ad zanox

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

ad zanox

Messagede stephane0703 » 20 Juil 2011, 17:00

J'ai un truc qui s'appelle ad zanox qui remplace des liens sur internet par des liens ad.zanox.com

Quelqu'un pourrait m'aider ?

j'ai fait une analyse par zhpdiag
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 20 Juil 2011, 17:00

partie 1/2 :

Rapport de ZHPDiag v1.27.242 par Nicolas Coolman, Update du 18/07/2011
Run by stef at 20/07/2011 16:16:06
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19088 (Defaut)
MFIE: Mozilla Firefox 5.0 v

---\\ System Information
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
~ Boot mode: ~ Normal (Normal boot)
Total RAM: 2941 MB (48% free)
~ System Restore: Activé (Enable)
System drive C: has 246 GB (76%) free of 324 GB

---\\ Logged in mode
~ Computer Name: PC-DE-STEF
~ User Name: stef
~ All Users Names: stef, postgres, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
~ Logged in as Administrator

---\\ Environnement Variables
~ %AppData%=C:\Users\stef\AppData\Roaming\
~ %Desktop%=C:\Users\stef\Desktop\
~ %Favorites%=C:\Users\stef\Favorites\
~ %LocalAppData%=C:\Users\stef\AppData\Local\
~ %StartMenu%=C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 246 Go of 324 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 12 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.24/05/2010 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.4B555106290BD117334E9A08761C035A] - (....) (.02/11/2006 - 10:45:37.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/06/2011 - 07:08:58.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.24/05/2010 - 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.24/05/2010 - 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/05/2010 - 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 4/475
~ Mes Documents (My Documents) : 1/18
~ Mon Bureau (My Desktop) : 27/3366
~ Menu demarrer (Programs) : 2/22



---\\ Processus lancés
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- C:\WINDOWS\System32\rundll32.exe [44544]
[MD5.062F3DB9AFA9C3CE0DA52F28595C0C6D] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152]
[MD5.1DD63295FC70706B2BBDAA9064B46C1D] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [340456]
[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696]
[MD5.D9335549EAE48B14FB66EFCB6FFAE736] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [214360]
[MD5.B70278D1459A677639D51892160FD365] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [184320]
[MD5.C2E9F997B2FEFE06C898BFEECF3B63B2] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [610304]
[MD5.8FC85C14B6316745670816F98693A100] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [262144]
[MD5.6C9CD3ECBA6732661C8BBE37A877A2BD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
[MD5.4486AD32BB05628967695FCA1BADD46E] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.7AC79A518A3A568DD9DC8D9A0B15EAA7] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [658432]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\stef\AppData\Roaming\Mozilla\Firefox\Profiles\mw6f3adv.default\prefs.js
M3 - MFPP: Plugins - [stef] -- C:\Users\stef\AppData\Roaming\Mozilla\Firefox\Profiles\mw6f3adv.default\searchplugins\sweetim.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [stef] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 8.3.0.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.615.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
M0 - MFSP: prefs.js [stef - mw6f3adv.default] http://www.sportytrader.com/manage/logi ... m-poker.eu
M2 - MFEP: prefs.js [stef - mw6f3adv.default\{c45c406e-ab73-11d8-be73-000a95be3b12}] [] Web Developer v1.1.9 (.Chris Pederick.)



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\stef\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.sportytrader.com



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportytrader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKUS\S-1-5-21-900233847-2538001239-2718552667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportytrader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab - IE Virtual Keyboard.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] . (.CyberLink Corp. - HP DVDPlay Resident Program.) -- C:\Program Files\HP\DVDPlay\DPService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [hpqSRMon] Clé orpheline
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-900233847-2538001239-2718552667-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co..) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetClic Poker.lnk . (.Playtech.) -- C:\Poker\BetClic Poker\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chilipoker.fr.lnk . (.Playtech.) -- C:\Poker\Chilipoker.fr\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoaPoker.fr.lnk . (.Playtech.) -- C:\Poker\JoaPoker.fr\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MansionPoker.lnk . (.Playtech.) -- C:\Poker\MansionPoker\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\netbet.it.lnk . (.Playtech.) -- C:\Poker\netbet.it\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk . (.Playtech.) -- C:\Poker\Poker 770\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker83.lnk . (.Playtech.) -- C:\Poker\Poker83\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan Poker.lnk . (.Playtech.) -- C:\Poker\Titan Poker\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan.fr.lnk . (.Playtech.) -- C:\Poker\Titan.fr\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tranchant.lnk . (.Playtech.) -- C:\Poker\Tranchant\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Poker.lnk . (.Playtech.) -- C:\Poker\Winner Poker\casino.exe
O4 - Global Startup: C:\Users\stef\Desktop\ACFPoker.lnk . (...) -- C:\Programs\ACF\ACF.exe
O4 - Global Startup: C:\Users\stef\Desktop\Adobe Dreamweaver CS5.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
O4 - Global Startup: C:\Users\stef\Desktop\ccleaner - Raccourci.lnk . (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Users\stef\Desktop\Chilipoker.fr.lnk . (.Playtech.) -- C:\Poker\Chilipoker.fr\casino.exe
O4 - Global Startup: C:\Users\stef\Desktop\JoaPoker.fr.lnk . (.Playtech.) -- C:\Poker\JoaPoker.fr\casino.exe
O4 - Global Startup: C:\Users\stef\Desktop\Light Image Resizer 4.lnk . (.ObviousIdea SARL.) -- C:\Program Files\ObviousIdea\Image Resizer 4\Resize.exe
O4 - Global Startup: C:\Users\stef\Desktop\LuckyJeux Poker.lnk . (...) -- C:\Programs\LuckyJeux\LUCKYJEUX.exe
O4 - Global Startup: C:\Users\stef\Desktop\Partouche Poker.lnk . (...) -- C:\Users\stef\AppData\Roaming\Partouche Poker\PartoucheFR.exe
O4 - Global Startup: C:\Users\stef\Desktop\PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - Global Startup: C:\Users\stef\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\stef\Desktop\PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - Global Startup: C:\Users\stef\Desktop\Poker83.lnk . (.Playtech.) -- C:\Poker\Poker83\casino.exe
O4 - Global Startup: C:\Users\stef\Desktop\PokerStove.lnk . (...) -- C:\Program Files\PokerStove\PokerStove.exe
O4 - Global Startup: C:\Users\stef\Desktop\proXPN.lnk . (.proXPN.com.) -- C:\Program Files\proXPN\bin\proxpn.exe
O4 - Global Startup: C:\Users\stef\Desktop\redaction (NAS-SPORTREND) - Raccourci.lnk . (...) -- \\NAS-SPORTREND\redaction (.not file.)
O4 - Global Startup: C:\Users\stef\Desktop\Titan.fr.lnk . (.Playtech.) -- C:\Poker\Titan.fr\casino.exe
O4 - Global Startup: C:\Users\stef\Desktop\Tranchant.lnk . (.Playtech.) -- C:\Poker\Tranchant\casino.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk . (.Don HO don.h@free.fr.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk . (.OpenOffice.org.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk . (...) -- C:\Program Files\PokerStove\PokerStove.exe
O4 - Global Startup: C:\Users\stef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter à l'Anti-bannière . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} . (...) -- C:\Programs\PMU\PMUPoker\images\ppicon.ico
O9 - Extra button: PMU Poker - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -- C:\Program Files\PokerStars\main.ico (.not file.)
O9 - Extra button: PMU Poker - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\kbrd.ico
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} . (...) -- C:\Programs\PartyItalia\PartyPokerIt\Images\ppicon.ico
O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} . (...) -- C:\Programs\PartyFrance\PartyPokerFr\images\ppicon.ico
O9 - Extra button: PartyPoker.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} . (...) -- C:\Programs\ACF\ACFPoker\images\ppicon.ico
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} . (...) -- C:\Programs\PartyGaming\PartyPoker\Images\ppicon.ico
O9 - Extra button: PartyPoker.com - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\logo.ico
O9 - Extra button: PartyPoker.com - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} . (...) -- C:\Programs\LuckyJeux\LuckyJeuxPoker\images\ppicon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC8EF16-D610-4CEC-BB50-B6C8FC9A2099}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC8EF16-D610-4CEC-BB50-B6C8FC9A2099}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AC8EF16-D610-4CEC-BB50-B6C8FC9A2099}: NameServer = 8.8.8.8
O17 - HKLM\System\CS3\Services\Tcpip\..\{2AC8EF16-D610-4CEC-BB50-B6C8FC9A2099}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{3062015A-30CB-4FDB-936F-410C19D67DB1}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3062015A-30CB-4FDB-936F-410C19D67DB1}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E790E0-51A8-4D50-B6EC-7B61F509DA67}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E790E0-51A8-4D50-B6EC-7B61F509DA67}: DhcpNameServer = 8.8.8.8 4.2.2.1



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\Windows\system32\klogon.dll



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab - Mozilla 3 Virtual Keyboard.) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Kaspersky PURE (AVP) . (.Kaspersky Lab - Kaspersky Anti-Virus.) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Service de gestion du système CryproStorage (CSObjectsSrv) . (.Infowatch - InfoWatch CryptoStorage Protected objects c.) - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.2.) - C:\Windows\system32\nvvsvc.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
[MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-PC-de-stef-stef] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[MD5.EC16CDD6BA4AA4F02C3615F997F6FD84] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.5173F05D63E3F0ED49465FDFF58B60FF] [APT] [proXPN] (.proXPN.com.) -- C:\Program Files\proXPN\bin\proxpn.exe
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [RecoveryCD] (...) -- C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [Registration] (...) -- C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.8A447432636CC71B1036034B9BFF5342] [APT] [Scheduled Maintenance] (.PC-Doctor, Inc..) -- C:\Program Files\PC-Doctor for Windows\RunProfiler.exe
[MD5.EFB0FCD1CD300E5708E73230D91D6532] [APT] [Scheduled Maintenance Swap] (.PC-Doctor, Inc..) -- C:\Program Files\PC-Doctor for Windows\task_swap.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (CSVirtualDiskDrv) . (.Infowatch - Virtual Volume Container Driver (wxp).) - C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kl1) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\System32\DRIVERS\kl1.sys
O41 - Driver: (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wlh_x86].) - C:\Windows\System32\DRIVERS\klif.sys
O41 - Driver: (KLIM6) . (.Kaspersky Lab - Kaspersky Lab Intermediate Network Driver.) - C:\Windows\System32\DRIVERS\klim6.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {2614F54E-A828-49FA-93BA-45A3F756BFAA}
O42 - Logiciel: 888poker - (.Pas de propriétaire.) [HKLM] -- 888poker
O42 - Logiciel: ACFPoker - (.PartyGaming.) [HKLM] -- ACFPoker
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
O42 - Logiciel: Adobe Dreamweaver CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {C79312BD-3E76-4474-A10C-1435D1856A4B}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8.3.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A83000000003}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Akamai NetSession Interface - (.Pas de propriétaire.) [HKLM] -- Akamai
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: BarrierePoker.fr - (.SOCIETE DE PRESTATIONS INTERNET SAS.) [HKLM] -- fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O42 - Logiciel: BarrierePoker.fr - (.SOCIETE DE PRESTATIONS INTERNET SAS.) [HKLM] -- {5D93917F-4983-260E-3417-393793CAECA3}
O42 - Logiciel: BetClic Poker - (.Pas de propriétaire.) [HKLM] -- BetClic Poker
O42 - Logiciel: Betclic Poker.fr (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Betclic Poker.fr
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Chilipoker.fr - (.Pas de propriétaire.) [HKCU] -- ChilipokerFR
O42 - Logiciel: DVD Play - (.Hewlett-Packard.) [HKLM] -- {45D707E9-F3C4-11D9-A373-0050BAE317E1}
O42 - Logiciel: Eurosport Poker - (.SPS.) [HKLM] -- Eurosport Poker_is1
O42 - Logiciel: Everest Poker (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker
O42 - Logiciel: Everest Poker.fr (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker.fr
O42 - Logiciel: Full Tilt Poker - (.Pas de propriétaire.) [HKLM] -- {D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}
O42 - Logiciel: Full Tilt Poker.Fr - (.Pas de propriétaire.) [HKLM] -- {34785AD0-6276-11DF-A08A-0800200C9A66}
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {73A43E42-3658-4DD9-8551-FACDA3632538}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}
O42 - Logiciel: HP Customer Feedback - (.Hewlett-Packard.) [HKLM] -- {9DBA770F-BF73-4D39-B1DF-6035D95268FC}
O42 - Logiciel: HP Customer Participation Program 10.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Easy Setup - Frontend - (.Hewlett-Packard.) [HKLM] -- {F405DC00-37F3-4A5F-97F4-C1310CCEE53A}
O42 - Logiciel: HP Imaging Device Functions 10.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart All-In-One Driver Software 10.0 Rel .2 - (.HP.) [HKLM] -- {20B30DC1-E423-4939-B51D-05C58B0F9BBB}
O42 - Logiciel: HP Photosmart Essential 3.0 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: HP Recovery Manager RSS - (.Hewlet Packard Company.) [HKLM] -- {A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
O42 - Logiciel: HP Smart Web Printing - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 10.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
O42 - Logiciel: Hewlett-Packard Active Check for Health Check - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Hewlett-Packard Asset Agent for Health Check - (.HP.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Java(TM) 6 Update 26 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: JoaPoker.fr - (.Pas de propriétaire.) [HKCU] -- JoaPoker.fr
O42 - Logiciel: Kaspersky PURE - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}
O42 - Logiciel: Kaspersky PURE - (.Kaspersky Lab.) [HKLM] -- {1A59064A-12A9-469F-99F6-04BF118DBCFF}
O42 - Logiciel: Light Image Resizer 4.0.5.6 - (.ObviousIdea.) [HKLM] -- {EBE030DD-D404-4D92-85E9-8C3624820808}_is1
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {7F10292C-A190-4176-A665-A1ED3478DF86}
O42 - Logiciel: LuckyAcePoker.com - (.Pas de propriétaire.) [HKLM] -- LuckyAcePoker.com
O42 - Logiciel: LuckyJeux Poker - (.PartyGaming.) [HKLM] -- LuckyJeuxPoker
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MansionPoker - (.Pas de propriétaire.) [HKCU] -- Mansion Poker
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 - (.Microsoft Corporation.) [HKLM] -- {E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM] -- {D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM] -- {D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM] -- {D1A19B02-817E-4296-A45B-07853FD74D57}
O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM] -- {033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM] -- {08D2E121-7F6A-43EB-97FD-629B44903403}
O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM] -- {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr)
O42 - Logiciel: MyPok - (.Pas de propriétaire.) [HKLM] -- mypokfr (Poker)
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++
O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {69B040CC-E9B1-4769-950E-87786C9E16AD}
O42 - Logiciel: Outils de diagnostic du matériel - (.PC-Doctor, Inc..) [HKLM] -- PC-Doctor for Windows
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM] -- PMUPoker
O42 - Logiciel: Partouche Poker - (.Partouche Poker.) [HKCU] -- Partouche Poker
O42 - Logiciel: PartyPoker - (.PartyGaming.) [HKLM] -- PartyPoker
O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM] -- PartyPokerFr
O42 - Logiciel: PartyPoker.it - (.PartyItalia.) [HKLM] -- PartyPokerIt
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Poker 770 - (.Pas de propriétaire.) [HKCU] -- Poker 770
O42 - Logiciel: Poker Subito - (.Pas de propriétaire.) [HKLM] -- subitofr (Poker)
O42 - Logiciel: Poker Xtrem - (.Pas de propriétaire.) [HKLM] -- PokerXtremfr (Poker)
O42 - Logiciel: Poker at bet365 - (.Pas de propriétaire.) [HKCU] -- bet365poker
O42 - Logiciel: Poker83 - (.Pas de propriétaire.) [HKCU] -- Poker83
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr
O42 - Logiciel: PokerStove version 1.23 - (.Pas de propriétaire.) [HKLM] -- {6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Python 2.5.2 - (.Python Software Foundation.) [HKLM] -- {6B976ADF-8AE8-434E-B282-A06C7F624D2F}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SAjOO - (.SAjOO.) [HKLM] -- SAjOO_is1
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: SeoDev Synonymizer - (.SeoDevGroup.) [HKLM] -- {B08ABBC4-52E5-46B0-A3AA-FBE4EFEF14FC}
O42 - Logiciel: Titan Poker - (.Pas de propriétaire.) [HKCU] -- Titan Poker
O42 - Logiciel: Titan.fr - (.Pas de propriétaire.) [HKCU] -- Titan.fr
O42 - Logiciel: Tranchant - (.Pas de propriétaire.) [HKCU] -- Tranchant
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- {E94060A2-BAFB-5552-2B8A-B5D2A75E4B7F}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: Winga Poker - (.winga.fr.) [HKLM] -- Winga Poker_is1
O42 - Logiciel: Winga! Poker - (.Buongiorno.) [HKLM] -- Winga! Poker_is1
O42 - Logiciel: Winner Poker - (.Pas de propriétaire.) [HKCU] -- winnerpoker
O42 - Logiciel: bwin Poker - (.Bwin.) [HKLM] -- bwin Poker_is1
O42 - Logiciel: netbet.it - (.Pas de propriétaire.) [HKCU] -- netbet.it
O42 - Logiciel: proXPN 2.4.7 - (.Pas de propriétaire.) [HKLM] -- proXPN
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 20 Juil 2011, 17:01

partie 2/2

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACF]
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BetClic Poker]
[HKCU\Software\Classes]
[HKCU\Software\CyberLink]
[HKCU\Software\Full Tilt Poker.fr]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\GameOnPoker]
[HKCU\Software\Google]
[HKCU\Software\Grand Virtual]
[HKCU\Software\Hercules]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IGA]
[HKCU\Software\JavaSoft]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LuckyAcePokerinstaller]
[HKCU\Software\LuckyJeux]
[HKCU\Software\MGS]
[HKCU\Software\Macromedia]
[HKCU\Software\Microgaming]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\ObviousIdea]
[HKCU\Software\OfferBox]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PMU]
[HKCU\Software\PTECH]
[HKCU\Software\PartoucheFR]
[HKCU\Software\PartyFrance]
[HKCU\Software\PartyGaming]
[HKCU\Software\PartyItalia]
[HKCU\Software\PatchPoker]
[HKCU\Software\Piriform]
[HKCU\Software\PokerStove]
[HKCU\Software\Policies]
[HKCU\Software\Realtime Gaming Software]
[HKCU\Software\Riva Poker]
[HKCU\Software\SOCID]
[HKCU\Software\SOCID_7]
[HKCU\Software\SPS202176]
[HKCU\Software\Softonic]
[HKCU\Software\Software]
[HKCU\Software\Spointer]
[HKCU\Software\SweetIM]
[HKCU\Software\Symantec]
[HKCU\Software\Tranchant Poker]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VHLD]
[HKCU\Software\WPTFrance]
[HKCU\Software\William Hill CASINO CLUB]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\bet365casino]
[HKCU\Software\ej-technologies]
[HKCU\Software\gopokerinstaller]
[HKCU\Software\luckyacepoker]
[HKCU\Software\pacificpoker]
[HKCU\Software\pokerinstaller]
[HKCU\Software\proXPN]
[HKCU\Software\yahooinstall]
[HKLM\Software\ALWIL Software]
[HKLM\Software\Adobe]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Inc.]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\EasyBits]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hercules Technologies]
[HKLM\Software\Hercules]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ICE]
[HKLM\Software\InfoWatch]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KasperskyLab]
[HKLM\Software\LightScribe]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Notepad]
[HKLM\Software\ODBC]
[HKLM\Software\ObviousIdea]
[HKLM\Software\OfferBox]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\PostgreSQL]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\SweetIM]
[HKLM\Software\SymDebug]
[HKLM\Software\Symantec]
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\WholeSecurity]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows]
[HKLM\Software\XHEO INC]
[HKLM\Software\Yooda]
[HKLM\Software\ej-technologies]
[HKLM\Software\mozilla.org]
[HKLM\Software\muvee Technologies]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/06/2011 - 09:01:44 - [639798601] ----D- C:\Program Files\Adobe
O43 - CFD: 21/06/2010 - 12:43:58 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 10/09/2010 - 10:52:14 - [2221118] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 15/07/2011 - 09:08:26 - [16032557] ----D- C:\Program Files\BarrierePoker.fr
O43 - CFD: 31/05/2011 - 16:29:56 - [16859057] ----D- C:\Program Files\BetClic Poker
O43 - CFD: 19/07/2011 - 17:35:24 - [25924229] ----D- C:\Program Files\Betclic Poker.fr
O43 - CFD: 20/05/2010 - 17:18:16 - [2833624] ----D- C:\Program Files\CCleaner
O43 - CFD: 29/11/2010 - 15:33:14 - [491719014] ----D- C:\Program Files\Common Files
O43 - CFD: 27/05/2011 - 16:53:02 - [141796640] ----D- C:\Program Files\CyberLink
O43 - CFD: 01/06/2011 - 16:53:46 - [24137645] ----D- C:\Program Files\Everest Poker
O43 - CFD: 19/07/2011 - 17:34:14 - [26867348] ----D- C:\Program Files\Everest Poker.fr
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 20/10/2010 - 14:32:30 - [0] ----D- C:\Program Files\Fluendo
O43 - CFD: 01/06/2011 - 17:43:24 - [64620811] ----D- C:\Program Files\Full Tilt Poker
O43 - CFD: 11/07/2011 - 15:21:52 - [61779753] ----D- C:\Program Files\Full Tilt Poker.Fr
O43 - CFD: 16/06/2010 - 08:52:06 - [93757103] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 26/08/2008 - 13:08:58 - [238028525] ----D- C:\Program Files\HP
O43 - CFD: 27/05/2011 - 16:53:08 - [26871233] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 17/06/2011 - 12:35:18 - [4566388] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 08/06/2011 - 14:07:30 - [171051449] ----D- C:\Program Files\Java
O43 - CFD: 29/11/2010 - 15:33:14 - [71188211] ----D- C:\Program Files\Kaspersky Lab
O43 - CFD: 01/06/2011 - 17:16:30 - [18348924] ----D- C:\Program Files\LuckyAcePoker.com
O43 - CFD: 17/09/2010 - 15:09:42 - [59775] ----D- C:\Program Files\Microsoft ATS
O43 - CFD: 02/11/2006 - 14:35:52 - [46946424] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 23/07/2010 - 15:59:10 - [54482150] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 17/06/2011 - 12:37:08 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 27/05/2011 - 16:38:16 - [152968] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 25/06/2010 - 12:30:54 - [15715] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 18/08/2010 - 18:13:10 - [20470054] ----D- C:\Program Files\Movie Maker
O43 - CFD: 05/07/2011 - 09:36:24 - [35397493] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 14:35:52 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 21/05/2010 - 09:21:06 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 20/05/2010 - 15:23:40 - [9129712] ----D- C:\Program Files\Notepad++
O43 - CFD: 09/05/2011 - 10:15:52 - [35289140] ----D- C:\Program Files\ObviousIdea
O43 - CFD: 20/10/2010 - 14:31:36 - [96600] ----D- C:\Program Files\OfferBox
O43 - CFD: 20/05/2010 - 17:51:08 - [3337590] R---D- C:\Program Files\Online Services
O43 - CFD: 19/08/2010 - 17:23:50 - [393088865] ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 01/06/2011 - 17:15:12 - [18353959] ----D- C:\Program Files\PacificPoker
O43 - CFD: 26/08/2008 - 13:13:10 - [83261604] ----D- C:\Program Files\PC-Doctor for Windows
O43 - CFD: 20/05/2010 - 17:04:46 - [3688680] ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 30/03/2011 - 12:44:36 - [305829923] ----D- C:\Program Files\PKR
O43 - CFD: 01/06/2011 - 17:09:00 - [82328747] ----D- C:\Program Files\PokerStars
O43 - CFD: 11/07/2011 - 15:20:52 - [71073048] ----D- C:\Program Files\PokerStars.FR
O43 - CFD: 19/07/2011 - 17:00:32 - [21686] ----D- C:\Program Files\PokerStars.IT
O43 - CFD: 15/07/2010 - 17:49:46 - [5475082] ----D- C:\Program Files\PokerStove
O43 - CFD: 06/07/2011 - 16:58:20 - [6419306] ----D- C:\Program Files\proXPN
O43 - CFD: 26/08/2008 - 12:56:10 - [62844252] ----D- C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 14:35:52 - [38694657] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 22/10/2010 - 10:46:56 - [514048] ----D- C:\Program Files\SeoDev Synonymizer
O43 - CFD: 24/09/2010 - 09:00:00 - [5145259] ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 02/11/2006 - 14:58:20 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 20/10/2010 - 12:28:00 - [716519] ----D- C:\Program Files\VideoLAN
O43 - CFD: 04/07/2011 - 16:49:00 - [7041603] ----D- C:\Program Files\Winamax Poker
O43 - CFD: 27/05/2010 - 14:57:12 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 27/05/2010 - 14:57:12 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 27/05/2010 - 14:57:08 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 17/06/2011 - 11:25:06 - [8935608] ----D- C:\Program Files\Windows Mail
O43 - CFD: 13/10/2010 - 13:50:52 - [4498121] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 20/05/2010 - 14:50:30 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 27/05/2010 - 14:57:10 - [8228002] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 28/05/2010 - 13:48:54 - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 27/05/2010 - 14:57:12 - [6527506] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 10/06/2010 - 17:54:10 - [3525705] ----D- C:\Program Files\WinRAR
O43 - CFD: 20/07/2011 - 16:16:28 - [3931111] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 17/06/2011 - 09:01:58 - [222070058] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 28/04/2011 - 10:24:16 - [31116142] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 20/07/2011 - 09:28:12 - [17897556] ----D- C:\Program Files\Common Files\Akamai
O43 - CFD: 10/09/2010 - 10:52:26 - [44307712] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 17/09/2010 - 14:35:10 - [469525] ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 26/08/2008 - 13:07:56 - [5187148] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 29/11/2010 - 15:33:14 - [3324440] ----D- C:\Program Files\Common Files\InfoWatch
O43 - CFD: 26/08/2008 - 12:58:44 - [5008435] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 08/06/2011 - 14:08:20 - [35163493] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 20/05/2010 - 17:44:00 - [32098366] ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD: 26/08/2008 - 13:06:12 - [56683] ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD: 27/05/2011 - 16:38:16 - [44657089] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 21/06/2010 - 12:42:24 - [520120] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 27/05/2010 - 14:57:10 - [8737810] ----D- C:\Program Files\Common Files\System
O43 - CFD: 17/06/2011 - 09:01:52 - [91158567] ----D- C:\ProgramData\Adobe
O43 - CFD: 21/06/2010 - 12:43:58 - [928] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 10/09/2010 - 10:52:14 - [16880640] ----D- C:\ProgramData\Apple
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 31/05/2011 - 16:19:48 - [0] ----D- C:\ProgramData\Boss Media
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 26/08/2008 - 12:59:04 - [2200] ----D- C:\ProgramData\CyberLink
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 17/09/2010 - 14:39:20 - [65085279] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 17/09/2010 - 14:44:48 - [5126728] ----D- C:\ProgramData\HP
O43 - CFD: 17/09/2010 - 14:35:54 - [8960] ----D- C:\ProgramData\HP Product Assistant
O43 - CFD: 20/07/2011 - 09:29:54 - [548642370] ----D- C:\ProgramData\Kaspersky Lab
O43 - CFD: 29/11/2010 - 15:29:56 - [98120752] ----D- C:\ProgramData\Kaspersky Lab Setup Files
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 23/07/2010 - 15:41:56 - [300694966] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 20/05/2010 - 14:50:30 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 26/08/2008 - 13:06:40 - [0] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 27/05/2010 - 15:04:12 - [185487] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 26/08/2008 - 13:13:08 - [1235] ----D- C:\ProgramData\PC-Doctor
O43 - CFD: 26/08/2008 - 13:13:06 - [2003456] ----D- C:\ProgramData\PC-Doctor for Windows
O43 - CFD: 30/06/2010 - 08:59:38 - [3407] ----D- C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 22/09/2010 - 17:12:46 - [95930] ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 20/05/2010 - 15:14:06 - [294] ----D- C:\ProgramData\Sun
O43 - CFD: 21/06/2010 - 12:41:00 - [2053434] ----D- C:\ProgramData\Symantec
O43 - CFD: 17/09/2010 - 14:45:38 - [239] ----D- C:\ProgramData\WEBREG
O43 - CFD: 20/05/2010 - 15:37:56 - [17468672] ----D- C:\ProgramData\WildTangent
O43 - CFD: 28/05/2010 - 09:36:48 - [11011328] ----D- C:\Users\stef\AppData\Roaming\Adobe
O43 - CFD: 10/09/2010 - 10:53:10 - [1903664] ----D- C:\Users\stef\AppData\Roaming\Apple Computer
O43 - CFD: 21/05/2010 - 11:37:24 - [11316] ----D- C:\Users\stef\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O43 - CFD: 20/10/2010 - 12:32:28 - [37289] ----D- C:\Users\stef\AppData\Roaming\FissaSearch
O43 - CFD: 20/09/2010 - 09:53:18 - [763] ----D- C:\Users\stef\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 - CFD: 14/09/2010 - 17:25:10 - [0] ----D- C:\Users\stef\AppData\Roaming\HEM Data
O43 - CFD: 20/05/2010 - 14:54:34 - [324749] ----D- C:\Users\stef\AppData\Roaming\Hewlett-Packard
O43 - CFD: 17/09/2010 - 14:45:52 - [239332] ----D- C:\Users\stef\AppData\Roaming\HP
O43 - CFD: 20/05/2010 - 14:53:40 - [0] ----D- C:\Users\stef\AppData\Roaming\Identities
O43 - CFD: 01/06/2011 - 17:18:02 - [260668590] ----D- C:\Users\stef\AppData\Roaming\LuckyAcePoker.com
O43 - CFD: 20/05/2010 - 14:53:20 - [57099] ----D- C:\Users\stef\AppData\Roaming\Macromedia
O43 - CFD: 19/07/2011 - 17:33:32 - [363797] ----D- C:\Users\stef\AppData\Roaming\Microgaming
O43 - CFD: 01/06/2011 - 16:08:50 - [7106501] -S--D- C:\Users\stef\AppData\Roaming\Microsoft
O43 - CFD: 20/10/2010 - 12:41:50 - [572502] ----D- C:\Users\stef\AppData\Roaming\moovida-1
O43 - CFD: 20/05/2010 - 15:07:46 - [32754136] ----D- C:\Users\stef\AppData\Roaming\Mozilla
O43 - CFD: 05/04/2011 - 09:51:10 - [799954] ----D- C:\Users\stef\AppData\Roaming\Mozilla-Cache
O43 - CFD: 20/05/2010 - 15:23:54 - [214985] ----D- C:\Users\stef\AppData\Roaming\Notepad++
O43 - CFD: 15/06/2011 - 14:00:10 - [20719] ----D- C:\Users\stef\AppData\Roaming\ObviousIdea
O43 - CFD: 20/10/2010 - 14:31:36 - [122] ----D- C:\Users\stef\AppData\Roaming\OfferBox
O43 - CFD: 21/05/2010 - 09:16:26 - [2706411] ----D- C:\Users\stef\AppData\Roaming\OpenOffice.org
O43 - CFD: 31/05/2011 - 15:54:40 - [276835035] ----D- C:\Users\stef\AppData\Roaming\PacificPoker
O43 - CFD: 19/07/2011 - 17:34:02 - [29687449] ----D- C:\Users\stef\AppData\Roaming\Partouche Poker
O43 - CFD: 20/05/2010 - 17:06:34 - [543] ----D- C:\Users\stef\AppData\Roaming\PhotoFiltre
O43 - CFD: 20/06/2011 - 16:12:46 - [544] ----D- C:\Users\stef\AppData\Roaming\RomeCasino
O43 - CFD: 16/02/2011 - 10:32:42 - [144] ----D- C:\Users\stef\AppData\Roaming\ScreeNet iSaver
O43 - CFD: 20/05/2010 - 14:54:12 - [0] ----D- C:\Users\stef\AppData\Roaming\Symantec
O43 - CFD: 23/07/2010 - 15:46:36 - [0] ----D- C:\Users\stef\AppData\Roaming\Template
O43 - CFD: 30/06/2010 - 10:07:56 - [28476] ----D- C:\Users\stef\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 20/05/2010 - 17:42:02 - [0] ----D- C:\Users\stef\AppData\Roaming\WinBatch
O43 - CFD: 10/06/2010 - 17:54:20 - [0] ----D- C:\Users\stef\AppData\Roaming\WinRAR
O43 - CFD: 17/06/2011 - 09:00:40 - [948142] ----D- C:\Users\stef\AppData\Local\Adobe
O43 - CFD: 10/09/2010 - 10:52:16 - [2323456] ----D- C:\Users\stef\AppData\Local\Apple
O43 - CFD: 10/09/2010 - 10:53:10 - [32781312] ----D- C:\Users\stef\AppData\Local\Apple Computer
O43 - CFD: 20/05/2010 - 14:50:36 - [0] -SH-D- C:\Users\stef\AppData\Local\Application Data
O43 - CFD: 09/03/2011 - 11:14:28 - [0] ----D- C:\Users\stef\AppData\Local\Apps
O43 - CFD: 31/05/2011 - 16:19:46 - [182528] ----D- C:\Users\stef\AppData\Local\Boss Media
O43 - CFD: 19/08/2010 - 16:55:22 - [5139202] ----D- C:\Users\stef\AppData\Local\cache
O43 - CFD: 09/03/2011 - 18:22:40 - [0] ----D- C:\Users\stef\AppData\Local\Deployment
O43 - CFD: 20/05/2010 - 14:54:14 - [0] ----D- C:\Users\stef\AppData\Local\DVDPlay
O43 - CFD: 17/09/2010 - 15:10:40 - [303429] ----D- C:\Users\stef\AppData\Local\ElevatedDiagnostics
O43 - CFD: 09/03/2011 - 11:18:14 - [31565] ----D- C:\Users\stef\AppData\Local\FreeHUD
O43 - CFD: 02/07/2010 - 14:39:36 - [31610] ----D- C:\Users\stef\AppData\Local\FullTiltPoker
O43 - CFD: 05/04/2011 - 10:02:28 - [1923801] ----D- C:\Users\stef\AppData\Local\FullTiltPoker.fr
O43 - CFD: 11/07/2011 - 08:54:04 - [3229835] ----D- C:\Users\stef\AppData\Local\Google
O43 - CFD: 20/05/2010 - 14:54:38 - [3063] ----D- C:\Users\stef\AppData\Local\Hewlett-Packard
O43 - CFD: 20/05/2010 - 14:50:36 - [0] -SH-D- C:\Users\stef\AppData\Local\Historique
O43 - CFD: 17/09/2010 - 14:44:12 - [129926] ----D- C:\Users\stef\AppData\Local\HP
O43 - CFD: 15/09/2010 - 15:27:44 - [190364] ----D- C:\Users\stef\AppData\Local\In The Money
O43 - CFD: 14/09/2010 - 17:13:40 - [1532] ----D- C:\Users\stef\AppData\Local\IsolatedStorage
O43 - CFD: 03/06/2010 - 13:35:54 - [86417949] ----D- C:\Users\stef\AppData\Local\Microsoft
O43 - CFD: 19/07/2010 - 15:35:20 - [265466] ----D- C:\Users\stef\AppData\Local\Microsoft Games
O43 - CFD: 20/10/2010 - 12:41:18 - [129730] ----D- C:\Users\stef\AppData\Local\moovida Air
O43 - CFD: 20/05/2010 - 15:07:42 - [49812793] ----D- C:\Users\stef\AppData\Local\Mozilla
O43 - CFD: 31/05/2011 - 16:04:42 - [15031275] ----D- C:\Users\stef\AppData\Local\P5
O43 - CFD: 01/06/2011 - 17:18:42 - [485150] ----D- C:\Users\stef\AppData\Local\PokerStars
O43 - CFD: 19/07/2011 - 17:32:38 - [2726439] ----D- C:\Users\stef\AppData\Local\PokerStars.FR
O43 - CFD: 19/07/2011 - 16:59:42 - [1025975] ----D- C:\Users\stef\AppData\Local\PokerStars.IT
O43 - CFD: 22/10/2010 - 10:47:30 - [957] ----D- C:\Users\stef\AppData\Local\Program
O43 - CFD: 16/02/2011 - 10:32:20 - [11056476] ----D- C:\Users\stef\AppData\Local\ScreeNet iSaver
O43 - CFD: 20/07/2011 - 16:15:52 - [2046306] ----D- C:\Users\stef\AppData\Local\Temp
O43 - CFD: 20/05/2010 - 14:50:36 - [0] -SH-D- C:\Users\stef\AppData\Local\Temporary Internet Files
O43 - CFD: 17/09/2010 - 14:44:38 - [2044794] ----D- C:\Users\stef\AppData\Local\VirtualStore



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.16628D3E7763A268371F8A6B56A7DFF7] - 20/07/2011 - 08:34:24 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1495948]
O44 - LFC:[MD5.E74FCFBC5DC86A91FAE2C41C7256DB90] - 20/07/2011 - 08:34:24 ---A- . (...) -- C:\Windows\System32\perfc009.dat [103872]
O44 - LFC:[MD5.5C20D9F56B2318B9C0A1F9C6644BC18F] - 20/07/2011 - 08:34:24 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [126420]
O44 - LFC:[MD5.DB8803F5A4C1E577548DFED19FA08EA7] - 20/07/2011 - 08:34:24 ---A- . (...) -- C:\Windows\System32\perfh009.dat [595798]
O44 - LFC:[MD5.3CE63A5E0A570ECFD9824AFE6CDB03E5] - 20/07/2011 - 08:34:24 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [678804]
O44 - LFC:[MD5.93B7477F514DEAF6A2191E4C84105E58] - 20/07/2011 - 08:27:53 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.DF0B527879EFB2EE7427EF91F6878E39] - 13/07/2011 - 09:00:56 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [325376]
O44 - LFC:[MD5.83EEB82E9ED7098EBC0C083C6BFD3116] - 04/07/2011 - 12:59:00 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [404640]



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (...) -- C:\Users\stef\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:32:46 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 03:32:51 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 03:32:52 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 03:32:53 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 03:32:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 03:32:49 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 03:32:50 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 03:32:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.5CBF20674BE8364FEBB6A13451A42F0A] - 29/11/2010 - 12:44:24 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\system32\drivers\CSCrySec.sys [88632]
O58 - SDL:[MD5.2C3F213EDDD231099FB779A45D7680E0] - 29/11/2010 - 12:44:24 ---A- . (.Infowatch - Virtual Volume Container Driver (wxp).) -- C:\Windows\system32\drivers\CSVirtualDiskDrv.sys [39352]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 03:32:50 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 03:32:52 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 03:32:49 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.CE3958F58547454884E97BDA78CD7040] - 29/11/2010 - 14:29:50 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\Windows\system32\drivers\kl1.sys [128016]
O58 - SDL:[MD5.53EEDAB3F0511321AC3AE8BC968B158C] - 29/11/2010 - 20:18:34 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\Windows\system32\drivers\klbg.sys [36880]
O58 - SDL:[MD5.723F185C945C0A6D2E21C2BB26A46FE7] - 29/11/2010 - 14:32:53 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wlh_x86].) -- C:\Windows\system32\drivers\klif.sys [311312]
O58 - SDL:[MD5.892CC162DC88AB084C86485879526C59] - 29/11/2010 - 13:46:36 ---A- . (.Kaspersky Lab - Kaspersky Lab Intermediate Network Driver.) -- C:\Windows\system32\drivers\klim6.sys [21520]
O58 - SDL:[MD5.AA63A815876A76987B5DBCE6AF7478E9] - 29/11/2010 - 18:39:36 ---A- . (.Kaspersky Lab - KLMOUFLT Mouse Device Filter [fre_wlh_x86].) -- C:\Windows\system32\drivers\klmouflt.sys [19472]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 03:32:49 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 03:32:51 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 03:32:48 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 03:32:53 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 03:32:52 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.FBBA09782F2FAC5A57619DF378BA9372] - 26/08/2008 - 15:49:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.) -- C:\Windows\system32\drivers\nvlddmkm.sys [7465312]
O58 - SDL:[MD5.DE3FCF6A5AACA198B22998330C3C64D9] - 26/08/2008 - 12:44:10 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvmfdx32.sys [1049760]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 03:32:47 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.6934105ECC6A19570160D794E301E595] - 26/08/2008 - 20:13:40 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvrd32.sys [133152]
O58 - SDL:[MD5.62754E376185EACBB73D06FEA0FFC54A] - 26/08/2008 - 10:39:34 ---A- . (.NVIDIA Corporation - NVIDIA nForce(TM) SMU Microcontroller Driver.) -- C:\Windows\system32\drivers\nvsmu.sys [15360]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 03:32:47 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.D7B213299852D2026DBC90DAB77EF06C] - 26/08/2008 - 20:13:40 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor32.sys [145440]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 03:32:50 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.5D26CCB06E1F3B5C26E863DF3F4F2611] - 26/08/2008 - 18:03:48 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2152088]
O58 - SDL:[MD5.BE91DF4F287A73DF342793B3A260226B] - 20/05/2010 - 20:28:48 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8192S USB NDIS Driver.) -- C:\Windows\system32\drivers\RTL8192su.sys [504320]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 03:32:52 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.2D6BF6C02111F9CF9FAF8ACFB933DD78] - 14/10/2010 - 14:08:04 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\system32\drivers\tap0901.sys [26112]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 03:32:21 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 03:32:49 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 14/12/2009 - C:\Windows\System32\DRIVERS\CSCrySec.sys - InfoWatch Encrypt Sector Library driver(CSCrySec) .(.Infowatch - Cryptographic Algorithm Lib Driver..) - LEGACY_CSCRYSEC
O64 - Services: CurCS - 14/12/2009 - C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys - InfoWatch Virtual Disk driver(CSVirtualDiskDrv) .(.Infowatch - Virtual Volume Container Driver (wxp).) - LEGACY_CSVIRTUALDISKDRV
O64 - Services: CurCS - 01/09/2009 - C:\Windows\System32\DRIVERS\kl1.sys - kl1(kl1) .(.Kaspersky Lab - Kaspersky Unified Driver.) - LEGACY_KL1
O64 - Services: CurCS - 14/10/2009 - C:\Windows\System32\DRIVERS\klbg.sys - Kaspersky Lab Boot Guard Driver(KLBG) .(.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) - LEGACY_KLBG
O64 - Services: CurCS - 29/11/2010 - C:\Windows\System32\DRIVERS\klif.sys - Kaspersky Lab Driver(KLIF) .(.Kaspersky Lab - Klif Mini-Filter [fre_wlh_x86].) - LEGACY_KLIF
O64 - Services: CurCS - 14/09/2009 - C:\Windows\System32\DRIVERS\klim6.sys - Kaspersky Anti-Virus NDIS 6 Filter(KLIM6) .(.Kaspersky Lab - Kaspersky Lab Intermediate Network Driver.) - LEGACY_KLIM6
O64 - Services: CurCS - 21/01/2008 - C:\Windows\System32\drivers\nvraid.sys - NVIDIA nForce RAID Driver (nvraid) .(.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - LEGACY_NVRAID



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS5.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {21537818-291B-4D82-960E-330384C48DCC} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {26DE1828-DC09-4225-8ADC-B01EA896C0DF} - (Wikipédia (fr)) - http://fr.wikipedia.org
O69 - SBI: SearchScopes [HKCU] {3B66C13D-ADFC-4092-8D02-C834EA71319E} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {DC7FDA7C-8645-4C4F-A2C3-33E35A8A5FD9} [DefaultScope] - (Google) - http://www.google.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2230706D2286133E2339694F3796F820] [SPRF][04/02/2011] (...) -- C:\Users\stef\AppData\Local\Temp\_unps.exe [278528]
[MD5.245E2761D02D2FC40B857D71F8A96616] [SPRF][08/06/2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r53.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2605008]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "{A49E70DD-C56A-4CBA-836A-81F7233A523E}" | In - None - P6 - TRUE | .(.CyberLink Corp. - HP DVDPlay.) -- C:\Program Files\HP\DVDPlay\DVDPlay.exe
O87 - FAEL: "{50F67E86-7DDD-4527-81CB-F3A6865A0983}" | In - None - P6 - TRUE | .(.CyberLink Corp. - HP DVDPlay Resident Program.) -- C:\Program Files\HP\DVDPlay\DPService.exe
O87 - FAEL: "{63A82F3F-D06E-4A04-A85C-EE77EAB60F63}" |In - None - P6 - TRUE | .(...) -- c:\Program Files\Cyberlink\PowerDirector\PDR.exe (.not file.)
O87 - FAEL: "TCP Query User{458DB1F7-A5DD-45AE-A19D-D18EBC505AF7}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" | In - Public - P6 - TRUE | .(.Adobe Systems, Inc..) -- C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe
O87 - FAEL: "UDP Query User{C83B7055-78E1-4BFA-AF54-692E17976C65}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" | In - Public - P17 - TRUE | .(.Adobe Systems, Inc..) -- C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe
O87 - FAEL: "TCP Query User{9E991B3B-576A-4DC1-89A1-181862004F0E}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" | In - Private - P6 - TRUE | .(.Adobe Systems, Inc..) -- C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe
O87 - FAEL: "UDP Query User{4B17D41E-E76E-4A5C-939B-203296DA1653}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" | In - Private - P17 - TRUE | .(.Adobe Systems, Inc..) -- C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe
O87 - FAEL: "{FD7DC204-5AE3-47FA-BCDE-A97A1269A65D}" |In - Public - P6 - FALSE | .(...) -- E:\setup\HPZNUI01.exe (.not file.)
O87 - FAEL: "{934A607A-15D7-4522-AFAD-C49DC5BA1CBA}" |In - Public - P17 - FALSE | .(...) -- E:\setup\HPZNUI01.exe (.not file.)
O87 - FAEL: "{42369EE2-7C80-49F5-BE86-0AA1111673AE}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "{1C449C79-295A-4FFD-BF6A-465DA2B7FB06}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
O87 - FAEL: "{03A82570-8D06-4D49-B416-EFE46C0F56B8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)



---\\ Scan Additionnel (O88)
Database Version : 8535 - (18/07/2011)
Clés trouvées (Keys found) : 23
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\titan poker] =>Adware.Casino
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1}] =>Casino.OnlineGames
[HKLM\Software\Microsoft\Internet Explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1}] =>Casino.OnlineGames
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}] =>Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}] =>Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
[HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\PartyGaming] =>Casino.OnlineGames
[HKCU\Software\poker 770] =>Adware.Casino
[HKCU\Software\Spointer] =>Adware.SPointer
[HKCU\Software\SweetIM] =>Toolbar.SweetIM
[HKLM\Software\SweetIM] =>Toolbar.SweetIM
[HKCU\Software\titan poker] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\everest poker] =>Adware.Casino
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker] =>Adware.Casino
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan.fr] =>Adware.Casino
C:\Program Files\Everest Poker =>Adware.Casino
C:\Program Files\OfferBox =>PUP.OfferBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker =>Adware.Casino
C:\Users\stef\AppData\Roaming\FissaSearch =>PUP.OfferBox
C:\Users\stef\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\stef\AppData\Local\moovida air =>Adware.SPointer
C:\Users\stef\AppData\Roaming\Mozilla\Firefox\Profiles\mw6f3adv.default\SearchPlugins\sweetim.xml =>Toolbar.SweetIM



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 29/11/2010 340456 | (AVP) . (.Kaspersky Lab.) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
SR - | Auto 29/11/2010 743992 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SR - | Auto 26/08/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 20/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 26/08/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by stef at 20/07/2011 16:18:03

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x83E5F912] -> \Device\Harddisk0\DR0[0x87A33780]
3 CLASSPNP[0x807408B3] -> ntkrnlpa!IofCallDriver[0x83E5F912] -> [0x87486700]
5 acpi[0x806096BC] -> ntkrnlpa!IofCallDriver[0x83E5F912] -> \Device\00000056[0x862F8760]
kernel: MBR read successfully
user & kernel MBR OK



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by stef at 20/07/2011 16:18:08

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



End of the scan (1099 lines in 02mn 01s)(0)
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede nickW » 21 Juil 2011, 01:26

Bonsoir,

La liste des éléments O88 est édifiante!


Utilisation d'un autre outil:


Étape 1: Ad-Remover (de la TeamXscript), téléchargement
Télécharger Ad-Remover depuis la page ci-dessous:
http://www.teamxscript.org/adremoverTelechargement.html

Cliquer sur le bouton Bleu Download Image
Enregistrer le fichier AD-R.exe sur le Bureau.


Étape 2: Ad-Remover (de la TeamXscript), analyse
S'il s'agit du premier lancement d'Ad-Remover, faire un double clic sur le fichier AD-R.exe Image,
sinon faire un double clic sur le raccourci AD-R Image, sur le Bureau.

L'écran principal d'Ad-Remover s'affiche:
Image

Cliquer sur le bouton Scanner et confirmer en cliquant sur le bouton Oui Image.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'Ad-Remover en cliquant sur le bouton Quitter Image.
Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'Ad-Remover (contenu du fichier %SystemDrive%\Ad-Report-SCAN[n].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]


Ceci fait, pourrais-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?


Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: ad zanox

Messagede stephane0703 » 21 Juil 2011, 08:09

Merci de ton aide, Voila le rapport :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 08:59:07 le 21/07/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
stef@PC-DE-STEF (Compaq-Presario FZ092AA-ABF SR5625FR)

============== RECHERCHE ==============


Dossier trouvé: C:\Poker\Poker 770
Dossier trouvé: C:\Poker\Titan Poker
Dossier trouvé: C:\Programs\PartyGaming
Fichier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PartyPoker.lnk
Dossier trouvé: C:\Users\stef\Documents\888poker
Dossier trouvé: C:\Users\stef\AppData\Roaming\PacificPoker
Dossier trouvé: C:\Program Files\PacificPoker
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
Dossier trouvé: C:\Users\stef\AppData\Roaming\FissaSearch
Dossier trouvé: C:\Users\stef\AppData\Roaming\OfferBox
Dossier trouvé: C:\Program Files\OfferBox
Fichier trouvé: C:\Users\Public\Desktop\Everest Poker.fr.lnk

-- Fichier ouvert: C:\Users\stef\AppData\Roaming\Mozilla\FireFox\Profiles\mw6f3adv.default\Prefs.js --
Ligne trouvée: user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,firebug@software....
Ligne trouvée: user_pref("vshare.install.date", "1288137600000");
Ligne trouvée: user_pref("vshare.install.finished", "1.0.0");
Ligne trouvée: user_pref("vshare.install.guid", "{7ba46df2-7a2b-4cb3-b4ee-d47d21bc10b5}");
Ligne trouvée: user_pref("vshare.install.isHidden", true);
Ligne trouvée: user_pref("vshare.install.laststatreq", "1305504000000");
Ligne trouvée: user_pref("vshare.install.newtab", false);
-- Fichier Fermé --


Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKCU\Software\Grand Virtual
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\pacificpoker
Clé trouvée: HKCU\Software\PartyGaming
Clé trouvée: HKCU\Software\Poker 770
Clé trouvée: HKCU\Software\pokerinstaller
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKCU\Software\Titan Poker
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Everest Poker
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PartyPoker
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Poker 770
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Titan Poker
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\stef\AppData\Roaming\Mozilla\FireFox\Profiles\mw6f3adv.default --
Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)
Prefs.js - browser.download.dir, C:\\Users\\stef\\Desktop
Prefs.js - browser.startup.homepage, hxxp://www.sportytrader.com/manage/logi ... www.spor...
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
Prefs.js - keyword.URL, hxxp://search.sweetim.com/search.asp?src=2&q=
Prefs.js - sweetim.toolbar.previous.keyword.URL, chrome://browser-region/locale/region.properties

========================================

**** Internet Explorer Version [8.0.6001.19088] ****

HKCU_Main|Default_Page_URL - hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
HKCU_Main|Start Page - hxxp://www.sportytrader.com/
HKLM_Main|Default_Page_URL - hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
HKCU_SearchScopes\{21537818-291B-4D82-960E-330384C48DCC} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromfor...)
HKCU_SearchScopes\{26DE1828-DC09-4225-8ADC-B01EA896C0DF} - "Wikipédia (fr)" (hxxp://fr.wikipedia.org/w/index.php?tit ... he&search={searchT...)
HKLM_SearchScopes\{21537818-291B-4D82-960E-330384C48DCC} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromfor...)
HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbws.exe (Kaspersky Lab)
HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab)
HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKCU_Extensions\{00000000-0000-0000-0000-000000000000} - "Crazy Vegas Poker" (C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe,1)
HKCU_Extensions\{5227D7FF-024B-4EF0-93CB-618DDF171351} - "888poker" (C:\Microgaming\Poker\888MPP\MPPoker.exe,2)
HKCU_Extensions\{78961259-A2CE-4341-9C31-4894D537CC48} - "Poker Subito" (C:\Microgaming\Poker\subitoMPP\MPPoker.exe,2)
HKCU_Extensions\{E1FE0F10-1535-447F-8F5A-4ED0A5E576AD} - "Poker Xtrem" (C:\Microgaming\Poker\PokerXtremfrMPP\MPPoker.exe,2)
HKCU_Extensions\{E7537AEB-5C6C-41A0-86E7-B84DDEE4E60D} - "MyPok" (C:\Microgaming\Poker\mypokfr\MPPoker.exe,2)
HKLM_Extensions\{06568ceb-5721-47d4-9d93-7e604fcbaeab} - "PMU Poker" (C:\Programs\PMU\PMUPoker\images\ppicon.ico)
HKLM_Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - "PokerStars" (C:\Program Files\PokerStars\main.ico)
HKLM_Extensions\{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - "PartyPoker.it" (C:\Programs\PartyItalia\PartyPokerIt\Images\ppicon.ico)
HKLM_Extensions\{725EC34E-943C-4df6-B0B2-FBDE7F242276} - "PartyPoker.fr" (C:\Programs\PartyFrance\PartyPokerFr\images\ppicon.ico)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{b4122231-bd56-4713-96ae-c720ab3a9714} - "ACFPoker" (C:\Programs\ACF\ACFPoker\images\ppicon.ico)
HKLM_Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - "PartyPoker.com" (C:\Programs\PartyGaming\PartyPoker\Images\ppicon.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - "Lucky Jeux" (C:\Programs\LuckyJeux\LuckyJeuxPoker\images\ppicon.ico)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 21/07/2011 08:59:17 (7405 Octet(s))

Fin à: 09:00:03, 21/07/2011

============== E.O.F ==============
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 21 Juil 2011, 09:01

Rapport Malware (je n'ai pas arreté l'antivirus)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7219

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

21/07/2011 09:35:26
mbam-log-2011-07-21 (09-35-25).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 171253
Temps écoulé: 7 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 21 Juil 2011, 09:02

OTL.txt

OTL logfile created on: 21/07/2011 09:37:37 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\stef\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,87 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 51,77% Memory free
5,96 Gb Paging File | 4,43 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 323,57 Gb Total Space | 246,23 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive D: | 11,77 Gb Total Space | 1,61 Gb Free Space | 13,64% Space Free | Partition Type: NTFS

Computer Name: PC-DE-STEF | User Name: stef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 09:18:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\stef\Desktop\OTL.exe
PRC - [2011/07/05 09:36:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/25 17:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 04:32:59 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/04/18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/21 09:18:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\stef\Desktop\OTL.exe
MOD - [2011/06/17 11:24:46 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/06/17 11:24:46 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msshsq.dll
MOD - [2009/12/25 17:42:58 | 000,129,552 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll
MOD - [2008/01/21 04:34:51 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\duser.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 08:54:55 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2009/12/25 17:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/11/29 15:32:53 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/11/09 15:08:04 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/12/14 13:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 13:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/04/23 21:28:48 | 000,504,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/06/06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/06/06 21:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 16:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/21 13:44:10 | 001,049,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sportytrader.com/
IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-900233847-2538001239-2718552667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sportytrader.com/manage/login.php?accesscheck=%2Fmanage%2Findex.php|http://www.sportytrader.com/|http://www.hold-em-poker.eu"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 09:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 09:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2010/11/29 15:33:58 | 000,000,000 | ---D | M]

[2010/05/20 15:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stef\AppData\Roaming\mozilla\Extensions
[2011/07/20 15:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stef\AppData\Roaming\mozilla\Firefox\Profiles\mw6f3adv.default\extensions
[2011/01/07 12:05:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\stef\AppData\Roaming\mozilla\Firefox\Profiles\mw6f3adv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/06/08 14:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 11:45:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 09:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 15:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 10:20:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 12:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 14:07:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/11/29 15:34:31 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\USERS\STEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MW6F3ADV.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\STEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MW6F3ADV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MW6F3ADV.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/07/05 09:36:21 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 10:57:08 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/05/16 10:57:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/16 10:57:08 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/05/16 10:57:08 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/05/16 10:57:08 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/05/16 10:57:08 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/07/20 16:30:59 | 000,436,091 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 15011 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Programs\PMU\PMUPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Programs\PMU\PMUPoker\RunApp.exe ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - File not found
O9 - Extra Button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Programs\PartyFrance\PartyPokerFr\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Programs\PartyFrance\PartyPokerFr\RunApp.exe ()
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Programs\ACF\ACFPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Programs\ACF\ACFPoker\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Programs\LuckyJeux\LuckyJeuxPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Programs\LuckyJeux\LuckyJeuxPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/26 13:06:54 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 09:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/07/21 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/21 09:22:12 | 000,000,000 | ---D | C] -- C:\Users\stef\AppData\Roaming\Malwarebytes
[2011/07/21 09:21:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/21 09:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 09:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/21 09:21:46 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/21 09:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 09:18:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\stef\Desktop\OTL.exe
[2011/07/21 09:07:06 | 000,000,000 | ---D | C] -- C:\Users\stef\Desktop\sav mail
[2011/07/21 09:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/21 08:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/07/20 16:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/20 16:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/20 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2011/07/15 09:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BarrierePoker.fr
[2011/07/15 09:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\BarrierePoker.fr
[2011/07/13 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\stef\Desktop\book football fr
[2011/07/13 08:54:03 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 08:54:00 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 08:54:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/05 10:49:02 | 000,000,000 | ---D | C] -- C:\Users\stef\AppData\Local\Google
[2011/07/04 16:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
[2011/07/04 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker

========== Files - Modified Within 30 Days ==========

[2011/07/21 09:39:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/21 09:24:54 | 000,000,879 | ---- | M] () -- C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/21 09:24:43 | 000,000,699 | ---- | M] () -- C:\Users\stef\Desktop\NTREGOPT.lnk
[2011/07/21 09:24:43 | 000,000,680 | ---- | M] () -- C:\Users\stef\Desktop\ERUNT.lnk
[2011/07/21 09:24:19 | 000,005,024 | ---- | M] () -- C:\Users\stef\Desktop\erunt-loc_fr.zip
[2011/07/21 09:21:52 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/21 09:18:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\stef\Desktop\OTL.exe
[2011/07/21 09:01:49 | 104,671,226 | ---- | M] () -- C:\Users\stef\Desktop\sav_stef_2011_07.rar
[2011/07/21 08:58:48 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/07/21 08:58:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/21 08:58:48 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/07/21 08:58:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/21 08:58:32 | 000,001,642 | ---- | M] () -- C:\Users\stef\Desktop\AD-R.lnk
[2011/07/21 08:52:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 08:52:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 08:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 08:52:01 | 3085,385,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 16:56:54 | 000,000,754 | ---- | M] () -- C:\Windows\wininit.ini
[2011/07/20 16:30:59 | 000,436,091 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/20 16:19:31 | 000,001,021 | ---- | M] () -- C:\Users\stef\Desktop\Spybot - Search & Destroy.lnk
[2011/07/20 16:18:07 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/07/20 16:03:44 | 000,020,827 | ---- | M] () -- C:\Users\stef\Desktop\freeroll juillet-aout.ods
[2011/07/20 15:31:25 | 000,021,106 | ---- | M] () -- C:\Users\stef\Desktop\suggestion book foot.odt
[2011/07/20 12:17:39 | 000,017,365 | ---- | M] () -- C:\Users\stef\Desktop\rapport stephane 2011_07_25.odt
[2011/07/20 10:22:26 | 000,016,627 | ---- | M] () -- C:\Users\stef\Desktop\pari europe.odt
[2011/07/19 17:55:31 | 000,024,422 | ---- | M] () -- C:\Users\stef\Desktop\3b light.odt
[2011/07/19 17:33:48 | 000,000,910 | ---- | M] () -- C:\Users\stef\Desktop\Partouche Poker.lnk
[2011/07/18 14:07:21 | 000,015,673 | ---- | M] () -- C:\Users\stef\Documents\barriere classic tournoi 2 euros.odt
[2011/07/15 09:08:33 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\BarrierePoker.fr.lnk
[2011/07/13 10:00:56 | 000,325,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/08 16:44:53 | 000,021,310 | ---- | M] () -- C:\Users\stef\Desktop\ex 3b light.odt
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/04 16:52:18 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.fr.lnk
[2011/07/04 16:49:01 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk
[2011/07/04 13:59:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/07/21 09:39:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/21 09:24:54 | 000,000,879 | ---- | C] () -- C:\Users\stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/21 09:24:43 | 000,000,699 | ---- | C] () -- C:\Users\stef\Desktop\NTREGOPT.lnk
[2011/07/21 09:24:43 | 000,000,680 | ---- | C] () -- C:\Users\stef\Desktop\ERUNT.lnk
[2011/07/21 09:24:19 | 000,005,024 | ---- | C] () -- C:\Users\stef\Desktop\erunt-loc_fr.zip
[2011/07/21 09:21:52 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/21 08:58:32 | 000,001,642 | ---- | C] () -- C:\Users\stef\Desktop\AD-R.lnk
[2011/07/21 08:54:17 | 104,671,226 | ---- | C] () -- C:\Users\stef\Desktop\sav_stef_2011_07.rar
[2011/07/20 16:56:52 | 000,000,754 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/20 16:19:31 | 000,001,021 | ---- | C] () -- C:\Users\stef\Desktop\Spybot - Search & Destroy.lnk
[2011/07/20 16:18:07 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2011/07/20 14:40:28 | 000,021,106 | ---- | C] () -- C:\Users\stef\Desktop\suggestion book foot.odt
[2011/07/20 10:08:50 | 000,016,627 | ---- | C] () -- C:\Users\stef\Desktop\pari europe.odt
[2011/07/18 14:00:11 | 000,015,673 | ---- | C] () -- C:\Users\stef\Documents\barriere classic tournoi 2 euros.odt
[2011/07/18 09:47:08 | 000,017,365 | ---- | C] () -- C:\Users\stef\Desktop\rapport stephane 2011_07_25.odt
[2011/07/15 09:08:33 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\BarrierePoker.fr.lnk
[2011/07/08 14:45:26 | 000,021,310 | ---- | C] () -- C:\Users\stef\Desktop\ex 3b light.odt
[2011/07/05 10:43:35 | 000,020,827 | ---- | C] () -- C:\Users\stef\Desktop\freeroll juillet-aout.ods
[2011/07/04 16:52:18 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.fr.lnk
[2011/07/04 16:49:01 | 000,000,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamax Poker.lnk
[2011/07/04 16:49:01 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Winamax Poker.lnk
[2010/11/29 15:34:23 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/29 15:34:23 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/09/17 14:32:12 | 000,185,319 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/09/14 17:25:36 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/07/23 15:46:34 | 000,000,966 | ---- | C] () -- C:\Users\stef\AppData\Roaming\wklnhst.dat
[2010/06/03 13:36:02 | 000,003,584 | ---- | C] () -- C:\Users\stef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 09:00:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/24 09:09:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/24 09:09:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/21 09:48:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/20 15:10:53 | 000,000,680 | ---- | C] () -- C:\Users\stef\AppData\Local\d3d9caps.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2008/08/26 22:24:24 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/08/26 22:24:24 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/08/26 22:24:24 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/08/26 22:24:24 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/08/26 13:18:49 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/08/26 13:07:48 | 000,115,673 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/26 12:48:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/26 12:48:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/13 11:18:21 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:44:53 | 000,325,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/05/21 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/20 12:32:26 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\FissaSearch
[2010/09/20 09:53:17 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
[2010/09/14 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\HEM Data
[2011/07/19 17:33:31 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\Microgaming
[2010/10/20 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\moovida-1
[2010/05/20 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\Notepad++
[2011/06/15 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\ObviousIdea
[2010/10/20 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\OfferBox
[2010/05/21 09:16:25 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\OpenOffice.org
[2011/05/31 15:54:39 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\PacificPoker
[2011/07/19 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\Partouche Poker
[2010/05/20 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\PhotoFiltre
[2011/06/20 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\RomeCasino
[2011/02/16 10:32:41 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\ScreeNet iSaver
[2010/07/23 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\Template
[2010/06/30 10:07:54 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
[2010/05/20 17:42:00 | 000,000,000 | ---D | M] -- C:\Users\stef\AppData\Roaming\WinBatch
[2011/07/20 18:24:13 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\WINDOWS\System32\ctfmon.exe
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\WINDOWS\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/06/06 21:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=6934105ECC6A19570160D794E301E595 -- C:\WINDOWS\System32\drivers\nvrd32.sys
[2008/06/06 21:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvrd32.inf_5396a0ad\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2008/06/06 21:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D05F6E26AC960474494356FE703D61BE -- C:\hp\drivers\nvidia_storage\nvstor32.sys
[2008/06/06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\WINDOWS\System32\drivers\nvstor32.sys
[2008/06/06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\WINDOWS\System32\DriverStore\FileRepository\nvrd32.inf_5396a0ad\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008/01/21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2008/01/21 04:33:49 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 21 Juil 2011, 09:02

extra.txt (OTL) (je n'ai pas desactivé l'antivirus Kaspersky)

OTL Extras logfile created on: 21/07/2011 09:37:37 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\stef\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,87 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 51,77% Memory free
5,96 Gb Paging File | 4,43 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 323,57 Gb Total Space | 246,23 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive D: | 11,77 Gb Total Space | 1,61 Gb Free Space | 13,64% Space Free | Partition Type: NTFS

Computer Name: PC-DE-STEF | User Name: stef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10412B2A-D333-4F2C-ADE3-F6315632D05D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15DFF454-1881-4B3C-9F3A-8DEB15271CBE}" = lport=137 | protocol=17 | dir=in | app=system |
"{163CA56F-7D61-42ED-966F-C5C6CAC4B6CB}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{17FB6B1D-9960-47EA-90C3-A6A54896282C}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A66DF5B-B3E8-4AFB-880B-542D098622E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B05C009-B6E3-4081-A6D7-178C291D51A1}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{239FD526-12B9-4CC4-A711-1E4876B63F78}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27D094CA-0745-423C-BDD7-244282811AD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{35C2B79C-9158-4F24-89C3-CDD5DA171DB5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{42369EE2-7C80-49F5-BE86-0AA1111673AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C6F1E34-4F75-457E-BE93-4C2C9A22813C}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{520C0C79-02C8-4023-A311-432BECB96811}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{569A3863-646E-4F88-891C-E81CE96F9C94}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{6DB0E07E-3B89-449A-80C3-AC811D1DEBF2}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E6276FA-F035-400F-9AAA-74EBCA67135C}" = rport=445 | protocol=6 | dir=out | app=system |
"{7681C223-1042-427D-B0F9-4745352D54DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A5A847F-64F6-4668-BA3D-ECD98654A18B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BC709EC-770C-4808-A2D5-E65A0D325DDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B16ABFA0-E607-4E62-9B2A-386DBF5D5185}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7B0C4C4-5B72-42E9-9396-217BF737D808}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB5D4D95-75CB-4531-B304-9E2208502E1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D169E364-5033-43E3-A776-33EE0CC0935E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DD9BD0BB-56BF-4EE6-8FE5-DF957F4A35E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E870E5AB-67E6-43DB-BE81-229F78E59D56}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECF0C7AA-6F60-4FEE-99A7-7282BA75B6EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF31CBE7-465B-4988-8C39-222B03DDA374}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E987A5-E5E2-4FCC-B714-F257D3949AB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03A82570-8D06-4D49-B416-EFE46C0F56B8}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{1979731A-3B0C-42C7-86FB-5E22AAC80BC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B09183D-EF1B-4B5A-9A37-781AA63E38DA}" = protocol=6 | dir=out | app=system |
"{1C449C79-295A-4FFD-BF6A-465DA2B7FB06}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{27EA852C-A9A0-464D-ABFF-D555F1E76EDA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{400588A5-7686-407F-AC88-2EA778E2B0E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F0E9B07-DF79-4244-AC74-E36B2B803AE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{63A82F3F-D06E-4A04-A85C-EE77EAB60F63}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7409FA8E-1C61-4D46-8940-6A301038C1A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA546FF-C557-4F54-B743-55B7720E18F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{95D26A03-683E-40A3-AA06-E3F959A6DCCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C472E45-71C3-4262-A13B-7535D7671421}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CDF5DC2-ED15-49C7-A33D-E454AD94C9C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A55001F4-CEE5-4391-8AC5-15ECFC5B3176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE5FF56B-2988-45DE-A867-FCC7D66D482B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B017B712-CD0F-43BB-A7B4-16D158BC02BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B72F0AF4-293B-4B71-BB42-1E73DC5C80F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D667EB8B-3621-496C-BC12-27BEC8A0D91F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{458DB1F7-A5DD-45AE-A19D-D18EBC505AF7}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{9E991B3B-576A-4DC1-89A1-181862004F0E}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{4B17D41E-E76E-4A5C-939B-203296DA1653}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{C83B7055-78E1-4BFA-AF54-692E17976C65}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34785AD0-6276-11DF-A08A-0800200C9A66}" = Full Tilt Poker.Fr
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D93917F-4983-260E-3417-393793CAECA3}" = BarrierePoker.fr
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A83000000003}" = Adobe Reader 8.3.0 - Français
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B08ABBC4-52E5-46B0-A3AA-FBE4EFEF14FC}" = SeoDev Synonymizer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E94060A2-BAFB-5552-2B8A-B5D2A75E4B7F}" = Winamax Poker
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.5.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"888poker" = 888poker
"ACFPoker" = ACFPoker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ad-Remover" = Ad-Remover par C_XX
"Akamai" = Akamai NetSession Interface
"BetClic Poker" = BetClic Poker
"Betclic Poker.fr" = Betclic Poker.fr (Remove Only)
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"Eurosport Poker_is1" = Eurosport Poker
"Everest Poker.fr" = Everest Poker.fr (Remove Only)
"fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1" = BarrierePoker.fr
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LuckyJeuxPoker" = LuckyJeux Poker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)
"mypokfr (Poker)" = MyPok
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PartyPokerFr" = PartyPoker.fr
"PartyPokerIt" = PartyPoker.it
"PC-Doctor for Windows" = Outils de diagnostic du matériel
"PMUPoker" = PMU Poker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PokerXtremfr (Poker)" = Poker Xtrem
"proXPN" = proXPN 2.4.7
"SAjOO_is1" = SAjOO
"subitofr (Poker)" = Poker Subito
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Winga Poker_is1" = Winga Poker
"Winga! Poker_is1" = Winga! Poker
"WinRAR archiver" = Archiveur WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-900233847-2538001239-2718552667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bet365poker" = Poker at bet365
"ChilipokerFR" = Chilipoker.fr
"JoaPoker.fr" = JoaPoker.fr
"Mansion Poker" = MansionPoker
"netbet.it" = netbet.it
"Partouche Poker" = Partouche Poker
"PhotoFiltre" = PhotoFiltre
"Poker 770" = Poker 770
"Poker83" = Poker83
"Titan Poker" = Titan Poker
"Titan.fr" = Titan.fr
"Tranchant" = Tranchant
"winnerpoker" = Winner Poker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede stephane0703 » 21 Juil 2011, 09:04

Les symptomes :

- Certains liens de pages Web sont remplacés par ad.zone.com/trucmachincadepend.
- Ma ram tourne sans qu'aucun programme ne soit censé tourner
- Le démarrage de l'ordinateur est plus lent
stephane0703
 
Messages: 16
Inscription: 20 Juil 2011, 16:53

Re: ad zanox

Messagede nickW » 24 Juil 2011, 01:23

Bonsoir,

J'espère que tu as compris que le nettoyage va supprimer une bonne partie des logiciels de poker installés sur ce PC, qui sont bien souvent accompagnés de logiciels publicitaires (alias "Adware").


Nettoyage:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image Kaspersky: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Suspension de la protection...", "A la demande de l'utilisateur".


Étape 2: Ad-Remover (de la TeamXscript), nettoyage

Fermer tous les navigateurs internet (Internet Explorer, Firefox, Opera, etc).

Faire un double clic sur le raccourci AD-R Image, sur le Bureau.

L'écran principal d'Ad-Remover s'affiche:
Image

Cliquer sur le bouton Nettoyer et confirmer en cliquant sur le bouton Oui Image..

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'Ad-Remover en cliquant sur le bouton Quitter Image.
Fermer le Bloc-notes.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 4: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de nettoyage d'Ad-Remover (contenu du fichier %SystemDrive%\Ad-Report-CLEAN[n].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 29 invités

cron