE6930}

O42
-

Logiciel: Google Chrome

-

(.Google Inc..) [HKLM]
--

Google Chrome

O42
-

Logiciel: Google Toolbar for Internet Explorer
-

(.Google Inc..) [HKLM]
--

{18455581
-
E099
-
4BA8
-
BC6B
-
F34B2F06600C}

O42
-

Logiciel: Google Toolbar for Internet Explorer
-

(.Google Inc..) [HKLM]
--

{2318C2B1
-
49
65
-
11d4
-
9B18
-
009027A5CD4F}

O42
-

Logiciel: Google Update Helper
-

(.Google Inc..)
[HKLM]
--

{A92DAB39
-
4E2C
-
4304
-
9AB6
-
BC44E68B55E2}

O42
-

Logiciel: Google

Earth
-

(.Google.) [HKLM]
--

{5A3C1721
-
F8ED
-
11E0
-
8AFB
-
B8AC6F97B88E}

O42
-

Logiciel: Hotfix for Windows

XP (KB926239)
-

(.Microsoft Corporation.)
[HKLM]
--

KB926239

O42
-

Logiciel: IMinent Toolbar
-

(.IMinent.) [HKLM]
--

{A76AA284
-
E52D
-
47E6
-
9E4F
-
B85DBF8E35C3}

O42
-

Logiciel: ImageMixer for HDD Camcorder
-

(.PIXELA.) [HKLM]
--

{44E5B47F
-
870E
-
4E38
-
A458
-
8A5FC4
DCFECF}

O42
-

Logiciel: Iminent
-

(.Iminent.) [HKLM]
--

IMBoosterARP

O42
-

Logiciel: Iminent
-

(.Iminent.)
[HKLM]
--

{7782C171
-
0E16
-
47B7
-
805C
-
401080068B07}

O42
-

Logiciel: Installation Windows Live
-

(.Microsoft Corporation.) [HKLM]
--

WinLiveSuite_Wave3

O
42
-

Logiciel: Installation Windows Live
-

(.Microsoft Corporation.)
[HKLM]
--

{133742BA
-
6F46
-
4D3E
-
85AF
-
78631D9AD8B8}

O42
-

Logiciel: InterActual Player
-

(.Pas de propriétaire.)
[HKLM]
--

InterActual Player

O42
-

Logiciel: IsoBuster 2.4
-

(.Smart Projects
.) [HKLM]
--

IsoBuster_is1

O42
-

Logiciel: J2SE Runtime Environment 5.0 Update 7
-

(.Sun Microsystems, Inc..) [HKLM]
--

{3248F0A8
-
6813
-
11D6
-
A77B
-
00B0D0150070}

O42
-

Logiciel: Java(TM) 6 Update 31
-

(.Oracle.) [HKLM]
--

{26A24AE4
-
039D
-
4CA4
-
87B4
-
2F83216031FF
}

O42
-

Logiciel: Junk Mail filter update
-

(.Microsoft Corporation.) [HKLM]
--

{8E5233E1
-
7495
-
44FB
-
8DEB
-
4BE906D59619}

O42
-

Logiciel: K
-
Lite Codec Pack 4.3.4 (Full)
-

(.Pas de propriétaire.) [HKLM]
--

KLiteCodecPack_is1

O42
-

Logiciel: MP Manager
-

(.MPMA
N.) [HKLM]
--

{07E38F03
-
215B
-
44E5
-
BCA5
-
8D2E8D0E9896}

O42
-

Logiciel: MSVCRT
-

(.Microsoft.) [HKLM]
--

{22B775E7
-
6C42
-
4FC5
-
8E10
-
9A5E3257BD94}

O42
-

Logiciel: MSXML 6.0 Parser (KB925673)
-

(.Microsoft Corporation.) [HKLM]
--

{FE9126DB
-
5F84
-
495A
-
BB46
-
3C724F1C
2D08}

O42
-

Logiciel: MSXML4 Parser
-

(.Microsoft Game Studios.) [HKLM]
--

{01501EBA
-
EC35
-
4F9F
-
8889
-
3BE346E5DA13}

O42
-

Logiciel: Ma
-
Config.com plugin
-

(.CybelSoft.) [HKLM]
--

{CB866502
-
28D7
-
4AC3
-
95B9
-
5B81DAB49126}

O42
-

Logiciel: Microsoft .NET Framework

2.0
-

(.Microsoft Corporation.) [HKLM]
--

Microsoft .NET Framework 2.0

O42
-

Logiciel: Microsoft .NET Framework 3.0
-

(.Microsoft Corporation.) [HKLM]
--

Microsoft .NET Framework 3.0

O42
-

Logiciel: Microsoft .NET Framework 3.0
-

(.Microsoft Corporation.)

[HKLM]
--

{15095BF3
-
A3D7
-
4DDF
-
B193
-
3A496881E003}

O42
-

Logiciel: Microsoft Choice Guard
-

(.Microsoft Corporation.) [HKLM]
--

{F0E12BBA
-
AD66
-
4022
-
A453
-
A1C8A0C4D570}

O42
-

Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
-

(.Microsoft Corpora
tion.) [HKLM]
--

MSCompPackV1

O42
-

Logiciel: Microsoft Office Live Add
-
in 1.3
-

(.Microsoft Corporation.) [HKLM]
--

{57F0ED40
-
8F11
-
41AA
-
B926
-
4A66D0D1A9CC}

O42
-

Logiciel: Microsoft Office Professional Edition 2003
-

(.Microsoft Corporation.) [HKLM]
--

{90
11040C
-
6000
-
11D3
-
8CFE
-
0150048383C9}

O42
-

Logiciel: Microsoft Rise of Nations
-

(.Microsoft.) [HKLM]
--

RiseOfNations 1.0

O42
-

Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
-

(.Microsoft Corporation.) [HKLM]
--

{F0B430D1
-
B6AA
-
473D
-
9B06
-
AA3DD01
FD0B8}

O42
-

Logiciel: Microsoft Search Enhancement Pack
-

(.Microsoft Corporation.) [HKLM]
--

{9C9CEB9D
-
53FD
-
49A7
-
85D2
-
FE674F72F24E}

O42
-

Logiciel: Microsoft Silverlight
-

(.Microsoft Corporation.) [HKLM]
--

{89F4137D
-
6C26
-
4A84
-
BDB8
-
2E5A4BB71E00}

O42
-

L
ogiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
-

(.Microsoft Corporation.) [HKLM]
--

{8A74E887
-
8F0F
-
4017
-
AF53
-
CBA42211AAA5}

O42
-

Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
-

(.Microsoft Corporation.) [HKLM]
--

{BD64AF4A
-
8C8
0
-
4152
-
AD77
-
FCDDF05208AB}

O42
-

Logiciel: Microsoft Text
-
to
-
Speech Engine 4.0 (English)
-

(.Pas de propriétaire.) [HKLM]
--

MSTTS

O42
-

Logiciel: Microsoft User
-
Mode Driver Framework Feature Pack 1.0
-

(.Microsoft Corporation.) [HKLM]
--

Wudf01000

O42
-

Lo
giciel: Microsoft Visual C++ 2005 Redistributable
-

(.Microsoft Corporation.) [HKLM]
--

{837b34e3
-
7c30
-
493c
-
8f6a
-
2b0f04e2912c}

O42
-

Logiciel: Microsoft Visual C++ 2005 Redistributable
-

(.Microsoft Corporation.) [HKLM]
--

{A49F249F
-
0C91
-
497F
-
86DF
-
B2585E8E
76B7}

O42
-

Logiciel: Microsoft Visual C++ 2008 Redistributable
-

x86 9.0.21022
-

(.Microsoft Corporation.) [HKLM]
--

{FF66E9F6
-
83E7
-
3A3E
-
AF14
-
8DE9A809A6A4}

O42
-

Logiciel: Microsoft Visual C++ 2010 x86 Redistributable
-

10.0.40219
-

(.Microsoft Corporati
on.) [HKLM]
--

{F0C3E5D1
-
1ADE
-
321E
-
8167
-
68EF0DE699A5}

O42
-

Logiciel: Mozilla Firefox 11.0 (x86 fr)
-

(.Mozilla.) [HKLM]
--

Mozilla Firefox 11.0 (x86 fr)

O42
-

Logiciel: Mumble 1.2.3
-

(.Thorvald Natvig.) [HKLM]
--

{E1019541
-
10A2
-
464F
-
A23E
-
A4F23DA65160}

O4
2
-

Logiciel: MySQL Connector/ODBC 3.51
-

(.MySQL AB.)
[HKLM]
--

{0CB3C535
-
1171
-
4A20
-
B549
-
E2CB5DEB9723}

O42
-

Logiciel: NOD32 FiX v1.9
-

(.Pas de propriétaire.)
[HKLM]
--

{DBC3FDEC
-
D5F4
-
439C
-
9A18
-
EF454A74E3DE}_is1

O42
-

Logiciel: NVIDIA Drivers
-

(.Pas de
propriétaire.)
[HKLM]
--

NVIDIA Drivers

O42
-

Logiciel: Nero 7 Essentials
-

(.Nero AG.)
[HKLM]
--

{22FB6750
-
ADDF
-
4726
-
B67F
-
6901E1991036}

O42
-

Logiciel: Notification de cadeaux MSN
-

(.Microsoft.) [HKCU]
--

Notification de cadeaux MSN

O42
-

Logiciel: NvMix
er
-

(.Pas de propriétaire.)
[HKLM]
--

{D7A6C517
-
11F2
-
419F
-
B5BB
-
27772B939698}

O42
-

Logiciel: OpenOffice.org Installer 1.0
-

(.Sun Microsystems.) [HKLM]
--

{3A2AF807
-
9F9F
-
43C9
-
A24A
-
17B617238B74}

O42
-

Logiciel: Outil de téléchargement Windows Live
-

(.Micr
osoft Corporation.) [HKLM]
--

{205C6BDD
-
7B73
-
42DE
-
8505
-
9A093F35A238}

O42
-

Logiciel: PDF Studio
-

(.Qoppa Software.) [HKLM]
--

PDF Studio

O42
-

Logiciel: PDF
-
to
-
Word 2.1 Demo
-

(.Pas de propriétaire.) [HKLM]
--

PDF
-
to
-
Word 2.1 Demo

O42
-

Logiciel: PDFCreat
or
-

(.Frank Heindörfer, Philip Chinery.)
[HKLM]
--

{0001B4FD
-
9EA3
-
4D90
-
A79E
-
FD14BA3AB01D}

O42
-

Logiciel: PDFCreator Toolbar
-

(.Pas de propriétaire.)
[HKLM]
--

PDFCreator Toolbar

O42
-

Logiciel: PL
-
2303 USB
-
to
-
Serial
-

(.Prolific Technology INC.)
[HKLM]
--

{ECC3713C
-
08A4
-
40E3
-
95F1
-
7D0704F1CE5E}

O42
-

Logiciel: Philips Intelligent Agent
-

(.Philips.) [HKLM]
--

Philips Intelligent Agent_is1

O42
-

Logiciel: Power Challenge Game Plugin
-

(.Pas de propriétaire.) [HKCU]
--

Power Loader

O42
-

Logiciel: Programme

de gestion Camera de Logitech®
-

(.Pas de propriétaire.) [HKLM]
--

QcDrv

O42
-

Logiciel: QuickTime
-

(.Apple Inc..) [HKLM]
--

{5B09BD67
-
4C99
-
46A1
-
8161
-
B7208CE18121}

O42
-

Logiciel: RealNetworks
-

Microsoft Visual C++ 2008 Runtime
-

(.RealNetworks, Inc.) [
HKLM]
--

{7770E71B
-
2D43
-
4800
-
9CB3
-
5B6CAAEBEBEA}

O42
-

Logiciel: RealPlayer
-

(.RealNetworks.) [HKLM]
--

RealPlayer 12.0

O42
-

Logiciel: RealUpgrade 1.1
-

(.RealNetworks, Inc..) [HKLM]
--

{28C2DED6
-
325B
-
4CC7
-
983A
-
1777C8F7FBAB}

O42
-

Logiciel: Revo Uninstall
er 1.75
-

(.VS Revo Group.) [HKLM]
--

Revo Uninstaller

O42
-

Logiciel: Rise of Nations Thrones and Patriots
-

(.Pas de propriétaire.) [HKLM]
--

RiseofNationsExpansion 1.0

O42
-

Logiciel: Riva FLV Encoder 2.0
-

(.Rothenberger & Partner.) [HKLM]
--

Riva FLV
Encoder 2.0_is1

O42
-

Logiciel: Runtime 8.0 Libraries
-

(.Microsoft.) [HKLM]
--

{EA4FA30B
-
7321
-
4428
-
90E9
-
28B088EC8DC9}

O42
-

Logiciel: SLD Codec Pack
-

(.Pas de propriétaire.)
[HKLM]
--

SLD Codec Pack

O42
-

Logiciel: Savage 2
-

A Tortured Soul
-

(.S2 Games
.)
[HKLM]
--

Savage2

O42
-

Logiciel: Segoe UI
-

(.Microsoft Corp.) [HKLM]
--

{A1F66FC9
-
11EE
-
4F2F
-
98C9
-
16F8D1E69FB7}

O42
-

Logiciel: Sony DVD Architect Studio 3.0b
-

(.Sony.) [HKLM]
--

{3A1D227F
-
5BC7
-
4086
-
BE0C
-
AAAFAAF10DE6}

O42
-

Logiciel: Sony Vegas Movie
Studio 6.0
-

(.Sony.) [HKLM]
--

{A4A8240F
-
9C54
-
4519
-
8451
-
D3B995659308}

O42
-

Logiciel: Spybot
-

Search & Destroy
-

(.Safer Networking Limited.)
[HKLM]
--

{B4092C6D
-
E886
-
4CB2
-
BA68
-
FE5A88D31DE6}_is1

O42
-

Logiciel: Steam
-

(.Pas de propriétaire.) [HKLM]
--

S
team

O42
-

Logiciel: Stronghold Crusader
-

(.Pas de propriétaire.) [HKLM]
--

{8C3727F2
-
8E37
-
49E4
-
820C
-
03B1677F53B6}

O42
-

Logiciel: Unity Web Player
-

(.Unity Technologies ApS.) [HKCU]
--

UnityWebPlayer

O42
-

Logiciel: VC80CRTRedist
-

8.0.50727.6195
-

(.Di
vX, Inc.) [HKLM]
--

{933B4015
-
4618
-
4716
-
A828
-
5289FC03165F}

O42
-

Logiciel: VLC media player 1.1.4
-

(.VideoLAN.) [HKLM]
--

VLC media player

O42
-

Logiciel: Virtual DJ
-

Atomix Productions
-

(.Pas de propriétaire.) [HKLM]
--

Virtual DJ
-

Atomix Productions

O42
-

Logiciel: Visual C++ 2008 x86 Runtime
-

(v9.0.30729)
-

(.Microsoft Corporation.) [HKLM]
--

{F333A33D
-
125C
-
32A2
-
8DCE
-
5C5D14231E27}

O42
-

Logiciel: Visual C++ 2008 x86 Runtime
-

v9.0.30729.01
-

(.Microsoft Corporation.) [HKLM]
--

{F333A33D
-
125C
-
32A2
-
8D
CE
-
5C5D14231E27}.vc_x86runtime_30729_01

O42
-

Logiciel: WinZip
-

(.WinZip Computing, Inc..) [HKLM]
--

WinZip

O42
-

Logiciel: Windows Communication Foundation
-

(.Microsoft Corporation.) [HKLM]
--

{491DD792
-
AD81
-
429C
-
9EB4
-
86DD3D22E333}

O42
-

Logiciel: Windo
ws Genuine Advantage Validation Tool (KB892130)
-

(.Microsoft Corporation.) [HKLM]
--

WGA

O42
-

Logiciel: Windows Imaging Component
-

(.Microsoft Corporation.) [HKLM]
--

WIC

O42
-

Logiciel: Windows Installer 3.1 (KB893803)
-

(.Microsoft Corporation.) [HKLM
]
--

KB893803v2

O42
-

Logiciel: Windows Internet Explorer 8
-

(.Microsoft Corporation.) [HKLM]
--

ie8

O42
-

Logiciel: Windows Live Call
-

(.Microsoft Corporation.) [HKLM]
--

{B3B487E7
-
6171
-
4376
-
9074
-
B28082CEB504}

O42
-

Logiciel: Windows Live Communications

Platform
-

(.Microsoft Corporation.) [HKLM]
--

{3175E049
-
F9A9
-
4A3D
-
8F19
-
AC9FB04514D1}

O42
-

Logiciel: Windows Live Contrôle parental
-

(.Microsoft Corporation.) [HKLM]
--

{9FF9FDF7
-
F84A
-
4F99
-
B4BB
-
066B6F95F33D}

O42
-

Logiciel: Windows Live FolderShare
-

(.
Microsoft Corporation.) [HKLM]
--

{76810709
-
A7D3
-
468D
-
9167
-
A1780C1E766C}

O42
-

Logiciel: Windows Live Mail
-

(.Microsoft Corporation.) [HKLM]
--

{5DD76286
-
9BE7
-
4894
-
A990
-
E905E91AC818}

O42
-

Logiciel: Windows Live Messenger
-

(.Microsoft Corporation.) [HKLM
]
--

{445B183D
-
F4F1
-
45C8
-
B9DB
-
F11355CA657B}

O42
-

Logiciel: Windows Live Toolbar
-

(.Microsoft Corporation.) [HKLM]
--

{9D6524E6
-
15CF
-
4852
-
BF70
-
04FE973A3DE1}

O42
-

Logiciel: Windows Live Writer
-

(.Microsoft Corporation.) [HKLM]
--

{4634B21A
-
CC07
-
4396
-
890C
-
2B8168661FEA}

O42
-

Logiciel: Windows Media Format 11 runtime
-

(.Microsoft Corporation.)
[HKLM]
--

WMFDist11

O42
-

Logiciel: Windows Media Format 11 runtime
-

(.Pas de propriétaire.)
[HKLM]
--

Windows Media Format Runtime

O42
-

Logiciel: Windows Media Fo
rmat SDK Hotfix
-

KB891122
-

(.Microsoft Corporation.) [HKLM]
--

KB891122

O42
-

Logiciel: Windows Media Player Firefox Plugin
-

(.Microsoft Corp.) [HKLM]
--

{69FDFBB6
-
351D
-
4B8C
-
89D8
-
867DC9D0A2A4}

O42
-

Logiciel: Windows Presentation Foundation
-

(.Microsof
t Corporation.) [HKLM]
--

{BAF78226
-
3200
-
4DB4
-
BE33
-
4D922A799840}

O42
-

Logiciel: Windows Workflow Foundation
-

(.Microsoft Corporation.) [HKLM]
--

{7D1B85BD
-
AA07
-
48B8
-
808D
-
67A4067FC6BD}

O42
-

Logiciel: XML Paper Specification Shared Components Pack 1.0
-

(
.Microsoft Corporation.) [HKLM]
--

XpsEPSC

O42
-

Logiciel: avast! Free Antivirus v7.0.1426.0
-

(.AVAST Software.) [HKLM]
--

avast

O42
-

Logiciel: swMSM
-

(.Adobe Systems, Inc.)
[HKLM]
--

{612C34C7
-
5E90
-
47D8
-
9B5C
-
0F717DD82726}


---
\
\

HKCU & HKLM Software Ke
ys

[HKCU
\
Software
\
/]

[HKCU
\
Software
\
ABBYY]

[HKCU
\
Software
\
AC3filter]

[HKCU
\
Software
\
ATI Technologies Inc.]

[HKCU
\
Software
\
AVAST Software]

[HKCU
\
Software
\
AVS4YOU]

[HKCU
\
Software
\
AVS]

[HKCU
\
Software
\
Adobe]

[HKCU
\
Software
\
Ahead]

[HKCU
\
Software
\
AppDataLow
\
Real
Networks]

[HKCU
\
Software
\
AppDataLow
\
Software
\
Adobe]

[HKCU
\
Software
\
AppDataLow
\
Software
\
Macromedia]

[HKCU
\
Software
\
AppDataLow
\
Software
\
Microsoft]

[HKCU
\
Software
\
AppDataLow
\
Software
\
adaware]

[HKCU
\
Software
\
AppDataLow
\
Software]

[HKCU
\
Software
\
AppDataLow]

[HKC
U
\
Software
\
Apple Computer, Inc.]

[HKCU
\
Software
\
Aurigma]

[HKCU
\
Software
\
Bitmanagement Software]

[HKCU
\
Software
\
BlueSquad]

[HKCU
\
Software
\
Boonty]

[HKCU
\
Software
\
Bugsplat]

[HKCU
\
Software
\
Caphyon]

[HKCU
\
Software
\
Classes]

[HKCU
\
Software
\
Clients]

[HKCU
\
Software
\
Conduit]

[HKCU
\
Software
\
Cornelsen]

[HKCU
\
Software
\
CybelSoft]

[HKCU
\
Software
\
Cyberlink]

[HKCU
\
Software
\
DScaler5]

[HKCU
\
Software
\
DXTransform]

[HKCU
\
Software
\
Digital
-
Integration]

[HKCU
\
Software
\
DirectShow]

[HKCU
\
Software
\
DivXNetworks]

[HKCU
\
Software
\
DivX]

[H
KCU
\
Software
\
EasyBits]

[HKCU
\
Software
\
Elecard]

[HKCU
\
Software
\
EoRezo]

[HKCU
\
Software
\
Folder Manager]

[HKCU
\
Software
\
Freeze.com]

[HKCU
\
Software
\
GNU]

[HKCU
\
Software
\
GSC Game World]

[HKCU
\
Software
\
GSCGameWorld]

[HKCU
\
Software
\
GSpot Appliance Corp]

[HKCU
\
Softw
are
\
Gabest]

[HKCU
\
Software
\
GameSpy]

[HKCU
\
Software
\
Google]

[HKCU
\
Software
\
HaaliMkx]

[HKCU
\
Software
\
Haali]

[HKCU
\
Software
\
Headlight]

[HKCU
\
Software
\
HookNetwork]

[HKCU
\
Software
\
IADirectShow]

[HKCU
\
Software
\
IM Providers]

[HKCU
\
Software
\
INCAInternet]

[HKCU
\
Sof
tware
\
Intel]

[HKCU
\
Software
\
InterActual Technologies]

[HKCU
\
Software
\
JEDI
-
VCL]

[HKCU
\
Software
\
JavaSoft]

[HKCU
\
Software
\
Lavasoft]

[HKCU
\
Software
\
Leadertech]

[HKCU
\
Software
\
Licenses]

[HKCU
\
Software
\
Local AppWizard
-
Generated Applications]

[HKCU
\
Software
\
Logit
ech]

[HKCU
\
Software
\
MPMAN]

[HKCU
\
Software
\
Macromedia]

[HKCU
\
Software
\
Magnet]

[HKCU
\
Software
\
MartS]

[HKCU
\
Software
\
MediaInfo]

[HKCU
\
Software
\
Mediachance]

[HKCU
\
Software
\
MozillaPlugins]

[HKCU
\
Software
\
Mozilla]

[HKCU
\
Software
\
Mumble]

[HKCU
\
Software
\
NVIDIA Cor
poration]

[HKCU
\
Software
\
Nero]

[HKCU
\
Software
\
Netscape]

[HKCU
\
Software
\
Nico Mak Computing]

[HKCU
\
Software
\
Northcode Inc]

[HKCU
\
Software
\
NuxBox]

[HKCU
\
Software
\
ODBC]

[HKCU
\
Software
\
PDFCreator]

[HKCU
\
Software
\
PIXELA]

[HKCU
\
Software
\
PP]

[HKCU
\
Software
\
Pegasus
Imaging]

[HKCU
\
Software
\
Philips Intelligent Agent]

[HKCU
\
Software
\
Policies]

[HKCU
\
Software
\
ReadPlease 2003]

[HKCU
\
Software
\
RealNetworks]

[HKCU
\
Software
\
Riva]

[HKCU
\
Software
\
SWiSHzone.com]

[HKCU
\
Software
\
Safer Networking Limited]

[HKCU
\
Software
\
Savage 2]

[H
KCU
\
Software
\
SecuROM]

[HKCU
\
Software
\
Skype]

[HKCU
\
Software
\
Smart Projects]

[HKCU
\
Software
\
Softonic]

[HKCU
\
Software
\
Sony Media Software]

[HKCU
\
Software
\
Sun Microsystems]

[HKCU
\
Software
\
SysInternals]

[HKCU
\
Software
\
Toolbar4Free]

[HKCU
\
Software
\
Tracker Softwa
re]

[HKCU
\
Software
\
Trolltech]

[HKCU
\
Software
\
Trymedia Systems]

[HKCU
\
Software
\
Unity]

[HKCU
\
Software
\
VB and VBA Program Settings]

[HKCU
\
Software
\
VSRevoGroup]

[HKCU
\
Software
\
Valve]

[HKCU
\
Software
\
Virtools]

[HKCU
\
Software
\
VirtualDJ]

[HKCU
\
Software
\
WalletBalan
ce]

[HKCU
\
Software
\
WinRAR]

[HKCU
\
Software
\
WinZip Computing]

[HKCU
\
Software
\
Wise Solutions]

[HKCU
\
Software
\
WolfpackStudios]

[HKCU
\
Software
\
Xfire]

[HKCU
\
Software
\
YahooPartnerToolbar]

[HKCU
\
Software
\
Zylom]

[HKCU
\
Software
\
cacaoweb]

[HKCU
\
Software
\
conduitEngine
]

[HKCU
\
Software
\
keyhole.com]

[HKCU
\
Software
\
pdfforge.org]

[HKCU
\
Software
\
shockwave.com]

[HKCU
\
Software
\
temp]

[HKCU
\
Software
\
thriXXX]

[HKCU
\
Software
\
tvp]

[HKCU
\
Software
\
www.RocketDivision]

[HKLM
\
Software
\
/]

[HKLM
\
Software
\
8ec]

[HKLM
\
Software
\
ABBYY]

[HKLM
\
S
oftware
\
ASIO]

[HKLM
\
Software
\
ATI Technologies Inc.]

[HKLM
\
Software
\
ATI Technologies]

[HKLM
\
Software
\
AVAST Software]

[HKLM
\
Software
\
AVS4YOU]

[HKLM
\
Software
\
AVS]

[HKLM
\
Software
\
Adobe Systems Incorporated]

[HKLM
\
Software
\
Adobe Systems]

[HKLM
\
Software
\
Adobe]

[
HKLM
\
Software
\
Ahead]

[HKLM
\
Software
\
AppDataLow]

[HKLM
\
Software
\
Apple Computer, Inc.]

[HKLM
\
Software
\
Audible]

[HKLM
\
Software
\
Bitmanagement Software]

[HKLM
\
Software
\
Boonty]

[HKLM
\
Software
\
Buka]

[HKLM
\
Software
\
C07ft5Y]

[HKLM
\
Software
\
CCR]

[HKLM
\
Software
\
CDDB]

[HKLM
\
Software
\
Classes]

[HKLM
\
Software
\
Clients]

[HKLM
\
Software
\
Codec Tweak Tool]

[HKLM
\
Software
\
Codemasters]

[HKLM
\
Software
\
Conduit]

[HKLM
\
Software
\
Cornelsen]

[HKLM
\
Software
\
Croteam]

[HKLM
\
Software
\
Cyberlink]

[HKLM
\
Software
\
DivXNetworks]

[HKLM
\
Software
\
Di
vX]

[HKLM
\
Software
\
EA Sports]

[HKLM
\
Software
\
Electronic Arts]

[HKLM
\
Software
\
EoRezo]

[HKLM
\
Software
\
Eset]

[HKLM
\
Software
\
Even Balance]

[HKLM
\
Software
\
Firefly Studios]

[HKLM
\
Software
\
Fraps2]

[HKLM
\
Software
\
Freeze.com]

[HKLM
\
Software
\
FullCircle]

[HKLM
\
Softwa
re
\
GNU]

[HKLM
\
Software
\
GalaNetEu]

[HKLM
\
Software
\
Gemplus]

[HKLM
\
Software
\
Google]

[HKLM
\
Software
\
HaaliMkx]

[HKLM
\
Software
\
HighCriteria]

[HKLM
\
Software
\
Iminent]

[HKLM
\
Software
\
InstallShield]

[HKLM
\
Software
\
Intel]

[HKLM
\
Software
\
InterActual Technologies]

[HKL
M
\
Software
\
JavaSoft]

[HKLM
\
Software
\
JreMetrics]

[HKLM
\
Software
\
KLCodecPack]

[HKLM
\
Software
\
Lavasoft]

[HKLM
\
Software
\
Licenses]

[HKLM
\
Software
\
Linden Research, Inc.]

[HKLM
\
Software
\
Loader]

[HKLM
\
Software
\
Lodestone Games, LLC]

[HKLM
\
Software
\
Logitech]

[HKLM
\
S
oftware
\
Macromedia]

[HKLM
\
Software
\
McAfee.com]

[HKLM
\
Software
\
MicroProse Software]

[HKLM
\
Software
\
Microprose]

[HKLM
\
Software
\
MimarSinan]

[HKLM
\
Software
\
Mircrosoft]

[HKLM
\
Software
\
MozillaPlugins]

[HKLM
\
Software
\
Mozilla]

[HKLM
\
Software
\
MySQL AB]

[HKLM
\
Softwa
re
\
NVIDIA Corporation]

[HKLM
\
Software
\
Nero]

[HKLM
\
Software
\
Nico Mak Computing]

[HKLM
\
Software
\
ODBC]

[HKLM
\
Software
\
PIXELA]

[HKLM
\
Software
\
PP]

[HKLM
\
Software
\
PegasusImaging]

[HKLM
\
Software
\
Policies]

[HKLM
\
Software
\
Program Groups]

[HKLM
\
Software
\
Prolific Tec
hnology INC]

[HKLM
\
Software
\
RealNetworks]

[HKLM
\
Software
\
RegisteredApplications]

[HKLM
\
Software
\
S3R521]

[HKLM
\
Software
\
SLD]

[HKLM
\
Software
\
Safer Networking Limited]

[HKLM
\
Software
\
Schlumberger]

[HKLM
\
Software
\
Secure]

[HKLM
\
Software
\
Sierra OnLine]

[HKLM
\
Sof
tware
\
Sony Media Software]

[HKLM
\
Software
\
Sony Online Entertainment]

[HKLM
\
Software
\
Sun Microsystems]

[HKLM
\
Software
\
Symantec]

[HKLM
\
Software
\
TG Byte Software]

[HKLM
\
Software
\
THQ]

[HKLM
\
Software
\
The Learning Company]

[HKLM
\
Software
\
Thomson]

[HKLM
\
Software
\
Toolbar Cleaner]

[HKLM
\
Software
\
Tracker Software]

[HKLM
\
Software
\
Trolltech]

[HKLM
\
Software
\
Trymedia Systems]

[HKLM
\
Software
\
Valve]

[HKLM
\
Software
\
VideoLAN]

[HKLM
\
Software
\
Virtools]

[HKLM
\
Software
\
VirtualDJ]

[HKLM
\
Software
\
Voice]

[HKLM
\
Software
\
Windows 3.1
Migration Status]

[HKLM
\
Software
\
Windows]

[HKLM
\
Software
\
Wise Solutions]

[HKLM
\
Software
\
Xing Technology Corp.]

[HKLM
\
Software
\
ZSMC]

[HKLM
\
Software
\
blaxxun interactive]

[HKLM
\
Software
\
gibcom]

[HKLM
\
Software
\
iTinySoft]

[HKLM
\
Software
\
mcafeeupdater]

[HKLM
\
Sof
tware
\
mozilla.org]

[HKLM
\
Software
\
pdfforge.org]

~ Scan Softwares in 00mn 00s




---
\
\

Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData
(O43)

O43
-

CFD: 20/01/2012
-

21:56:04
-

[508,869]
----
D C:
\
Program Files
\
Adobe

O43
-

CFD: 31/03/2007
-

12:
24:37
-

[0,000]
----
D C:
\
Program Files
\
Ahead

O43
-

CFD: 14/11/2007
-

22:40:15
-

[2,098]
----
D C:
\
Program Files
\
Apple Software Update

O43
-

CFD: 22/01/2012
-

21:48:33
-

[295,242]
----
D C:
\
Program Files
\
AVAST Software

O43
-

CFD: 22/02/2012
-

23:37:37
-

[0]
-
---
D C:
\
Program Files
\
cacaoweb

O43
-

CFD: 12/04/2008
-

10:04:20
-

[16,882]
----
D C:
\
Program Files
\
Codemasters

O43
-

CFD: 07/11/2010
-

19:39:39
-

[11,332]
----
D C:
\
Program Files
\
Common Files

O43
-

CFD: 31/03/2007
-

10:22:39
-

[0]
----
D C:
\
Program Files
\
ComP
lus Applications

O43
-

CFD: 21/01/2012
-

00:25:25
-

[1,215]
----
D C:
\
Program Files
\
Conduit

O43
-

CFD: 11/08/2010
-

20:56:05
-

[0]
----
D C:
\
Program Files
\
directx

O43
-

CFD: 22/02/2012
-

23:24:08
-

[16,625]
----
D C:
\
Program Files
\
DivX

O43
-

CFD: 01/12/2010
-

20:53:58
-

[0]
----
D C:
\
Program Files
\
Electronic Arts

O43
-

CFD: 06/01/2009
-

03:10:38
-

[0]
----
D C:
\
Program Files
\
Enigma Software Group

O43
-

CFD: 09/11/2011
-

15:59:02
-

[11,762]
----
D C:
\
Program Files
\
ESET

O43
-

CFD: 25/02/2012
-

11:09:57
-

[770,060]
----
D C:
\
Program Files
\
Fichiers communs

O43
-

CFD: 08/05/2011
-

19:49:52
-

[652,853]
----
D C:
\
Program Files
\
Firefly Studios

O43
-

CFD: 09/02/2009
-

23:05:51
-

[0,003]
----
D C:
\
Program Files
\
Freeciv
-
2.1.8
-
gtk2

O43
-

CFD: 11/01/2011
-

00:28:32
-

[12,991]
---
-
D C:
\
Program Files
\
Geonaute KeyMaze 500
-
700

O43
-

CFD: 26/05/2010
-

14:20:48
-

[122,417]
----
D C:
\
Program Files
\
Gibcom

O43
-

CFD: 18/11/2011
-

14:51:08
-

[429,166]
----
D C:
\
Program Files
\
Google

O43
-

CFD: 06/08/2007
-

21:15:30
-

[0]
----
D C:
\
Program Files
\
HardwareDetection

O43
-

CFD: 28/04/2009
-

14:49:15
-

[0,099]
----
D C:
\
Program Files
\
HELP

O43
-

CFD: 05/01/2011
-

23:13:38
-

[32,316]
--
H
-
D C:
\
Program Files
\
InstallShield Installation Information

O43
-

CFD: 19/06/2007
-

23:21:53
-

[7,194]
----
D C:
\
Program
Files
\
InterActual

O43
-

CFD: 16/05/2009
-

13:47:49
-

[5,293]
----
D C:
\
Program Files
\
Internet Explorer

O43
-

CFD: 25/12/2008
-

22:29:34
-

[0]
----
D C:
\
Program Files
\
Inventel

O43
-

CFD: 26/02/2012
-

16:32:47
-

[136,663]
----
D C:
\
Program Files
\
Java

O43
-

CFD:

21/12/2008
-

15:52:04
-

[35,593]
----
D C:
\
Program Files
\
K
-
Lite Codec Pack

O43
-

CFD: 22/01/2012
-

21:38:52
-

[37,664]
----
D C:
\
Program Files
\
Lavasoft

O43
-

CFD: 18/12/2008
-

10:54:32
-

[1,294]
----
D C:
\
Program Files
\
Microsoft

O43
-

CFD: 31/03/2007
-

10:26
:27
-

[0]
----
D C:
\
Program Files
\
microsoft frontpage

O43
-

CFD: 16/02/2011
-

19:42:30
-

[
-
537,987]
----
D C:
\
Program Files
\
Microsoft Games

O43
-

CFD: 31/03/2007
-

12:20:49
-

[245,840]
----
D C:
\
Program Files
\
Microsoft Office

O43
-

CFD: 13/02/2010
-

21:31:29
-

[14,742]
----
D C:
\
Program Files
\
Microsoft Silverlight

O43
-

CFD: 18/12/2008
-

10:53:20
-

[1,745]
----
D C:
\
Program Files
\
Microsoft SQL Server Compact Edition

O43
-

CFD: 18/12/2008
-

10:53:58
-

[2,087]
----
D C:
\
Program Files
\
Microsoft Sync Framework

O43
-

CFD: 31/03/2007
-

12:20:42
-

[0,014]
----
D C:
\
Program Files
\
Microsoft Visual Studio

O43
-

CFD: 31/03/2007
-

12:20:46
-

[4,166]
----
D C:
\
Program Files
\
Microsoft Works

O43
-

CFD: 24/01/2010
-

13:17:52
-

[2,824]
----
D C:
\
Program Files
\
Mindscape

O43
-

CFD: 16/
05/2009
-

12:50:38
-

[0]
----
D C:
\
Program Files
\
Modules VST

O43
-

CFD: 05/07/2007
-

22:04:47
-

[15,175]
----
D C:
\
Program Files
\
Movie Maker

O43
-

CFD: 25/04/2012
-

20:57:03
-

[41,285]
----
D C:
\
Program Files
\
Mozilla Firefox

O43
-

CFD: 25/12/2010
-

12:21:02
-

[98,837]
----
D C:
\
Program Files
\
MPMAN

O43
-

CFD: 09/09/2007
-

14:06:39
-

[0,012]
----
D C:
\
Program Files
\
MSBuild

O43
-

CFD: 31/03/2007
-

10:26:27
-

[0]
----
D C:
\
Program Files
\
msn gaming zone

O43
-

CFD: 21/01/2012
-

01:01:55
-

[31,007]
----
D C:
\
Program File
s
\
Mumble

O43
-

CFD: 06/01/2009
-

21:49:59
-

[315,107]
----
D C:
\
Program Files
\
Nero

O43
-

CFD: 31/03/2007
-

10:26:27
-

[0]
----
D C:
\
Program Files
\
netmeeting

O43
-

CFD: 31/03/2007
-

11:10:00
-

[3,696]
----
D C:
\
Program Files
\
NVIDIA Corporation

O43
-

CFD: 31/03
/2007
-

11:27:52
-

[4,176]
----
D C:
\
Program Files
\
Outlook Express

O43
-

CFD: 25/10/2007
-

21:59:29
-

[1,541]
----
D C:
\
Program Files
\
PDF2W

O43
-

CFD: 01/07/2007
-

13:34:47
-

[0,776]
----
D C:
\
Program Files
\
PDFCreator Toolbar

O43
-

CFD: 01/09/2007
-

18:59:10
-

[1,055]
----
D C:
\
Program Files
\
Philips Intelligent Agent

O43
-

CFD: 16/04/2011
-

09:59:17
-

[91,463]
----
D C:
\
Program Files
\
Real

O43
-

CFD: 09/09/2007
-

14:01:57
-

[23,171]
----
D C:
\
Program Files
\
Reference Assemblies

O43
-

CFD: 06/01/2009
-

20:50:28
-

[0
,111]
----
D C:
\
Program Files
\
Registry Mechanic

O43
-

CFD: 14/05/2011
-

20:59:04
-

[1066,505]
----
D C:
\
Program Files
\
Savage 2
-

A Tortured Soul

O43
-

CFD: 31/03/2007
-

10:24:23
-

[0,001]
----
D C:
\
Program Files
\
Services en ligne

O43
-

CFD: 25/02/2012
-

11:09
:48
-

[1,783] R
---
D C:
\
Program Files
\
Skype

O43
-

CFD: 31/03/2007
-

12:15:15
-

[4,392]
----
D C:
\
Program Files
\
SLD Codec Pack

O43
-

CFD: 11/11/2008
-

11:51:41
-

[8,856]
----
D C:
\
Program Files
\
Smart Projects

O43
-

CFD: 13/08/2010
-

22:24:19
-

[222,654]
----
D
C:
\
Program Files
\
Sony

O43
-

CFD: 06/01/2009
-

02:46:54
-

[45,349]
----
D C:
\
Program Files
\
Spybot
-

Search & Destroy

O43
-

CFD: 01/05/2008
-

15:03:54
-

[2,430]
----
D C:
\
Program Files
\
Sun

O43
-

CFD: 16/02/2009
-

21:48:18
-

[1,361]
----
D C:
\
Program Files
\
THQ

O
43
-

CFD: 13/11/2011
-

01:47:57
-

[257,476]
----
D C:
\
Program Files
\
thriXXX

O43
-

CFD: 22/01/2012
-

21:39:15
-

[0,651]
----
D C:
\
Program Files
\
Toolbar Cleaner

O43
-

CFD: 31/03/2007
-

10:30:37
-

[0]
--
H
-
D C:
\
Program Files
\
Uninstall Information

O43
-

CFD: 31/0
3/2007
-

12:15:28
-

[75,228]
----
D C:
\
Program Files
\
VideoLAN

O43
-

CFD: 06/01/2009
-

01:52:31
-

[4,292]
----
D C:
\
Program Files
\
VS Revo Group

O43
-

CFD: 06/07/2007
-

21:42:20
-

[0,000]
----
D C:
\
Program Files
\
Vstplugins

O43
-

CFD: 09/08/2011
-

13:45:52
-

[13
5,397]
----
D C:
\
Program Files
\
Windows Live

O43
-

CFD: 18/12/2008
-

10:50:44
-

[0,234]
----
D C:
\
Program Files
\
Windows Live SkyDrive

O43
-

CFD: 14/07/2007
-

13:20:07
-

[0]
----
D C:
\
Program Files
\
Windows Media Connect 2

O43
-

CFD: 07/03/2010
-

21:15:24
-

[6,1
17]
----
D C:
\
Program Files
\
Windows Media Player

O43
-

CFD: 31/03/2007
-

10:26:27
-

[0,742]
----
D C:
\
Program Files
\
Windows NT

O43
-

CFD: 31/03/2007
-

10:24:28
-

[0]
--
H
-
D C:
\
Program Files
\
WindowsUpdate

O43
-

CFD: 31/03/2007
-

17:56:43
-

[4,719]
----
D C:
\
Pro
gram Files
\
WinRAR

O43
-

CFD: 31/03/2007
-

12:52:37
-

[4,360]
----
D C:
\
Program Files
\
WinZip

O43
-

CFD: 31/03/2007
-

10:26:27
-

[0]
----
D C:
\
Program Files
\
xerox

O43
-

CFD: 26/08/2007
-

23:35:02
-

[0,002]
--
H
-
D C:
\
Program Files
\
Zero G Registry

O43
-

CFD: 25/0
4/2012
-

21:18:16
-

[11,407]
----
D C:
\
Program Files
\
ZHPDiag

O43
-

CFD: 20/01/2012
-

21:56:04
-

[151,274]
----
D C:
\
Program Files
\
Fichiers communs
\
Adobe

O43
-

CFD: 09/02/2009
-

00:23:52
-

[30,315]
----
D C:
\
Program Files
\
Fichiers communs
\
Adobe AIR

O43
-

CFD:
31/03/2007
-

12:06:51
-

[0,069]
----
D C:
\
Program Files
\
Fichiers communs
\
Adobe Systems Shared

O43
-

CFD: 06/01/2009
-

21:54:11
-

[115,362]
----
D C:
\
Program Files
\
Fichiers communs
\
Ahead

O43
-

CFD: 06/02/2011
-

20:31:51
-

[126,824]
----
D C:
\
Program Files
\
Fich
iers communs
\
AVSMedia

O43
-

CFD: 03/09/2007
-

20:30:17
-

[0,066]
----
D C:
\
Program Files
\
Fichiers communs
\
BOONTY Shared

O43
-

CFD: 31/03/2007
-

12:20:48
-

[0,082]
----
D C:
\
Program Files
\
Fichiers communs
\
DESIGNER

O43
-

CFD: 22/02/2012
-

23:23:59
-

[23,581]
-
---
D C:
\
Program Files
\
Fichiers communs
\
DivX Shared

O43
-

CFD: 27/05/2007
-

09:12:28
-

[14,042]
----
D C:
\
Program Files
\
Fichiers communs
\
InstallShield

O43
-

CFD: 26/02/2012
-

16:26:06
-

[24,762]
----
D C:
\
Program Files
\
Fichiers communs
\
Java

O43
-

CFD: 21/04/2
007
-

22:41:29
-

[18,058]
----
D C:
\
Program Files
\
Fichiers communs
\
Logitech

O43
-

CFD: 09/08/2011
-

13:43:00
-

[246,600]
----
D C:
\
Program Files
\
Fichiers communs
\
Microsoft Shared

O43
-

CFD: 31/03/2007
-

10:23:44
-

[0,271]
----
D C:
\
Program Files
\
Fichiers comm
uns
\
MSSoap

O43
-

CFD: 31/03/2007
-

11:10:00
-

[1,128]
----
D C:
\
Program Files
\
Fichiers communs
\
NVIDIA Shared

O43
-

CFD: 31/03/2007
-

12:17:32
-

[0]
----
D C:
\
Program Files
\
Fichiers communs
\
ODBC

O43
-

CFD: 13/08/2010
-

22:16:29
-

[0,936]
----
D C:
\
Program File
s
\
Fichiers communs
\
Real

O43
-

CFD: 31/03/2007
-

10:23:47
-

[0,008]
----
D C:
\
Program Files
\
Fichiers communs
\
Services

O43
-

CFD: 31/03/2007
-

12:17:28
-

[3,612]
----
D C:
\
Program Files
\
Fichiers communs
\
SpeechEngines

O43
-

CFD: 17/07/2007
-

22:12:01
-

[0,094]
----
D C:
\
Program Files
\
Fichiers communs
\
SWF Studio

O43
-

CFD: 29/06/2010
-

23:20:14
-

[0]
----
D C:
\
Program Files
\
Fichiers communs
\
Symantec Shared

O43
-

CFD: 31/03/2007
-

11:27:52
-

[12,641]
----
D C:
\
Program Files
\
Fichiers communs
\
System

O43
-

CFD: 18/12/20
08
-

10:41:38
-

[0]
----
D C:
\
Program Files
\
Fichiers communs
\
Windows Live

O43
-

CFD: 16/04/2011
-

09:59:13
-

[0,336]
----
D C:
\
Program Files
\
Fichiers communs
\
xing shared

O43
-

CFD: 22/02/2012
-

22:46:47
-

[1030,896] R
-
H
-
D C:
\
Documents and Settings
\
All Users
\
Application Data

O43
-

CFD: 25/04/2012
-

21:15:42
-

[0,026]
----
D C:
\
Documents and Settings
\
All Users
\
Bureau

O43
-

CFD: 18/12/2008
-

10:51:13
-

[17,555] R
---
D C:
\
Documents and Settings
\
All Users
\
Documents

O43
-

CFD: 27/04/2008
-

23:29:30
-

[2,583]
-
SH
-
D C:
\
Documents and Settings
\
All Users
\
DRM

O43
-

CFD: 31/03/2007
-

12:17:03
-

[0]
----
D C:
\
Documents and Settings
\
All Users
\
Favoris

O43
-

CFD: 21/12/2009
-

22:55:46
-

[0,345] R
---
D C:
\
Documents and Settings
\
All Users
\
Menu Démarrer

O43
-

CFD: 31/03/2007
-

12:17:
03
-

[0,009]
--
H
-
D C:
\
Documents and Settings
\
All Users
\
Modèles

O43
-

CFD: 16/12/2008
-

18:58:51
-

[1,407]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
.freeciv

O43
-

CFD: 16/12/2008
-

13:44:16
-

[0,000]
----
D C:
\
Documents and Settings
\
ROTH
\
Applica
tion Data
\
.ggz

O43
-

CFD: 29/02/2012
-

19:14:59
-

[105,318]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
.minecraft

O43
-

CFD: 23/12/2011
-

18:16:54
-

[15,623]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Adobe

O43
-

CFD: 02/09/2007
-

13:
43:47
-

[0,256]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Ahead

O43
-

CFD: 21/07/2010
-

08:42:28
-

[0,002]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Apple Computer

O43
-

CFD: 06/02/2011
-

20:33:05
-

[0]
----
D C:
\
Documents and Settin
gs
\
ROTH
\
Application Data
\
AVS4YOU

O43
-

CFD: 05/07/2007
-

21:16:09
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
AVSMedia

O43
-

CFD: 22/02/2012
-

23:36:55
-

[0,000]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
cacaoweb

O43
-

CFD: 22/0
2/2012
-

23:31:46
-

[0,000]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
DDMSettings

O43
-

CFD: 28/04/2008
-

17:45:55
-

[0,013]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
DivX

O43
-

CFD: 15/09/2010
-

19:54:43
-

[0,003]
----
D C:
\
Document
s and Settings
\
ROTH
\
Application Data
\
dvdcss

O43
-

CFD: 06/08/2007
-

21:05:47
-

[1,383]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
EoRezo

O43
-

CFD: 11/04/2007
-

22:06:16
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
GetRightToGo

O4
3
-

CFD: 31/03/2007
-

12:56:38
-

[0,884]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Google

O43
-

CFD: 18/02/2008
-

18:40:51
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Help

O43
-

CFD: 10/11/2008
-

23:50:20
-

[0,001]
----
D C:
\
Docu
ments and Settings
\
ROTH
\
Application Data
\
Identities

O43
-

CFD: 06/01/2009
-

10:52:15
-

[0,671]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Internet Antivirus Pro

O43
-

CFD: 10/11/2008
-

23:50:21
-

[0,002]
----
D C:
\
Documents and Settings
\
ROTH
\
Appl
ication Data
\
Jane s Hotel Family Hero

O43
-

CFD: 01/12/2010
-

20:37:35
-

[0,001]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Leadertech

O43
-

CFD: 22/12/2008
-

10:52:45
-

[0,027]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
LimeWire

O43

-

CFD: 06/08/2007
-

21:17:42
-

[1,473]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
ma
-
config.com

O43
-

CFD: 09/02/2009
-

23:04:53
-

[2,524]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Macromedia

O43
-

CFD: 09/08/2011
-

13:35:09
-

[14,7
07]
-
S
--
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Microsoft

O43
-

CFD: 21/12/2009
-

23:02:11
-

[82,932]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Microsoft Games

O43
-

CFD: 27/01/2010
-

01:54:13
-

[40,083]
----
D C:
\
Documents and Setting
s
\
ROTH
\
Application Data
\
Mozilla

O43
-

CFD: 25/12/2010
-

12:09:51
-

[0,005]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
MP
-
Manager

O43
-

CFD: 22/02/2012
-

22:11:27
-

[0,148]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Mumble

O43
-

CFD: 0
9/11/2008
-

15:37:52
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
My Games

O43
-

CFD: 30/12/2007
-

18:22:57
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Opera

O43
-

CFD: 01/07/2007
-

16:24:52
-

[0,002]
----
D C:
\
Documents and S
ettings
\
ROTH
\
Application Data
\
Pixela

O43
-

CFD: 03/09/2010
-

13:40:46
-

[21,718]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
PowerChallenge

O43
-

CFD: 06/07/2007
-

21:45:42
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Publish Provi
ders

O43
-

CFD: 16/04/2011
-

09:59:38
-

[4,576]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Real

O43
-

CFD: 11/08/2007
-

12:21:44
-

[747,906]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
SecondLife

O43
-

CFD: 25/02/2012
-

11:06:35
-

[6,0
29]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Skype

O43
-

CFD: 12/07/2011
-

17:57:12
-

[0,012]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
skypePM

O43
-

CFD: 07/07/2007
-

19:24:15
-

[3,159]
----
D C:
\
Documents and Settings
\
ROTH
\
Applica
tion Data
\
Sony

O43
-

CFD: 17/08/2007
-

00:09:00
-

[19,585]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Sun

O43
-

CFD: 16/06/2007
-

02:38:07
-

[0,011]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Talkback

O43
-

CFD: 08/05/2008
-

15:29:43
-

[0,018]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
teamspeak2

O43
-

CFD: 31/03/2007
-

13:51:37
-

[0,105]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
U3

O43
-

CFD: 01/02/2012
-

15:42:10
-

[0,007]
----
D C:
\
Documents and Settings
\
ROTH
\
A
pplication Data
\
Unity

O43
-

CFD: 10/11/2010
-

10:34:28
-

[1,216]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
vlc

O43
-

CFD: 05/01/2011
-

23:03:25
-

[0,001]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
WalletBalance

O43
-

CFD: 10/11/2008
-

23:50:20
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Application Data
\
Zylom

O43
-

CFD: 16/12/2009
-

00:24:50
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
3DVIA

O43
-

CFD: 25/10/2007
-

21:13:38
-

[0]
----
D C:
\
Documents and Set
tings
\
ROTH
\
Local Settings
\
Application Data
\
ABBYY

O43
-

CFD: 22/01/2012
-

21:40:21
-

[0,935]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
adaware

O43
-

CFD: 20/01/2012
-

21:55:46
-

[128,421]
----
D C:
\
Documents and Settings
\
ROTH
\
Local

Settings
\
Application Data
\
Adobe

O43
-

CFD: 20/12/2008
-

13:12:31
-

[2,010]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Ahead

O43
-

CFD: 14/11/2007
-

22:40:17
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Da
ta
\
Apple

O43
-

CFD: 14/11/2007
-

22:39:36
-

[7,080]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Apple Computer

O43
-

CFD: 19/01/2010
-

00:58:19
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Bitmanagemen
t
Software

O43
-

CFD: 24/01/2012
-

21:47:21
-

[0,037]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Conduit

O43
-

CFD: 08/03/2009
-

21:02:29
-

[71,178]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Downloaded
I
nstallations

O43
-

CFD: 02/12/2010
-

23:06:18
-

[0,001]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Electronic Arts

O43
-

CFD: 09/05/2011
-

19:20:03
-

[1083,671]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Google

O43
-

CFD: 18/02/2008
-

18:40:51
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Help

O43
-

CFD: 31/03/2007
-

11:39:12
-

[0,921]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Identities

O43
-

CFD: 25
/12/2011
-

02:58:23
-

[666,520]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Microsoft

O43
-

CFD: 16/06/2007
-

02:38:04
-

[55,978]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Mozilla

O43
-

CFD: 03/09/2010
-

13:38:59
-

[0,103]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
PowerChallenge

O43
-

CFD: 24/06/2007
-

12:02:14
-

[0,086]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
RadonLabs

O43
-

CFD: 27/12/2011
-

21:40:2
6
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Stardock

O43
-

CFD: 21/01/2012
-

00:25:10
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Temp

O43
-

CFD: 13/12/2010
-

21:43:26
-

[24,221]
----
D C:
\
Docu
ments and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Unity

O43
-

CFD: 03/08/2007
-

22:57:31
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Vivox

O43
-

CFD: 05/07/2007
-

22:10:18
-

[0,133]
----
D C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
WMTools
Downloaded Files

O43
-

CFD: 16/05/2009
-

13:48:02
-

[0,014] R
---
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Accessoires

O43
-

CFD: 06/02/2011
-

20:32:36
-

[0,001]
----
D C:
\
Documents and Settings
\
ROTH
\
Me
nu Démarrer
\
Programmes
\
AVS4YOU

O43
-

CFD: 25/10/2007
-

22:00:46
-

[0,002]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
BlueSquad

O43
-

CFD: 27/12/2011
-

21:40:25
-

[0,002] R
---
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Démar
rage

O43
-

CFD: 28/04/2009
-

14:49:15
-

[0,003]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Fraps

O43
-

CFD: 14/02/2011
-

21:55:33
-

[0]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Gpotato.eu

O43
-

CFD: 31/03/2007
-

11:1
5:49
-

[0,001]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu
Démarrer
\
Programmes
\
HardwareDetection

O43
-

CFD: 25/12/2010
-

12:21:26
-

[0,004]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
MP Manager

O43
-

CFD: 23/09/2007
-

00:23:36
-

[0,000] R
-
--
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Outils
d'administration

O43
-

CFD: 06/01/2009
-

01:52:37
-

[0,003]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Revo Uninstaller

O43
-

CFD: 14/05/2011
-

20:59:04
-

[0,007]
----
D C
:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Savage 2 A
Tortured Soul

O43
-

CFD: 09/06/2008
-

23:28:21
-

[0,003]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Travian3DTool
1.7

O43
-

CFD: 15/05/2011
-

22:54:20
-

[0,001]
----
D C:
\
D
ocuments and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Valve

O43
-

CFD: 21/04/2007
-

22:14:04
-

[0,004]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
Virtual DJ

O43
-

CFD: 16/12/2008
-

13:45:50
-

[0,002]
----
D C:
\
Documents and Settings
\
ROTH
\
Me
nu Démarrer
\
Programmes
\
Warzone 2100

O43
-

CFD: 31/03/2007
-

11:04:33
-

[0,002]
----
D C:
\
Documents and Settings
\
ROTH
\
Menu Démarrer
\
Programmes
\
WinRAR

~ Scan Program Folder in 00mn 55s




---
\
\

Derniers fichiers modifiés ou crées sous Windows et System32 (O44
)

O44
-

LFC:[MD5.CB17A47D090938A02DACB066D6D5A124]
-

25/04/2012
-

19:55:54
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
rp_rules.dat [44]

O44
-

LFC:[MD5.8A3D5B46FF8C9CED46304F1EBB5F9AFE]
-

25/04/2012
-

19:55:54
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
rp_stats.dat

[64]

O44
-

LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E]
-

25/04/2012
-

19:54:53
---
A
-

. (...)
--

C:
\
WINDOWS
\
0.log [0]

O44
-

LFC:[MD5.317446339EABD3B4468CA028F80104B0]
-

25/04/2012
-

19:54:50
---
A
-

. (...)
--

C:
\
WINDOWS
\
wiadebug.log
[159]

O44
-

LFC:[MD5.
58E208FF70D632B91725DC355242DF1A]
-

25/04/2012
-

19:54:44
---
A
-

. (...)
--

C:
\
WINDOWS
\
WindowsUpdate.log [1686327]

O44
-

LFC:[MD5.DCF80ADEE9F2678406CBFAA703EFC353]
-

25/04/2012
-

19:54:43
---
A
-

. (...)
--

C:
\
WINDOWS
\
wiaservc.log [50]

O44
-

LFC:[MD5.6A2C
B42966136854F4464516FBB4AE72]
-

25/04/2012
-

19:54:07
-
S
-
A
-

. (...)
--

C:
\
WINDOWS
\
bootstat.dat
[2048]

O44
-

LFC:[MD5.F6227E87A2A1124E0E0CBE43C88F2732]
-

25/04/2012
-

19:53:55
---
A
-

. (...)
--

C:
\
aaw7boot.log [831687]

O44
-

LFC:[MD5.08A477B46384A79BC3B7
E2849868E017]
-

25/04/2012
-

19:52:53
---
A
-

. (...)
--

C:
\
WINDOWS
\
SchedLgU.Txt
[32528]

O44
-

LFC:[MD5.9681A655BE1D8AFF0D1A352504E4AF0C]
-

25/04/2012
-

19:52:26
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
CONFIG.NT [3120]

O44
-

LFC:[MD5.EEBB0FA277FF042F70E581A
2E4C494F9]
-

17/04/2012
-

22:27:47
---
A
-

. (...)
--

C:
\
WINDOWS
\
PhotoSnapViewer.INI [151]

O44
-

LFC:[MD5.6C74C64799E9416E3A986372C346720C]
-

15/04/2012
-

17:57:47
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
wpa.dbl
[2206]

O44
-

LFC:[MD5.C14E8C778A825C353ADAFFC
5256011D5]
-

30/03/2012
-

18:08:47
---
A
-

.
(...)
--

C:
\
WINDOWS
\
setupapi.log
[1033963]

~ Scan Files in 00mn 22s




---
\
\

Export de clé d'application autorisée (O47)

O47
-

AAKE:Key Export SP
-

"%windir%
\
system32
\
sessmgr.exe" [Enabled] .(.Microsoft Corporat
ion
-

Gestionnaire de session de
l'aide sur le Bureau à distance de Microsoft®.)
--

C:
\
WINDOWS
\
system32
\
sessmgr.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Sony
\
Station
\
LaunchPad
\
LaunchPad.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
Sony
\
Station
\
LaunchP
ad
\
LaunchPad.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Logiciels
\
jeux
\
seconde
life
\
SecondLife
\
SLVoice.exe" [Enabled] .(...)
--

C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Logiciels
\
jeux
\
seconde
life
\
SecondLife
\
SLVoice.ex
e (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
MSN Messenger
\
livecall.exe" [Enabled] .(...)
--

C:
\
Program Files
\
MSN
Messenger
\
livecall.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
WINDOWS
\
system32
\
dpvsetup.exe" [Enabled] .(.Microsoft Corpor
ation
-

Microsoft DirectPlay Voice
Test.)
--

C:
\
WINDOWS
\
system32
\
dpvsetup.exe

O47
-

AAKE:Key Export SP
-

"C:
\
WINDOWS
\
system32
\
rundll32.exe" [Enabled] Clé orpheline

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Sony
\
Station
\
LaunchPad
\
_aunchPad.exe" [Enabled]

.(...)
--

C:
\
Program
Files
\
Sony
\
Station
\
LaunchPad
\
_aunchPad.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Internet Explorer
\
IEXPLORE.EXE" [Enabled] .(.Microsoft Corporation
-

Internet
Explorer.)
--

C:
\
Program Files
\
Internet Explorer
\
IEXPLO
RE.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Stronghold2.exe" [Enabled] .(...)
--

C:
\
Documents
and Settings
\
ROTH
\
Mes documents
\
Stronghold2.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Real
\
RealPlayer
\
real
play.exe" [Disabled] .(.RealNetworks, Inc.
-

RealPlayer.)
--

C:
\
Program Files
\
Real
\
RealPlayer
\
realplay.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Codemasters
\
RF Online
\
RF.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
Codemasters
\
RF Online
\
RF.exe (.not fi
le.)

O47
-

AAKE:Key Export SP
-

"C:
\
WINDOWS
\
system32
\
PnkBstrA.exe" [Enabled] .(...)
--

C:
\
WINDOWS
\
system32
\
PnkBstrA.exe

O47
-

AAKE:Key Export SP
-

"C:
\
WINDOWS
\
system32
\
PnkBstrB.exe" [Enabled] .(...)
--

C:
\
WINDOWS
\
system32
\
PnkBstrB.exe

O47
-

AAKE:Key Export

SP
-

"C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Logiciels
\
jeux
\
Test2
\
Glest_3.1.2
\
glest.exe"
[Disabled] .(...)
--

C:
\
Documents and Settings
\
ROTH
\
Mes documents
\
Logiciels
\
jeux
\
Test2
\
Glest_3.1.2
\
glest.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program

Files
\
Freeciv
-
2.1.8
-
gtk2
\
civserver.exe" [Enabled] .(...)
--

C:
\
Program Files
\
Freeciv
-
2.1.8
-
gtk2
\
civserver.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
LimeWire
\
LimeWire.exe" [Enabled] .(...)
--

C:
\
Program Files
\
LimeWire
\
LimeWire.exe
(.not

file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
THQ
\
Dawn of War
-

Soulstorm
\
Soulstorm.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
THQ
\
Dawn of War
-

Soulstorm
\
Soulstorm.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Documents and Settings
\
ROTH
\
Bureau
\
Co
ndition Zero2
\
czero.exe" [Enabled] .(.Valve
-

Condition
Zero Launcher.)
--

C:
\
Documents and Settings
\
ROTH
\
Bureau
\
Condition Zero2
\
czero.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Documents and Settings
\
ROTH
\
Bureau
\
Condition Zero2
\
hltv.exe" [Enabled] .(.Valve
-

HLTV

Launcher.)
--

C:
\
Documents and Settings
\
ROTH
\
Bureau
\
Condition Zero2
\
hltv.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
dark
-
oberon
\
doberon.exe" [Enabled] .(...)
--

C:
\
Program Files
\
dark
-
oberon
\
doberon.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Pro
gram Files
\
Java
\
jre6
\
bin
\
java.exe" [Enabled] .(.Sun Microsystems, Inc.
-

Java(TM) Platform SE
binary.)
--

C:
\
Program Files
\
Java
\
jre6
\
bin
\
java.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Valve
\
Condition Zero
\
czero.exe" [Enabled] .(...)
--

C:
\
Valve
\
Condition Zero
\
cze
ro.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Microsoft Games
\
Rise of Nations
\
thrones.exe" [Enabled] .(.Big Huge Games, Inc.
-

Rise of Nations.)
--

C:
\
Program Files
\
Microsoft Games
\
Rise of Nations
\
thrones.exe

O47
-

AAKE:Key Export SP
-

"
C:
\
Program Files
\
Microsoft Games
\
Rise of Nations
\
nations.exe" [Enabled] .(.Big Huge Games, Inc.
-

Rise of Nations.)
--

C:
\
Program Files
\
Microsoft Games
\
Rise of Nations
\
nations.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Documents and Settings
\
ROTH
\
Bureau
\
[ PC Games

]
-

Age of Empires II(FULL)(2)
\
age2_x1.exe"
[Disabled] .(.Microsoft Corporation.)
--

C:
\
Documents and Settings
\
ROTH
\
Bureau
\
[ PC Games ]
-

Age of Empires
II(FULL)(2)
\
age2_x1.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Skype
\
Plugin Manager
\
skypePM.exe"

[Enabled] .(...)
--

C:
\
Program
Files
\
Skype
\
Plugin Manager
\
skypePM.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Electronic Arts
\
EADM
\
Core.exe" [Enabled] .(...)
--

C:
\
Program Files
\
Electronic
Arts
\
EADM
\
Core.exe (.not file.)

O47
-

AAKE:Key E
xport SP
-

"C:
\
Program Files
\
Firefly Studios
\
Stronghold 2
\
Stronghold2.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
Firefly Studios
\
Stronghold 2
\
Stronghold2.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Google
\
Google Earth
\
client
\
googleearth.ex
e" [Enabled] .(.Google
-

Google Earth.)
--

C:
\
Program Files
\
Google
\
Google Earth
\
client
\
googleearth.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Savage 2
-

A Tortured Soul
\
savage2.exe" [Enabled] .(...)
--

C:
\
Program Files
\
Savage
2
-

A Tortured Soul
\
sava
ge2.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Windows Live
\
Messenger
\
msnmsgr.exe" [Enabled] .(.Microsoft Corporation
-

Windows Live Messenger.)
--

C:
\
Program Files
\
Windows Live
\
Messenger
\
msnmsgr.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Windo
ws Live
\
Sync
\
WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation
-

Windows Live Sync.)
--

C:
\
Program Files
\
Windows Live
\
Sync
\
WindowsLiveSync.exe

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Iminent
\
IMBooster
\
IMBooster.exe" [Enabled] .(...)
--

C:
\
Progra
m
Files
\
Iminent
\
IMBooster
\
IMBooster.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
Iminent
\
MMServer
\
Iminent.MMServer.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
Iminent
\
MMServer
\
Iminent.MMServer.exe (.not file.)

O47
-

AAKE:Key Export SP
-

"C:
\
Program Files
\
cacaoweb
\
cacaoweb.exe" [Enabled] .(...)
--

C:
\
Program
Files
\
cacaoweb
\
cacaoweb.exe (.not file.)

O47
-

AAKE:Key Export DP
-

"%windir%
\
system32
\
sessmgr.exe" [Enabled] .(.Microsoft Corporation
-

Gestionnaire de session de
l'aide sur le Bureau à d
istance de Microsoft®.)
--

C:
\
WINDOWS
\
system32
\
sessmgr.exe

O47
-

AAKE:Key Export DP
-

"C:
\
Program Files
\
MSN Messenger
\
livecall.exe" [Enabled] .(...)
--

C:
\
Program Files
\
MSN
Messenger
\
livecall.exe (.not file.)

O47
-

AAKE:Key Export DP
-

"C:
\
Program Files
\
Wi
ndows Live
\
Messenger
\
msnmsgr.exe" [Enabled] .(.Microsoft Corporation
-

Windows Live Messenger.)
--

C:
\
Program Files
\
Windows Live
\
Messenger
\
msnmsgr.exe

O47
-

AAKE:Key Export DP
-

"C:
\
Program Files
\
Windows Live
\
Sync
\
WindowsLiveSync.exe" [Enabled] .(.Microsof
t Corporation
-

Windows Live Sync.)
--

C:
\
Program Files
\
Windows Live
\
Sync
\
WindowsLiveSync.exe

~ Scan Keys in 00mn 02s




---
\
\

Déni du service (Local Security Authority) (O48)

O48
-

LSA:Local Security Authority Authentication Packages . (.Microsoft Corpora
tion
-

Microsoft Authentication Package v1.0.)
--

C:
\
WINDOWS
\
system32
\
msv1_0.dll

O48
-

LSA:Local Security Authority Notification Packages .
(.Microsoft Corporation
-

Moteur du client de l'Éditeur de configuration de
sécurité Windows.)
--

C:
\
WINDOWS
\
system3
2
\
scecli.dll

O48
-

LSA:Local Security Authority Security Packages . (.Microsoft Corporation
-

Kerberos Security Package.)
--

C:
\
WINDOWS
\
system32
\
kerberos.dll

O48
-

LSA:Local Security Authority Security Packages . (.Microsoft Corporation
-

Microsoft Authent
ication Package v1.0.)
--

C:
\
WINDOWS
\
system32
\
msv1_0.dll

O48
-

LSA:Local Security Authority Security Packages . (.Microsoft Corporation
-

TLS / SSL Security Provider.)
--

C:
\
WINDOWS
\
system32
\
schannel.dll

O48
-

LSA:Local Security Authority Security Packages

. (.Microsoft Corporation
-

Microsoft Digest Access.)
--

C:
\
WINDOWS
\
system32
\
wdigest.dll

~ Scan Keys in 00mn 00s




---
\
\

Contrôle du Safe Boot (CSB) (O49)

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
dmboot.sys .
(.Microsoft Corp., Veritas Software
-

Pilote de démarrage du
gestionnaire de disque NT.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dmboot.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
dmio.sys . (.Microsoft Corp., Veritas Software
-

Pilote E/S du Gestionnaire de
disques NT.)
--

C:
\
WINDOWS
\
system3
2
\
Drivers
\
dmio.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
dmload.sys . (.Microsoft Corp., Veritas Software.
-

NT Disk Manager Startup
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dmload.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
sermouse.sys

. (...)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
sermouse.sys (.not file.)

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
sr.sys .
(.Microsoft Corporation
-

Pilote de filtre de système de fichiers pour la
restauration du système.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
s
r.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
vga.sys . (.Microsoft Corporation
-

VGA/Super VGA Video Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
vga.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Minimal
\
vgasave.sys . (...)
--

C:
\
WINDOWS
\
system32
\
Drive
rs
\
vgasave.sys (.not file.)

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
dmboot.sys .
(.Microsoft Corp., Veritas Software
-

Pilote de démarrage du
gestionnaire de disque NT.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dmboot.sys

O49
-

CSB:Control Safe Boot HKLM
\
..
.
\
CCS
\
Network
\
dmio.sys . (.Microsoft Corp., Veritas Software
-

Pilote E/S du Gestionnaire de
disques NT.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dmio.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
dmload.sys . (.Microsoft Corp., Veritas Software.
-

NT Disk M
anager Startup
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dmload.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
ip6fw.sys . (.Microsoft Corporation
-

IPv6 Windows Firewall Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ip6fw.sys

O49
-

CSB:Control Safe Boot HKL
M
\
...
\
CCS
\
Network
\
ipnat.sys . (.Microsoft Corporation
-

IP Network Address Translator.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ipnat.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
rdpcdd.sys . (.Microsoft Corporation
-

RDP Miniport.)
--

C:
\
WINDOWS
\
system32
\
D
rivers
\
rdpcdd.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
rdpdd.sys . (...)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
rdpdd.sys (.not file.)

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
rdpwd.sys . (.Microsoft Corporation
-

RDP Terminal Stack Driver (US/
Canada
Only, Not for Export).)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
rdpwd.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
sermouse.sys . (...)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
sermouse.sys (.not file.)

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
sr.sys .

(.Microsoft Corporation
-

Pilote de filtre de système de fichiers pour la
restauration du système.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
sr.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
tdpipe.sys . (.Microsoft Corporation
-

Named Pipe Transport Driver.)

--

C:
\
WINDOWS
\
system32
\
Drivers
\
tdpipe.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
tdtcp.sys . (.Microsoft Corporation
-

TCP Transport Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
tdtcp.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
vga.sys . (.M
icrosoft Corporation
-

VGA/Super VGA Video Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
vga.sys

O49
-

CSB:Control Safe Boot HKLM
\
...
\
CCS
\
Network
\
vgasave.sys . (...)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
vgasave.sys (.not file.)

~ Scan CSB in 00mn 00s




---
\
\

Image Fi
le Execution Options (IFEO) (O50)

O50
-

IFEO:Image File Execution Options
-

Your Image File Name Here without a path
-

ntsd
-
d

~ Scan IFEO in 00mn 00s




---
\
\

MountPoints2 Shell Key (O51)

O51
-

MPSK:{17b1436b
-
df62
-
11db
-
9edb
-
00606e300b46}
\
AutoRun
\
command.
(...)
--

J:
\
LaunchU3.exe (.not file.)

O51
-

MPSK:{7a867726
-
df6c
-
11db
-
85f8
-
00301bb865ff}
\
AutoRun
\
command. (...)
--

E:
\
LaunchU3.exe (.not file.)

O51
-

MPSK:{c6150c90
-
7bcb
-
11df
-
94a1
-
00301bb865ff}
\
AutoRun
\
command. (...)
--

C:
\
WINDOWS
\
system32
\
start.exe (.not f
ile.)

O51
-

MPSK:{d811b872
-
3f17
-
11de
-
8e23
-
00301bb865ff}
\
AutoRun
\
command. (...)
--

E:
\
VIRTUAL_OPTICIAN.exe (.not file.)

O51
-

MPSK:{e8732844
-
100e
-
11e0
-
9763
-
00301bb865ff}
\
AutoRun
\
command. (...)
--

C:
\
WINDOWS
\
system32
\
launcher.exe (.not file.)

~ Scan Keys in
00mn 00s




---
\
\

Trojan Driver Search Data (HKLM) (O52)

O52
-

TDSD:
\
Drivers32
\
"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC.
-

Codec audio TrueSpeech(TM) DSP Group pour
MSACM V3.50.)
--

C:
\
WINDOWS
\
system32
\
tssoft32.acm

O52
-

TDSD:
\
Drivers32
\
"vidc.cvi
d"="iccvid.dll" . (.Radius Inc.
-

Cinepak® Codec.)
--

C:
\
WINDOWS
\
system32
\
iccvid.dll

O52
-

TDSD:
\
Drivers32
\
"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc.
-

Video Codec.)
--

C:
\
WINDOWS
\
system32
\
lvcodec2.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.iv31"="Ir32_32.dll" .
(...)
--

C:
\
WINDOWS
\
system32
\
Ir32_32.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.iv32"="Ir32_32.dll" . (...)
--

C:
\
WINDOWS
\
system32
\
Ir32_32.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.iv41"="ir41_32.ax" . (.Intel Corporation
-

Intel Indeo® Video 4.5.)
--

C:
\
WINDOWS
\
system32
\
ir4
1_32.ax

O52
-

TDSD:
\
Drivers32
\
"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc.
-

Audio codec for MS ACM.)
--

C:
\
WINDOWS
\
system32
\
sl_anet.acm

O52
-

TDSD:
\
Drivers32
\
"msacm.l3acm"="l3codecp.acm" .
(.Fraunhofer Institut Integrierte Schaltungen
-

MPEG

Layer
-
3 Audio
Codec for MSACM.)
--

C:
\
WINDOWS
\
system32
\
l3codecp.acm

O52
-

TDSD:
\
Drivers32
\
"vidc.VP60"="vp6vfw.dll" . (.On2.com
-

VP6 VIDEO FOR WINDOWS CODEC.)
--

C:
\
WINDOWS
\
system32
\
vp6vfw.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.VP61"="vp6vfw.dll" . (.On2.com
-

VP6 VIDEO FOR WINDOWS CODEC.)
--

C:
\
WINDOWS
\
system32
\
vp6vfw.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.VP62"="vp6vfw.dll" . (.On2.com
-

VP6 VIDEO FOR WINDOWS CODEC.)
--

C:
\
WINDOWS
\
system32
\
vp6vfw.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.xvid"="xvidvfw.dll" . (...)
--

C:
\
WI
NDOWS
\
system32
\
xvidvfw.dll

O52
-

TDSD:
\
Drivers32
\
"vidc.iv40"="ir41_32.ax" . (.Intel Corporation
-

Intel Indeo® Video 4.5.)
--

C:
\
WINDOWS
\
system32
\
ir41_32.ax

O52
-

TDSD:
\
Drivers32
\
"msacm.voxacm160"="vct3216.acm" . (.Voxware, Inc.
-

Voxware Audio Compressi
on Manager Driver.)
--

C:
\
WINDOWS
\
system32
\
vct3216.acm

O52
-

TDSD:
\
Drivers32
\
"msacm.scg726"="scg726.acm" . (.SHARP Corporation
-

SHARP G.726 ACM Audio Decoder.)
--

C:
\
WINDOWS
\
system32
\
scg726.acm

O52
-

TDSD:
\
Drivers32
\
"msacm.alf2cd"="alf2cd.acm" . (.NCT C
ompany
-

NCT ALF2CD Audio CODEC.)
--

C:
\
WINDOWS
\
system32
\
alf2cd.acm

O52
-

TDSD:
\
Drivers32
\
"msacm.ac3acm"="ac3acm.acm" . (.fccHandler
-

AC
-
3 ACM Codec.)
--

C:
\
WINDOWS
\
system32
\
ac3acm.acm

O52
-

TDSD:
\
Drivers32
\
"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept
-

M
ainConcept DV Codec.)
--

C:
\
WINDOWS
\
system32
\
mcdvd_32.dll

O52
-

TDSD:
\
Drivers32
\
"VIDC.FPS1"="frapsvid.dll" . (.Beepa P/L
-

Fraps.)
--

C:
\
WINDOWS
\
system32
\
frapsvid.dll

O52
-

TDSD:
\
Drivers32
\
"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/
-

Lame M
P3 codec engine.)
--

C:
\
WINDOWS
\
system32
\
lameACM.acm

O52
-

TDSD:
\
Drivers32
\
"VIDC.FFDS"="ff_vfw.dll" . (...)
--

C:
\
WINDOWS
\
system32
\
ff_vfw.dll

O52
-

TDSD:
\
drivers.desc
\
"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc.
-

Audio codec
for MS ACM.)
--

C:
\
WINDOWS
\
system32
\
sl_anet.acm

O52
-

TDSD:
\
drivers.desc
\
"C:
\
WINDOWS
\
system32
\
l3codeca.acm"="Fraunhofer IIS MPEG Layer
-
3 Codec" .
(.Fraunhofer Institut
Integrierte Schaltungen
-

MPEG Layer
-
3 Audio Codec for MSACM.)
--

C:
\
WINDOWS
\
system32
\
l
3codeca.acm

O52
-

TDSD:
\
drivers.desc
\
"l3codecp.acm"="Fraunhofer IIS MPEG Layer
-
3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen
-

MPEG Layer
-
3 Audio Codec for MSACM.)
--

C:
\
WINDOWS
\
system32
\
l3codecp.acm

O52
-

TDSD:
\
drivers.desc
\
"iac25_32.ax"="Ind
eo® Audio Software" . (.Intel Corporation
-

Indeo® audio software.)
--

C:
\
WINDOWS
\
system32
\
iac25_32.ax

O52
-

TDSD:
\
drivers.desc
\
"xvidvfw.dll"="Xvid MPEG
-
4 Video Codec v1.2
-
dev" . (...)
--

(.not file.)

O52
-

TDSD:
\
drivers.desc
\
"ir41_32.ax"="Indeo 4.5 code
c" . (...)
--

(.not file.)

O52
-

TDSD:
\
drivers.desc
\
"vct3216.acm"="Voxware Compression Toolkit" . (.Voxware, Inc.
-

Voxware Audio Compression Manager
Driver.)
--

C:
\
WINDOWS
\
system32
\
vct3216.acm

O52
-

TDSD:
\
drivers.desc
\
"scg726.acm"="Sharp G.726 Audio Dec
oder" . (...)
--

(.not file.)

O52
-

TDSD:
\
drivers.desc
\
"alf2cd.acm"="alf2cd.acm" . (.NCT Company
-

NCT ALF2CD Audio CODEC.)
--

C:
\
WINDOWS
\
system32
\
alf2cd.acm

O52
-

TDSD:
\
drivers.desc
\
"AC3ACM.acm"="AC
-
3 ACM Codec" . (.fccHandler
-

AC
-
3 ACM Codec.)
--

C:
\
W
INDOWS
\
system32
\
AC3ACM.acm

O52
-

TDSD:
\
drivers.desc
\
"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept
-

MainConcept DV Codec.)
--

C:
\
WINDOWS
\
system32
\
mcdvd_32.dll

O52
-

TDSD:
\
drivers.desc
\
"mpg4c32.dll"="MS MPEG
-
4 v1,2,3 driver 4.1.0.3927" . (...)
--

(.not fi
le.)

O52
-

TDSD:
\
drivers.desc
\
"frapsvid.dll"="Fraps Video Decompressor" . (.Beepa P/L
-

Fraps.)
--

C:
\
WINDOWS
\
system32
\
frapsvid.dll

O52
-

TDSD:
\
drivers.desc
\
"lameACM.acm"="Lame ACM MP3 CODEC v3.98" . (...)
--

(.not file.)

O52
-

TDSD:
\
drivers.desc
\
"ff_vf
w.dll"="ffdshow video encoder" . (...)
--

C:
\
WINDOWS
\
system32
\
ff_vfw.dll

~ Scan Keys in 00mn 01s




---
\
\

ShareTools MSconfig StartupReg (O53)

O53
-

SMSR:HKLM
\
...
\
startupreg
\
Internet Antivirus Pro [Key] . (...)
--

c:
\
program files
\
Internet Antivirus Pro
\
I
APro.exe (.not file.)

O53
-

SMSR:HKLM
\
...
\
startupreg
\
MsnMsgr [Key] . (.Microsoft Corporation
-

Windows Live Messenger.)
--

C:
\
Program
Files
\
Windows Live
\
Messenger
\
msnmsgr.exe

O53
-

SMSR:HKLM
\
...
\
startupreg
\
swg [Key] . (.Google Inc.
-

GoogleToolbarNotifie
r.)
--

C:
\
Program
Files
\
Google
\
GoogleToolbarNotifier
\
GoogleToolbarNotifier.exe

~ Scan SMSR Keys in 00mn 00s




---
\
\

Microsoft Control Security Providers (O54)

O54
-

MCSP:[HKLM
\
...
\
CurrentControlSet
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

Client DPA pour plate
-
forme 32
bit.)
--

C:
\
WINDOWS
\
system32
\
msapsspc.dll

O54
-

MCSP:[HKLM
\
...
\
CurrentControlSet
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

TLS / SSL Security Provider.)
--

C:
\
WINDOWS
\
system32
\
schannel.dll

O54
-

MCSP:[HKLM
\
...
\
CurrentControlSet
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

Package d'authentification Digest
SSPI.)
--

C:
\
WINDOWS
\
system32
\
digest.dll

O54
-

MCSP:[HKLM
\
...
\
ControlSet001
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

Client

DPA pour plate
-
forme 32 bit.)
--

C:
\
WINDOWS
\
system32
\
msapsspc.dll

O54
-

MCSP:[HKLM
\
...
\
ControlSet001
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

TLS / SSL Security Provider.)
--

C:
\
WINDOWS
\
system32
\
schannel.dll

O54
-

MCSP:[HKLM
\
...
\
ControlS
et001
\
Control]
-

(SecurityProviders)
-

(.Microsoft Corporation
-

Package d'authentification Digest
SSPI.)
--

C:
\
WINDOWS
\
system32
\
digest.dll

~ Scan Keys in 00mn 00s




---
\
\

Microsoft Windows Policies System (O55)

O55
-

MWPS:[HKLM
\
...
\
Policies
\
System]
-

"do
ntdisplaylastusername"=0

O55
-

MWPS:[HKLM
\
...
\
Policies
\
System]
-

"legalnoticecaption"=

O55
-

MWPS:[HKLM
\
...
\
Policies
\
System]
-

"legalnoticetext"=

O55
-

MWPS:[HKLM
\
...
\
Policies
\
System]
-

"shutdownwithoutlogon"=1

O55
-

MWPS:[HKLM
\
...
\
Policies
\
System]
-

"undo
ckwithoutlogon"=1

~ Scan Keys in 00mn 00s




---
\
\

Microsoft Windows Policies Explorer (O56)

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoDriveTypeAutoRun"=145

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoLowDiskSpaceChecks"=1

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoStartBanner"=

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"MemCheckBoxInRunDlg"=1

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoSMBalloonTip"=1

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoDesktopCleanupWizard"=1

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoWelcomeScreen"=1

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoTrayItemsDisplay"=0

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoStrCmpLogical"=0

O56
-

MWPE:[HKCU
\
...
\
policies
\
Explorer]
-

"NoInstrumentation"=0

~ Scan Keys in 00mn 00s




---
\
\

Liste des Drivers Système (O58)

O58
-

SDL:[MD5.473F97EDC5A5312F3665AB2921196C0C]
-

07/03/2012
-

23:58:29
---
A
-

. (.AVAST Software
-

avast! Base Kernel
-
Mode Device Driver for Windows NT/2000/XP.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aavmker4.sys [24920]

O58
-

S
DL:[MD5.0AE43C6C411254049279C2EE55630F95]
-

07/03/2012
-

00:01:30
---
A
-

. (.AVAST Software
-

avast! File System
Access Blocking Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswFsBlk.sys [20696]

O58
-

SDL:[MD5.970848A56D5D9D0D616F1D94DA017495]
-

07/03/2012
-

0
0:01:35
---
A
-

. (.AVAST Software
-

avast! File System
Filter Driver for Windows NT/2000.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswmon.sys [89048]

O58
-

SDL:[MD5.8C30B7DDD2F1D8D138EBE40345AF2B11]
-

07/03/2012
-

00:01:39
---
A
-

. (.AVAST Software
-

avast! File Sy
stem
Filter Driver for Windows XP.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswmon2.sys [95704]

O58
-

SDL:[MD5.DA12626FD9A67F4E917E2F2FBE1E1764]
-

07/03/2012
-

00:02:00
---
A
-

.
(.AVAST Software
-

avast! TDI Redirect
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswRdr.
sys [35672]

O58
-

SDL:[MD5.DCB199B967375753B5019EC15F008F53]
-

07/03/2012
-

00:03:51
---
A
-

. (.AVAST Software
-

avast! Virtualization
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswSnx.sys [612184]

O58
-

SDL:[MD5.B32873E5A1443C0A1E322266E203BF10]
-

07/03/2
012
-

00:03:38
---
A
-

. (.AVAST Software
-

avast! self protection
module.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswSP.sys [337880]

O58
-

SDL:[MD5.6FF544175A9180C5D88534D3D9C9A9F7]
-

07/03/2012
-

00:01:53
---
A
-

. (.AVAST Software
-

avast! TDI Filter
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
aswTdi.sys [53848]

O58
-

SDL:[MD5.6B618C7764E03A78599D74E31B8AB17B]
-

02/03/2007
-

21:53:19
---
A
-

.
(.ATI Technologies Inc.
-

ATI Radeon
WindowsNT Miniport Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ati2mtag.sys [1972224]

O58
-

SDL:[MD5.BF79E659C506674C0497CC9C61F1A165]
-

23/04/2007
-

01:15:25
-----

. (.Sonic Solutions
-

CDR4 CD and DVD
Place Holder Driver (see PxHelp).)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
cdr4_xp.sys [2432]

O58
-

SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471]
-

23/04/
2007
-

01:15:25
-----

. (.Sonic Solutions
-

CDRAL Place Holder
Driver (see PxHelp).)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
cdralw2k.sys [2560]

O58
-

SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C]
-

05/11/2006
-

20:14:07
---
A
-

. (.RAVISENT Technologies Inc.
-

Pilote

principal CineMaster C 1.2 WDM.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
cinemst2.sys [262528]

O58
-

SDL:[MD5.9624293E55AD405415862B504CA95B73]
-

05/11/2006
-

20:14:07
---
A
-

. (.Compaq Computer Corporation
-

Compaq PA
-
1 Player Driver.)
--

C:
\
WINDOWS
\
system32
\
Dri
vers
\
cpqdap01.sys [11776]

O58
-

SDL:[MD5.0F7B802ECBF2FE6A834FACAF0268AAD8]
-

02/05/2006
-

06:24:28 R
--
A
-

. (.DAVICOM Semiconductor, Inc.
-

NDIS 5.0 driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
dm9usb.sys [26190]

O58
-

SDL:[MD5.25EDD75E23C5EF6B33D0FBCCE125A6
01]
-

15/08/2005
-

11:08:26
---
A
-

. (.Ahead Software AG
-

NERO
IMAGEDRIVE SCSI miniport.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
imagedrv.sys [5888]

O58
-

SDL:[MD5.9C4BBACF4E9B9543C3CE23F1FE556941]
-

15/08/2005
-

11:08:26
---
A
-

. (.Ahead Software AG
-

Nero Image

Server.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
imagesrv.sys [127488]

O58
-

SDL:[MD5.336ABE8721CBC3110F1C6426DA633417]
-

03/11/2011
-

12:06:56
---
A
-

.
(.Lavasoft AB
-

Boot Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
Lbd.sys [64512]

O58
-

SDL:[MD5.16BC447DE474A9E1
25DB39806714F1E1]
-

31/01/2005
-

11:19:20
---
A
-

. (.Logitech Inc.
-

Audio filter for Express
Plus.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
lv302af.sys [7104]

O58
-

SDL:[MD5.7A31B09C7F037A1217B658465F19BBCE]
-

31/01/2005
-

11:26:06
---
A
-

. (.Logitech Inc.
-

Logit
ech QuickCam
Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
LV302AV.SYS [912768]

O58
-

SDL:[MD5.15ECC52C7C28EEACBCB935677DC34523]
-

31/01/2005
-

11:04:56
---
A
-

. (.Logitech Inc.
-

SmoothVision filter.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
LVSVF2.sys [2180096]

O58
-

SDL:[MD5.A730FC8671A60666D6E877C544DD7CD4]
-

31/01/2005
-

11:12:46
---
A
-

. (.Logitech Inc.
-

USB Statistic Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
LVUSBSta.sys [22016]

O58
-

SDL:[MD5.BE984D604D91C217355CDD3737AAD25D]
-

05/11/2006
-

20:14:07
---
A
-

. (.S3
/Diamond Multimedia Systems
-

NikeDrv Usb Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nikedrv.sys [12032]

O58
-

SDL:[MD5.ADBCBA116496229A163193BBE0BB28CE]
-

25/05/2004
-

06:58:04
---
A
-

. (.NVIDIA Corporation
-

NVIDIA®
nForce(TM) Audio Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvapu.sys [396032]

O58
-

SDL:[MD5.5842A42BF09EB5A48D6AA6115640C6A3]
-

25/05/2004
-

06:58:02
---
A
-

. (.NVIDIA Corporation
-

NVIDIA®
nForce(TM) APU Resource Manager.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvarm.sys [66688]

O58
-

SDL:[MD5.46DEED
4C6C5FA765F9A2C723BE60348D]
-

03/06/2004
-

01:40:46
---
A
-

. (.NVIDIA Corporation
-

NVIDIA®
nForce(TM) IDE Performance Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvatabus.sys [79360]

O58
-

SDL:[MD5.47B3852808DD579A463FCE7085B77413]
-

25/05/2004
-

06:58:02
--
-
A
-

. (.NVIDIA Corporation
-

NVIDIA®
nForce(TM) MCP Audio Enumerator.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvax.sys [48640]

O58
-

SDL:[MD5.23297B3C2FF3510E2E760714FC6F094E]
-

17/05/2004
-

05:00:52
---
A
-

.
(.NVIDIA Corporation
-

NVIDIA
Networking Function Driv
er..)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
NVENETFD.sys [33280]

O58
-

SDL:[MD5.148B8CFF6EDDB62BA7192EA7B49B1F11]
-

25/05/2004
-

06:58:04
---
A
-

. (.NVIDIA Corporation
-

NVIDIA®
nForce(TM) MCP APU Audio Library.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvmcp.sys [96256
0]

O58
-

SDL:[MD5.BCC3722A2DB99AD6F367344997C26654]
-

17/05/2004
-

05:00:54
---
A
-

. (.NVIDIA Corporation
-

NVIDIA
Networking Bus Driver..)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvnetbus.sys [12928]

O58
-

SDL:[MD5.4EA62941746405FC16D449AA1D87C74B]
-

17/05/2004
-

05:00:42
---
A
-

. (.NVIDIA Corporation
-

NVIDIA Network
Resource Manager..)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvnrm.sys [56960]

O58
-

SDL:[MD5.A0BD30D3C35DA4AB6E042A885841B37B]
-

17/05/2004
-

05:00:34
---
A
-

.
(.NVIDIA Corporation
-

NVIDIA
Networking Soft
-
NP
U Driver..)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nvsnpu.sys [191232]

O58
-

SDL:[MD5.3194E2F6C9000C39DCF9D0580754F714]
-

02/04/2004
-

06:40:00
---
A
-

. (.NVIDIA Corporation
-

NVIDIA nForce
AGP Filter.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
nv_agp.SYS [21760]

O58
-

SD
L:[MD5.E2BF955FE43C7A79D6CDDCF2C100ED78]
-

16/08/2008
-

20:50:57
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
PnkBstrK.sys [136888]

O58
-

SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD]
-

24/08/2001
-

12:00:00
---
A
-

. (.Parallel Technologies, Inc.
-

Parallel
Technologies DirectParallel IO Library.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ptilink.sys [17792]

O58
-

SDL:[MD5.D86B4A68565E444D76457F14172C875A]
-

21/11/2008
-

22:47:48
-----

. (.Sonic Solutions
-

Px Engine Device
Driver for Windows 2000/XP.)
--

C:
\
WINDOWS
\
s
ystem32
\
Drivers
\
PxHelp20.sys [43528]

O58
-

SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7]
-

05/11/2006
-

20:14:07
---
A
-

. (.S3/Diamond Multimedia Systems
-

Rio8Drv.sys Usb Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
rio8drv.sys [12032]

O58
-

SDL:[MD5.0A854DF84
C77A0BE205BFEAB2AE4F0EC]
-

05/11/2006
-

20:14:07
---
A
-

. (.S3/Diamond Multimedia Systems
-

RioDrv Usb Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
riodrv.sys [12032]

O58
-

SDL:[MD5.0505DA5D357F18A5D42FC5DEDE6BC9A0]
-

22/01/2012
-

20:47:05
---
A
-

. (.Sunbelt So
ftware
-

Anti
-
Rootkit
Engine.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
SBREDrv.sys [101720]

O58
-

SDL:[MD5.BA0D892D2F786BCEBDF03B0A252B47F3]
-

21/12/2009
-

14:57:58
---
A
-

. (.Macrovision Europe Ltd
-

Macrovision
SECURITY Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
se
cdrv.sys [12400]

O58
-

SDL:[MD5.B4664C1EE39A5B7FC112F4077F8D21A5]
-

19/11/2009
-

14:33:20
---
A
-

. (.Prolific Technology Inc.
-

USB
-
to
-
Serial Cable Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
ser2pl.sys [51200]

O58
-

SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A
9]
-

05/11/2006
-

20:14:07
---
A
-

. (.Toshiba Corporation
-

WDM Toshiba
Tecra Video Capture Driver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
tsbvcap.sys [21376]

O58
-

SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F]
-

05/11/2006
-

20:14:07
---
A
-

. (.RAVISENT Technologie
s Inc.
-

CineMaster C WDM DVD Minidriver.)
--

C:
\
WINDOWS
\
system32
\
Drivers
\
vdmindvd.sys [58112]

O58
-

SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ansi.sys [9037]

O58
-

SDL:[MD5.0FE9F16075C9ACB9
41C957B7C649176E]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
country.sys [27097]

O58
-

SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
himem.sys [4912]

O58
-

SDL:[MD5.582BCDD47CF
4B68B5CB528F18E3CB808]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
key01.sys [42809]

O58
-

SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8]
-

03/08/2004
-

21:46:56
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
keyboard.sys [42537]

O58
-

SDL:[MD5.9131
FE60ADFAB595C8DA53AD6A06AA31]
-

04/01/2005
-

10:43:08
---
A
-

. (.INCA Internet Co., Ltd.
-

nProtect
NPSC Kernel Mode Driver for NT.)
--

C:
\
WINDOWS
\
system32
\
npptNT2.sys [4682]

O58
-

SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5]
-

24/08/2001
-

12:00:00
---
A
-

.

(...)
--

C:
\
WINDOWS
\
system32
\
ntdos.sys [27916]

O58
-

SDL:[MD5.CF9ED169FF86D935E47999E82359E898]
-

24/08/2001
-

12:00:00
---
A
-

.
(...)
--

C:
\
WINDOWS
\
system32
\
ntdos404.sys [29146]

O58
-

SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntdos411.sys [29370]

O58
-

SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntdos412.sys [29274]

O58
-

SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B]
-

24/08/2001
-

12:00:00
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntdos804.sys [29146]

O58
-

SDL:[MD5.CAAA108FD7BF71989946B39704323455]
-

03/08/2004
-

21:45:26
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntio.sys
[34000]

O58
-

SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F]
-

03/08/
2004
-

21:45:16
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntio404.sys [34560]

O58
-

SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45]
-

03/08/2004
-

21:45:12
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntio411.sys [35648]

O58
-

SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217]
-

03/08/2004
-

21:45:16
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntio412.sys [35424]

O58
-

SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311]
-

03/08/2004
-

21:45:14
---
A
-

. (...)
--

C:
\
WINDOWS
\
system32
\
ntio804.sys [34560]

O58
-

SDL:[MD5.2F9806B52CB3748B1E49222744
B28E3C]
-

25/12/2008
-

21:29:45
---
A
-

. (.Printing Communications Assoc., Inc.
(PCAUS
-

PCAUSA NDIS 5.0 Protocol Driver.)
--

C:
\
WINDOWS
\
system32
\
PCANDIS5.SYS [17134]

O58
-

SDL:[MD5.A16FB34E56C781DC56BE7492315655B9]
-

03/08/2005
-

16:05:02
---
A
-

. (.Proli
fic Technology Inc.
-

USB
-
Serial
USB Driver.)
--

C:
\
WINDOWS
\
system32
\
SER9PL.sys [35892]

~ Scan Drivers in 00mn 04s




---
\
\

Liste des outils de nettoyage (O63)

O63
-

Logiciel: ZHPDiag 1.30
-

(.Nicolas Coolman.) [HKLM]
--

ZHPDiag_is1

~ Scan ADS in 00mn 00
s




---
\
\

Liste des services Legacy (O64)

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
Aavmker4.sys (Aavmker4) .(.AVAST Software
-

avast! Base
Kernel
-
Mode Device Driver for W.)
-

LEGACY_AAVMKER4

O64
-

Services: CurCS
-

31/03/2007
-

C:
\
Program Files
\
Fichiers communs
\
Adobe Systems Shared
\
Service
\
Adobelmsvc.exe (Adobe
LM Service) .(.Adobe Systems
-

System Level Service Utility.)
-

LEGACY_ADOBE_LM_SERVICE

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
aswFsBlk.sys (aswFs
Blk) .(.AVAST Software
-

avast! File
System Access Blocking Driver.)
-

LEGACY_ASWFSBLK

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
aswMon2.sys (aswMon2) .(.AVAST Software
-

avast! File
System Filter Driver for Window.)
-

LEGACY_ASWMO
N2

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
aswRdr.sys (aswRdr) .(.AVAST Software
-

avast! TDI
Redirect Driver.)
-

LEGACY_ASWRDR

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
aswSnx.sys (aswSnx) .(.AVAST Softwar
e
-

avast!
Virtualization Driver.)
-

LEGACY_ASWSNX

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system32
\
Drivers
\
aswSP.sys (aswSP) .(.AVAST Software
-

avast! self
protection module.)
-

LEGACY_ASWSP

O64
-

Services: CurCS
-

??
\
??
\
????
-

C:
\
WINDOWS
\
system
32
\
Drivers
\
aswTdi.sys (aswTdi) .(.AVAST Software
-

avast! TDI Filter
Driver.)
-

LEGACY_ASWTDI

O64
-

Services: CurCS
-

02/03/2007
-

C:
\
WINDOWS
\
system32
\
Ati2evxx.exe (Ati HotKey Poller) .(.ATI Technologies Inc.
-

ATI
External Event Utility EXE Module.)
-

L
EGACY_ATI_HOTKEY_POLLER

O64
-

Services: CurCS
-

06/03/2007
-

C:
\
WINDOWS
\
system32
\
ati2sgag.exe (ATI Smart) .(.Pas de propriétaire
-

ATI Smart.)
-

LEGACY_ATI_SMART

O64
-

Services: CurCS
-

07/03/2012
-

C:
\
Program Files
\
AVAST Software
\
Avast
\
AvastSvc.exe (avas
t! Antivirus) .(.AVAST Software
-

avast! Service.)
-

LEGACY_AVAST!_ANTIVIRUS

O64
-

Services: CurCS
-

03/09/2007
-

C:
\
Program Files
\
Fichiers communs
\
BOONTY Shared
\
Service
\
Boonty.exe (Boonty Games)
.(.BOONTY
-

System Level Service Utility.)
-

LEGACY_BOONTY
_GAMES

O64
-

Services: CurCS
-

??
\
??
\
????
-

(DcomLaunch) .(.
-

.)
-

LEGACY_DCOMLAUNCH

O64
-

Services: CurCS
-

19/08/2004
-

C:
\
WINDOWS
\
system32
\
drivers
\
dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software
-

Pilote de démarrage du gestionnaire de disq
.)
-

LEGACY_DMBOOT

O64
-

Services: CurCS
-

24/08/2001
-

C:
\
WINDOWS
\
system32
\
drivers
\
dmload.sys (dmload) .(.Microsoft Corp., Veritas Software.
-

NT Disk Manager Startup Driver.)
-

LEGACY_DMLOAD

O64
-

Services: CurCS
-

19/08/2004
-

C:
\
WINDOWS
\
system32
\
svcho
st.exe (Dnscache) .(.Microsoft Corporation
-

Generic Host
Process for Win32 Services.)
-

LEGACY_DNSCACHE

O64
-

Services: CurCS
-

25/06/2009
-

C:
\
Program Files
\
Google
\
Update
\
GoogleUpdate.exe (gupdate1c9f5c63a45491e) .(.Google
Inc.
-

Programme d'installati
on de Google.)
-

LEGACY_GUPDATE1C9F5C63A45491E

O64
-

Services: CurCS
-

09/11/2011
-

C:
\
Program Files
\
Google
\
Common
\
Google Updater
\
GoogleUpdaterService.exe (gusvc)
.(.Google
-

gusvc.)
-

LEGACY_GUSVC

O64
-

Services: CurCS
-

03/04/2005
-

C:
\
Program Files
\
Fic
hiers communs
\
InstallShield
\
Driver
\
11
\
Intel 32
\
IDriverT.exe (IDriverT)
.(.Macrovision Corporation
-

IDriverT Module.)
-

LEGACY_IDRIVERT

O64
-

Services: CurCS
-

26/02/2012
-

C:
\
Program Files
\
Java
\
jre6
\
bin
\
jqs.exe (JavaQuickStarterService) .(.Sun Microsyst
ems, Inc.
-

Java(TM) Quick Starter Service.)
-

LEGACY_JAVAQUICKSTARTERSERVICE

O64
-

Services: CurCS
-

03/11/2011
-

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AAWService.exe (Lavasoft Ad
-
Aware Service)
.(.Lavasoft Limited
-

Ad
-
Aware Service Application.)
-

LEGACY_
LAVASOFT_AD
-
AWARE_SERVICE

O64
-

Services: CurCS
-

03/11/2011
-

C:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
KernExplorer.sys
-

Lavasoft helper driver (Lavasoft
Kernexplorer) .(...)
-

LEGACY_LAVASOFT_KERNEXPLORER

O64
-

Services: CurCS
-

03/11/2011
-

C:
\
WINDOWS
\
syste
m32
\
DRIVERS
\
Lbd.sys (Lbd) .(.Lavasoft AB
-

Boot Driver.)
-

LEGACY_LBD

O64
-

Services: CurCS
-

13/08/2008
-

C:
\
WINDOWS
\
system32
\
PnkBstrA.exe
-

PnkBstrA (PnkBstrA) .(...)
-

LEGACY_PNKBSTRA

O64
-

Services: CurCS
-

??
\
??
\
????
-

(RpcSs) .(.
-

.)
-

LEGACY_RP
CSS

O64
-

Services: CurCS
-

14/01/2009
-

C:
\
Program Files
\
Microsoft
\
Search Enhancement Pack
\
SeaPort
\
SeaPort.exe (SeaPort)
.(.Microsoft Corp.
-

Microsoft SeaPort Search Enhancement Broker.)
-

LEGACY_SEAPORT

O64
-

Services: CurCS
-

21/12/2009
-

C:
\
WINDOWS
\
s
ystem32
\
DRIVERS
\
secdrv.sys (Secdrv) .(.Macrovision Europe Ltd
-

Macrovision SECURITY Driver.)
-

LEGACY_SECDRV

O64
-

Services: CurCS
-

??
\
??
\
????
-

(TermService) .(.
-

.)
-

LEGACY_TERMSERVICE

~ Scan Services in 00mn 01s




---
\
\

File Associations Shell S
pawning (O67)

O67
-

Shell Spawning: <.bat> <batfile>[HKLM
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.cpl> <cplfile>[HKLM
\
..
\
cplopen
\
Command] (.Microsoft Corporation
-

DLL commune du shell Windows.)
--

C:
\
WINDOWS
\
system32
\
shell32.dll

O67
-

Sh
ell Spawning: <.cmd> <cmdfile>[HKLM
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.com> <comfile>[HKLM
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.exe> <exefile>[HKLM
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.html>
<htmlfile>[HKLM
\
..
\
open
\
Command] (.Microsoft Corporation
-

Internet Explorer.)
--

C:
\
Program
Files
\
Internet Explorer
\
IEXPLORE.exe

O67
-

Shell Spawning: <.js> <JSFile>[HKLM
\
..
\
open
\
Command] (.Microsoft Corporation
-

Microsoft (r) Windows Based Script Host.)

-
-

C:
\
WINDOWS
\
system32
\
WScript.exe

O67
-

Shell Spawning: <.reg> <regfile>[HKLM
\
..
\
open
\
Command] (.Microsoft Corporation
-

Éditeur du Registre.)
--

C:
\
WINDOWS
\
regedit.exe

O67
-

Shell Spawning: <.html> <htmlfile>[HKCU
\
..
\
open
\
Command] (.Not Key.)

O67
-

Shel
l Spawning: <.bat> <batfile>[HKCR
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.cpl> <cplfile>[HKCR
\
..
\
cplopen
\
Command] (.Microsoft Corporation
-

DLL commune du shell Windows.)
--

C:
\
WINDOWS
\
system32
\
shell32.dll

O67
-

Shell Spawning: <.cmd> <cm
dfile>[HKCR
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.com> <comfile>[HKCR
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.exe> <exefile>[HKCR
\
..
\
open
\
Command] (...)
--

"%1" %*

O67
-

Shell Spawning: <.html> <htmlfile>[HKCR
\
..
\
open
\
Command] (.Microsoft Corporation
-

Internet Explorer.)
--

C:
\
Program
Files
\
Internet Explorer
\
IEXPLORE.exe

O67
-

Shell Spawning: <.js> <JSFile>[HKCR
\
..
\
open
\
Command] (.Microsoft Corporation
-

Microsoft (r) Windows Based Script Host.)
-
-

C:
\
WINDOWS
\
system32
\
WScript.exe

O67
-

Shell Spawning: <.reg> <regfile>[HKCR
\
..
\
open
\
Command] (.Microsoft Corporation
-

Éditeur du Registre.)
--

C:
\
WINDOWS
\
regedit.exe

~ Scan Keys in 00mn 00s




---
\
\

Start Menu Internet (O68)

O68
-

StartMenuInternet: <chrome.exe> <>[HKLM
\
..
\
S
hell
\
open
\
Command] (.Google Inc.
-

Google Chrome.)
--

C:
\
Program
Files
\
Google
\
Chrome
\
Application
\
chrome.exe

O68
-

StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM
\
..
\
Shell
\
open
\
Command] (.Mozilla Corporation
-

Firefox.)
--

C:
\
Program Files
\
Mozilla F
irefox
\
firefox.exe

O68
-

StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM
\
..
\
Shell
\
open
\
Command] (.Google Inc.
-

Google Chrome.)
--

C:
\
Program Files
\
Google
\
Chrome
\
Application
\
chrome.exe

O68
-

StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKL
M
\
..
\
Shell
\
open
\
Command] (.Microsoft Corporation
-

Internet
Explorer.)
--

C:
\
Program Files
\
Internet Explorer
\
iexplore.exe

O68
-

StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM
\
..
\
InstallInfo
\
ShowIconsCommand] (.Mozilla Corporation
-

Firefox Helper.
)
--

C:
\
Program Files
\
Mozilla Firefox
\
uninstall
\
helper.exe

O68
-

StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM
\
..
\
InstallInfo
\
ShowIconsCommand] (.Google Inc.
-

Google
Chrome.)
--

C:
\
Program Files
\
Google
\
Chrome
\
Application
\
chrome.exe

O68
-

StartMe
nuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM
\
..
\
InstallInfo
\
ShowIconsCommand] (.Microsoft Corporation
-

IE Per
-
User Initialization Utility.)
--

C:
\
WINDOWS
\
system32
\
ie4uinit.exe

O68
-

StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM
\
..
\
Install
Info
\
ReinstallCommand] (.Mozilla Corporation
-

Firefox
Helper.)
--

C:
\
Program Files
\
Mozilla Firefox
\
uninstall
\
helper.exe

O68
-

StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM
\
..
\
InstallInfo
\
ReinstallCommand] (.Google Inc.
-

Google
Chrome.)
--

C:
\
Pr
ogram Files
\
Google
\
Chrome
\
Application
\
chrome.exe

O68
-

StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM
\
..
\
InstallInfo
\
ReinstallCommand] (.Microsoft Corporation
-

IE
Per
-
User Initialization Utility.)
--

C:
\
WINDOWS
\
system32
\
ie4uinit.exe

O68
-

Star
tMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM
\
..
\
InstallInfo
\
HideIconsCommand] (.Mozilla Corporation
-

Firefox
Helper.)
--

C:
\
Program Files
\
Mozilla Firefox
\
uninstall
\
helper.exe

O68
-

StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM
\
..
\
InstallI
nfo
\
HideIconsCommand] (.Google Inc.
-

Google
Chrome.)
--

C:
\
Program Files
\
Google
\
Chrome
\
Application
\
chrome.exe

O68
-

StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM
\
..
\
InstallInfo
\
HideIconsCommand] (.Microsoft Corporation
-

IE Per
-
User Initializ
ation Utility.)
--

C:
\
WINDOWS
\
system32
\
ie4uinit.exe

~ Scan Keys in 00mn 02s




---
\
\

Search Browser Infection (O69)

O69
-

SBI: SearchScopes [HKCU] {0633EE93
-
D776
-
472f
-
A0FF
-
E1416B8B2E3A}
-

()
-

http://search.live.com

O69
-

SBI: SearchScopes [HKCU] {069DAA0C
-
7795
-
46FA
-
A6FD
-
56FF9525334A} [DefaultScope]
-

(Google)
-

http://www.google.com

O69
-

SBI: SearchScopes [HKCU] {9D5BD211
-
422C
-
4164
-
9298
-
BB4186A30F31}
-

(Bing)
-

http://www.bing.com

O69
-

SBI: SearchScopes [HKCU] {afdbddaa
-
5d3f
-
42ee
-
b79c
-
185a7020515b}
-

(SF
T_France Customized Web Search)
-

http://search.conduit.com

O69
-

SBI: SearchScopes [HKCU] {BFFED5CA
-
8BDF
-
47CC
-
AED0
-
23F4E6D77732}
-

(SearchTheWeb)
-

http://search.iminent.com

~ Scan Keys in 00mn 00s




---
\
\

Recherche des services démarrés par Svchost (O83
)

O83
-

Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation
-

Service Installation de logiciels.)
--

C:
\
WINDOWS
\
system32
\
appmgmts.dll [176640]

O83
-

Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation
-

Windows Audio S
ervice.)
--

C:
\
WINDOWS
\
system32
\
audiosrv.dll [42496]

O83
-

Search Svchost Services: Browser (Browser) . (.Microsoft Corporation
-

Computer Browser Service DLL.)
--

C:
\
WINDOWS
\
system32
\
browser.dll [77312]

O83
-

Search Svchost Services: CryptSvc (CryptSv
c) . (.Microsoft Corporation
-

Cryptographic Services.)
--

C:
\
WINDOWS
\
system32
\
cryptsvc.dll [60416]

O83
-

Search Svchost Services: DMServer (DMServer) .
(.Microsoft Corp.
-

DLL Service gestionnaire de disque logique.)
--

C:
\
WINDOWS
\
system32
\
dmserver.dll

[24576]

O83
-

Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation
-

Service client DHCP.)
--

C:
\
WINDOWS
\
system32
\
dhcpcsvc.dll [112640]

O83
-

Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation
-

Windows Error Reporting Service.)

--

C:
\
WINDOWS
\
system32
\
ersvc.dll [23040]

O83
-

Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation
-

Pas de description.)
--

C:
\
WINDOWS
\
system32
\
es.dll [243200]

O83
-

Search Svchost Services: FastUserSwitchingCompatibility (Fa
stUserSwitchingCompatibility) . (.Microsoft Corporation
-

Dll des
services Windows Shell.)
--

C:
\
WINDOWS
\
system32
\
shsvcs.dll [135680]

O83
-

Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation
-

HID Audio Service.)
--

C:
\
WINDOWS
\
system32
\
hidserv.dll [21504]

O83
-

Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation
-

Server Service DLL.)
--

C:
\
WINDOWS
\
system32
\
srvsvc.dll [96768]

O83
-

Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft

Corporation
-

Workstation Service DLL.)
--

C:
\
WINDOWS
\
system32
\
wkssvc.dll [132096]

O83
-

Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation
-

NT Messenger Service.)
--

C:
\
WINDOWS
\
system32
\
msgsvc.dll [33792]

O83
-

Search Svchost S
ervices: Netman (Netman) .
(.Microsoft Corporation
-

Gestionnaire de connexions réseau.)
--

C:
\
WINDOWS
\
system32
\
netman.dll [197632]

O83
-

Search Svchost Services: Nla (Nla) . (.Microsoft Corporation
-

Fournisseur de service Sockets 2.0 de Microsoft Windo
ws.)
--

C:
\
WINDOWS
\
system32
\
mswsock.dll [247808]

O83
-

Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation
-

Gestionnaire de stockage amovible.)
--

C:
\
WINDOWS
\
system32
\
ntmssvc.dll [438272]

O83
-

Search Svchost Services: Rasauto (Rasaut
o) . (.Microsoft Corporation
-

Remote Access AutoDial Manager.)
--

C:
\
WINDOWS
\
system32
\
rasauto.dll [89088]

O83
-

Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation
-

Remote Access Connection Manager.)
--

C:
\
WINDOWS
\
system32
\
rasmans.dll
[180736]

O83
-

Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation
-

Dynamic Interface Manager.)
--

C:
\
WINDOWS
\
system32
\
mprdim.dll [49152]

O83
-

Search Svchost Services: Schedule (Schedule) .
(.Microsoft Corporation
-

Moteur du

Planificateur de tâches.)
--

C:
\
WINDOWS
\
system32
\
schedsvc.dll [193024]

O83
-

Search Svchost Services: Seclogon (Seclogon) .
(.Microsoft Corporation
-

DLL de service d'ouverture de session secondaire.)
--

C:
\
WINDOWS
\
system32
\
seclogon.dll [18944]

O83
-

Search Svchost Services: SENS (SENS) .
(.Microsoft Corporation
-

System Event Notification Service (SENS).)
--

C:
\
WINDOWS
\
system32
\
sens.dll [38912]

O83
-

Search Svchost Services: Sharedaccess (Sharedaccess) .
(.Microsoft Corporation
-

Composants de l'app
lication d'assistance
à Microsoft NAT.)
--

C:
\
WINDOWS
\
system32
\
ipnathlp.dll [332800]

O83
-

Search Svchost Services: SRService (SRService) .
(.Microsoft Corporation
-

Service de restauration du système.)
--

C:
\
WINDOWS
\
system32
\
srsvc.dll [171008]

O83
-

S
earch Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation
-

Serveur de téléphonie Microsoft® Windows(TM).)
--

C:
\
WINDOWS
\
system32
\
tapisrv.dll [249344]

O83
-

Search Svchost Services: Themes (Themes) . (.Microsoft Corporation
-

Dll des services W
indows Shell.)
--

C:
\
WINDOWS
\
system32
\
shsvcs.dll [135680]

O83
-

Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation
-

Distributed Link Tracking Client.)
--

C:
\
WINDOWS
\
system32
\
trkwks.dll [90624]

O83
-

Search Svchost Services: W32Time (W3
2Time) . (.Microsoft Corporation
-

Service de temps Windows.)
--

C:
\
WINDOWS
\
system32
\
w32time.dll [177664]

O83
-

Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation
-

Service configuration automatique sans fil.)
--

C:
\
WINDOWS
\
system32
\
wzcsv
c.dll [474624]

O83
-

Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation
-

API avancées Windows 32.)
--

C:
\
WINDOWS
\
system32
\
advapi32.dll [685056]

O83
-

Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation
-

WMI.)
--

C:
\
WINDOWS
\
system32
\
wbem
\
WMIsvc.dll
[145408]

O83
-

Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation
-

Windows Security Center Service.)
--

C:
\
WINDOWS
\
system32
\
wscsvc.dll [81408]

O83
-

Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corp
oration
-

Network Provisioning Service.)
--

C:
\
WINDOWS
\
system32
\
xmlprov.dll [129536]

O83
-

Search Svchost Services: BITS (BITS) . (.Microsoft Corporation
-

Service de transfert intelligent en arrière
-
plan.)
--

C:
\
WINDOWS
\
system32
\
qmgr.dll [382464]

O83
-

Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation
-

Windows Update AutoUpdate Service.)
--

C:
\
WINDOWS
\
system32
\
wuauserv.dll [6656]

O83
-

Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation
-

Dll d
es services Windows Shell.)
-
-

C:
\
WINDOWS
\
system32
\
shsvcs.dll [135680]

O83
-

Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation
-

Microsoft PCHealth Service Holder.)
--

C:
\
WINDOWS
\
PCHealth
\
HelpCtr
\
Binaries
\
pchsvc.dll [38912]

O83
-

Sea
rch Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation
-

Microsoft Media Device Service Provider.)
-
-

C:
\
WINDOWS
\
system32
\
MsPMSNSv.dll [27136]

~ Scan Services in 00mn 01s




---
\
\

Recherche particuliere à la racine de certains dossiers (O84)

[MD5.2AFDFE7E4CEFCCF77EEE9B2D8105D03C] [SPRF][20/01/2012] (...)
--

C:
\
Documents and Settings
\
ROTH
\
Application
Data
\
6mmiq154n2x0zzjm.dat [8]

[MD5.A719B9EE6116B496F4000C0B1311EA13] [SPRF][11/08/2008] (...)
--

C:
\
Documents and Settings
\
ROTH
\
Application
Dat
a
\
PnkBstrK.sys [22328]

[MD5.70AE5CA39E244746CD0FB1DA4F0A06FF] [SPRF][22/02/2012] (...)
--

C:
\
Documents and
Settings
\
ROTH
\
Bureau
\
cacaoweb.exe [420352]

[MD5.06FB2F15B040E8A579F8410705DDF13C] [SPRF][20/01/2012] (...)
--

C:
\
Documents and
Settings
\
ROTH
\
Bure
au
\
CT3031774_SFT_France.exe [3283968]

[MD5.3114F13AF9657736540F40EAA914FA49] [SPRF][15/05/2009] (.Mozilla
-

Firefox.)
--

C:
\
Documents and
Settings
\
ROTH
\
Bureau
\
Firefox Setup 3.0.10.exe [7626192]

[MD5.6D4DCFF45E0D85C332D324DB695BFC51] [SPRF][27/01/2010]
(.Mozilla
-

Firefox.)
--

C:
\
Documents and
Settings
\
ROTH
\
Bureau
\
Firefox Setup 3.6.exe [8382888]

[MD5.C1BE7BDF79452D5445A33F3002F89060] [SPRF][03/01/2009] (.Beepa P/L
-

Fraps.)
--

C:
\
Program Files
\
fraps.dll [188416]

[MD5.660A60936E67C926FA9860356CF48EB8]

[SPRF][03/01/2009] (.Beepa P/L
-

Fraps.)
--

C:
\
Program Files
\
fraps.exe
[1031848]

[MD5.5DDF964622A3F8B6CAE486110ABCDB58] [SPRF][03/01/2009] (.Beepa P/L
-

Fraps.)
--

C:
\
Program Files
\
fraps64.dat
[74920]

[MD5.310A975A07C9D8A1161B46866D7D9AB8] [SPRF][03/0
1/2009] (.Beepa P/L
-

Fraps.)
--

C:
\
Program Files
\
fraps64.dll
[128512]

[MD5.F4E44BCFBA270560B0CBDE2D0ED35B45] [SPRF][03/01/2009] (.Beepa P/L
-

Fraps.)
--

C:
\
Program Files
\
frapslcd.dll
[159744]

[MD5.DF6D67EEC2B72C39F0C2C5663312D074] [SPRF][28/04/2009] (
...)
--

C:
\
Program Files
\
uninstall.exe [34561]

[MD5.80F4A456633F78A26A3C6B16E64EFEC5] [SPRF][28/09/2007] (.Microsoft
-

Uno Messenger.)
--

C:
\
WINDOWS
\
Downloaded
Program Files
\
GAME_UNO1.dll [381960]

[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [SPRF][22/02/200
7] (.Microsoft Corporation
-

Zone.com Stats Client for MSN
Messenger.)
--

C:
\
WINDOWS
\
Downloaded Program Files
\
MessengerStatsPAClient.dll [304544]

[MD5.1E5CFDF9AEBDD84305A4C8154277A269] [SPRF][28/02/2007] (.Microsoft Corporation
-

Zone.com Checkers for MS
N
Messenger.)
--

C:
\
WINDOWS
\
Downloaded Program Files
\
msgrchkr.dll [131472]

~ Scan Files in 00mn 03s




---
\
\

Scan Additionnel (O88)

Database Version : 9096
-

(25/04/2012)

Clés trouvées (Keys found) : 48

Valeurs trouvées (Values found) : 3

Dossiers trouvé
s (Folders found) : 6

Fichiers trouvés (Files found) : 0


[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
App Management
\
ARPCache
\
conduitEngine] =>Toolbar.Conduit

[HKLM
\
Software
\
Classes
\
.b4f] =>Adware.Burn4Free

[HKLM
\
Software
\
Classes
\
burn4free projec
t] =>Adware.Burn4Free

[HKLM
\
Software
\
Classes
\
Conduit.Engine] =>Toolbar.Conduit

[HKLM
\
Software
\
Classes
\
eorezobho.eobho] =>PUP.Eorezo

[HKLM
\
Software
\
Classes
\
eorezobho.eobho.1] =>PUP.Eorezo

[HKLM
\
Software
\
Classes
\
Toolbar3.CustomInternetSecurityImpl]

=>Toolbar.Agent

[HKLM
\
Software
\
Classes
\
Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent

[HKLM
\
Software
\
Classes
\
URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent

[HKLM
\
Software
\
Classes
\
urlsearchhook.toolbarurlsearchhook] =>Adware.Agent

[HKLM
\
Software
\
Classes
\
urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent

[HKLM
\
Software
\
Classes
\
TypeLib
\
{4509D3CC
-
B642
-
4745
-
B030
-
645B79522C6D}] =>Toolbar.Conduit

[HKLM
\
Software
\
Classes
\
Interface
\
{4897bba6
-
48d9
-
468c
-
8efa
-
846275d7701b}] =>Adware.SocialSki
nz

[HKLM
\
Software
\
Classes
\
AppID
\
{4CE516A7
-
F7AC
-
4628
-
B411
-
8F886DC5733E}] =>Adware.SocialSkinz

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Ext
\
Stats
\
{58124A0B
-
DC32
-
4180
-
9BFF
-
E0E21AE34026}]
=>Adware.IMBooster

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVe
rsion
\
Ext
\
Settings
\
{58124A0B
-
DC32
-
4180
-
9BFF
-
E0E21AE34026}]
=>Adware.IMBooster

[HKLM
\
Software
\
Classes
\
CLSID
\
{58124A0B
-
DC32
-
4180
-
9BFF
-
E0E21AE34026}] =>Adware.IMBooster

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
Browser Helper Objects
\
{58124
A0B
-
DC32
-
4180
-
9BFF
-
E0E21AE34026}] =>Adware.IMBooster

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Ext
\
Stats
\
{977AE9CC
-
AF83
-
45E8
-
9E03
-
E2798216E2D5}]
=>Adware.IMBooster

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Ext
\
Settings
\
{977AE9CC
-
AF83
-
45E8
-
9
E03
-
E2798216E2D5}]
=>Adware.IMBooster

[HKLM
\
Software
\
Classes
\
CLSID
\
{977AE9CC
-
AF83
-
45E8
-
9E03
-
E2798216E2D5}] =>Adware.IMBooster

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Ext
\
Stats
\
{A09AB6EB
-
31B5
-
454C
-
97EC
-
9B294D92EE2A}]
=>Adware.IMBooster

[HKCU
\
S
oftware
\
Microsoft
\
Windows
\
CurrentVersion
\
Ext
\
Settings
\
{A09AB6EB
-
31B5
-
454C
-
97EC
-
9B294D92EE2A}]
=>Adware.IMBooster

[HKLM
\
Software
\
Classes
\
CLSID
\
{A09AB6EB
-
31B5
-
454C
-
97EC
-
9B294D92EE2A}] =>Adware.IMBooster

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Exp
lorer
\
Browser Helper Objects
\
{A09AB6EB
-
31B5
-
454C
-
97EC
-
9B294D92EE2A}] =>Adware.IMBooster

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Uninstall
\
{A76AA284
-
E52D
-
47E6
-
9E4F
-
B85DBF8E35C3}]
=>Adware.IMBooster

[HKCU
\
Software
\
Microsoft
\
Internet Explorer
\
Sear
chScopes
\
{afdbddaa
-
5d3f
-
42ee
-
b79c
-
185a7020515b}] =>Toolbar.Conduit

[HKLM
\
Software
\
Classes
\
Interface
\
{b0d071a1
-
36b3
-
4757
-
a126
-
14c89c56013a}] =>PUP.Eorezo

[HKLM
\
Software
\
Classes
\
TypeLib
\
{B4C656C9
-
F2E9
-
4E77
-
B3F4
-
443DF2BD778F}] =>PUP.Eorezo

[HKLM
\
Softwar
e
\
Classes
\
Interface
\
{E67D5BC7
-
7129
-
493E
-
9281
-
F47BDAFACE4F}] =>Adware. BullseyeToolbar

[HKLM
\
Software
\
Microsoft
\
Internet Explorer
\
Low Rights
\
ElevationPolicy
\
{E6B969FB
-
6D33
-
48d2
-
9061
-
8BBD4899EB08}]
=>Adware.IMBooster

[HKCU
\
Software
\
cacaoweb] =>PUP.Caca
oWeb

[HKCU
\
Software
\
conduitEngine] =>Toolbar.Conduit

[HKCU
\
Software
\
eorezo] =>PUP.Eorezo

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
MenuOrder
\
Start Menu
\
Programs
\
eorezo] =>PUP.Eorezo

[HKLM
\
Software
\
eorezo] =>PUP.Eorezo

[HKCU
\
Software
\
freeze.com] =>Adware.BHO

[HKLM
\
Software
\
freeze.com] =>Adware.BHO

[HKCU
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Explorer
\
MenuOrder
\
Start Menu
\
Programs
\
Iminent] =>Adware.IMBooster

[HKLM
\
Software
\
Iminent] =>Adware.IMBooster

[HKCU
\
Software
\
pdfforge.o
rg] =>PUP.Dealio

[HKLM
\
Software
\
pdfforge.org] =>PUP.Dealio

[HKCU
\
Software
\
Toolbar4Free] =>Toolbar.Agent

[HKCU
\
Software
\
Trymedia Systems] =>Adware.Trymedia

[HKLM
\
Software
\
Trymedia Systems] =>Adware.Trymedia

[HKLM
\
Software
\
Microsoft
\
Windows
\
Current
Version
\
Uninstall
\
IMBoosterARP] =>Adware.IMBooster

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Uninstall
\
SearchTheWebARP] =>Adware.IMBooster

[HKLM
\
Software
\
Classes
\
Toolbar.CT3031774] =>Toolbar.Agent

[HKLM
\
Software
\
Microsoft
\
Internet Explorer
\
Tool
bar]:{30F9B915
-
B755
-
4826
-
820B
-
08FBA6BD249D} =>Toolbar.Conduit

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Run]:EoEngine =>PUP.Eorezo

[HKLM
\
Software
\
Microsoft
\
Windows
\
CurrentVersion
\
Run]:EoWeather =>PUP.Eorezo

C:
\
Program Files
\
cacaoweb =>PUP.Cac
aoWeb

C:
\
Program Files
\
Conduit =>Toolbar.Conduit

C:
\
Program Files
\
Mozilla Firefox
\
Extensions
\
webbooster@iminent.com =>Adware.IMBooster

C:
\
Documents and Settings
\
ROTH
\
Application Data
\
cacaoweb =>PUP.CacaoWeb

C:
\
Documents and Settings
\
ROTH
\
Application
Data
\
EoRezo =>PUP.Eorezo

C:
\
Documents and Settings
\
ROTH
\
Local Settings
\
Application Data
\
Conduit =>Toolbar.Conduit

~ Scan Additionnel in 00mn 11s




---
\
\

Etat général des services non Microsoft (EGS) (SR=Running,
SS=Stopped)

SS
-

| Demand 31/03/2007 72
704 | (Adobe LM Service) . (.Adobe Systems.)
-

C:
\
Program Files
\
Fichiers communs
\
Adobe Systems
Shared
\
Service
\
Adobelmsvc.exe

SR
-

| Auto 02/03/2007 446464 | (Ati HotKey Poller) . (.ATI Technologies Inc..)
-

C:
\
WINDOWS
\
system32
\
Ati2evxx.exe

SS
-

| Auto 5
20192 | (ATI Smart) . (...)
-

C:
\
WINDOWS
\
system32
\
ati2sgag.exe

SR
-

| Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.)
-

C:
\
Program Files
\
AVAST Software
\
Avast
\
AvastSvc.exe

SS
-

| Disabled 0 | (avast! Firewall) . (...)
-

C:
\
Program Files
\
AVAST Software
\
Avast
\
afwServ.exe

SS
-

| Demand 03/09/2007 69120 | (Boonty Games) . (.BOONTY.)
-

C:
\
Program Files
\
Fichiers communs
\
BOONTY
Shared
\
Service
\
Boonty.exe

SS
-

| Demand 19/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.)
-

C:
\
WI
NDOWS
\
system32
\
dmadmin.exe

SS
-

| Auto 25/06/2009 133104 | (gupdate1c9f5c63a45491e) . (.Google Inc..)
-

C:
\
Program Files
\
Google
\
Update
\
GoogleUpdate.exe

SS
-

| Demand 25/06/2009 133104 | (gupdatem) . (.Google Inc..)
-

C:
\
Program Files
\
Google
\
Update
\
Google
Update.exe

SS
-

| Auto 09/11/2011 194104 | (gusvc) . (.Google.)
-

C:
\
Program Files
\
Google
\
Common
\
Google
Updater
\
GoogleUpdaterService.exe

SS
-

| Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.)
-

C:
\
Program Files
\
Fichiers
communs
\
Install
Shield
\
Driver
\
11
\
Intel 32
\
IDriverT.exe

SR
-

| Auto 26/02/2012 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..)
-

C:
\
Program Files
\
Java
\
jre6
\
bin
\
jqs.exe

SS
-

| Auto 03/11/2011 2152152 | (Lavasoft Ad
-
Aware Service) . (.Lavasoft Limited.)
-

C
:
\
Program Files
\
Lavasoft
\
Ad
-
Aware
\
AAWService.exe

SS
-

| Demand 28/11/2007 800040 | (NBService) . (.Nero AG.)
-

C:
\
Program Files
\
Nero
\
Nero 7
\
Nero BackItUp
\
NBService.exe

SS
-

| Demand 13/08/2009 3059100 | (npggsvc) . (.INCA Internet Co., Ltd..)
-

C:
\
WINDOW
S
\
system32
\
GameMon.des

SR
-

| Auto 66872 | (PnkBstrA) . (...)
-

C:
\
WINDOWS
\
system32
\
PnkBstrA.exe

~ Scan Services in 00mn 17s




---
\
\

Recherche Master Boot Record Infection (MBR)(O80) (None)


---
\
\

Recherche Master Boot Record Infection (MBRCheck)(O80) (
None)


End of the scan (1668 lines in 03mn 05s)(0)