Virus je pense
bestlud
Messages postés
8
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je viens a vous car je pense que mon ordinateur est bien infecté j'ai tentéde le nettoyer mais rien a faire il est toujours aussi lent et fait toujours autant de bruit merci de bien vouloir m'aider s'il vous plait
vous trouverez ci-joint un rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:26, on 27/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Street-Ads Browser Enhancer mmx - {32B06322-A797-4CAF-AFC5-3F8CBD888338} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\MICROA~1\SCURIT~1\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Securite Internet 2009 (AVP) - Micro Application - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
je viens a vous car je pense que mon ordinateur est bien infecté j'ai tentéde le nettoyer mais rien a faire il est toujours aussi lent et fait toujours autant de bruit merci de bien vouloir m'aider s'il vous plait
vous trouverez ci-joint un rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:26, on 27/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Street-Ads Browser Enhancer mmx - {32B06322-A797-4CAF-AFC5-3F8CBD888338} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\MICROA~1\SCURIT~1\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Securite Internet 2009 (AVP) - Micro Application - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
A voir également:
- Virus je pense
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
13 réponses
Bonjour
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Re
1)De combien de protections disposes tu?
Désinstalle ce logiciel:Sécurité Internet 2009
Un seul antivirus par PC.
2)Fait de la place sur ton disque dur:10% d'espace libre etent le minimum pour que XP soit à l'aise.
3)Désinstalle Adobe Reader et prend Foxit reader;il est moins lourd et tout aussi performant pour lire un fichier PDF.
4)Tu disposes de Malwaresbytes;met le à jour et lance une analyse complète de ton PC et poste moi le rapport à l'issue;merci.
@+
1)De combien de protections disposes tu?
Désinstalle ce logiciel:Sécurité Internet 2009
Un seul antivirus par PC.
2)Fait de la place sur ton disque dur:10% d'espace libre etent le minimum pour que XP soit à l'aise.
3)Désinstalle Adobe Reader et prend Foxit reader;il est moins lourd et tout aussi performant pour lire un fichier PDF.
4)Tu disposes de Malwaresbytes;met le à jour et lance une analyse complète de ton PC et poste moi le rapport à l'issue;merci.
@+
Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3499
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/10/2010 10:57:57
mbam-log-2010-10-27 (10-57-57).txt
Type de recherche: Examen rapide
Eléments examinés: 103514
Temps écoulé: 8 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 3499
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/10/2010 10:57:57
mbam-log-2010-10-27 (10-57-57).txt
Type de recherche: Examen rapide
Eléments examinés: 103514
Temps écoulé: 8 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4963
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/10/2010 14:26:30
mbam-log-2010-10-27 (14-26-30).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 131670
Temps écoulé: 28 minute(s), 52 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll (Adware.Adrotator) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dmsqivcwdagxymws (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Winsudate (Adware.GibMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll (Adware.Adrotator) -> Delete on reboot.
C:\WINDOWS\system32\dmsqivcwdagxymws.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 4963
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/10/2010 14:26:30
mbam-log-2010-10-27 (14-26-30).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 131670
Temps écoulé: 28 minute(s), 52 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll (Adware.Adrotator) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b06322-a797-4caf-afc5-3f8cbd888338} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dmsqivcwdagxymws (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Winsudate (Adware.GibMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll (Adware.Adrotator) -> Delete on reboot.
C:\WINDOWS\system32\dmsqivcwdagxymws.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\STEPHANIE\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
Rapport de ZHPDiag v1.22.06 par Nicolas Coolman, Update du 14/10/2010
Run by STEPHANIE at 27/10/2010 16:19:42
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 31 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (33% free)
System drive C: has 1 GB (1%) free of 38 GB
---\\ Logged in mode
Computer Name: BEST-S
User Name: STEPHANIE
All Users Names: SUPPORT_388945a0, STEPHANIE, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 38 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 111 Go)
I:\ CD-ROM drive (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
---\\ Processus lancés
[MD5.C23082B890F21267037CA6111C385FF3] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [409600]
[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.AECBBD99F06C11302B0C53758F89ACDB] - (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe [4574208]
[MD5.93663F0EEAB2CE2CD8D3A60DD9C98CB2] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1357464]
[MD5.2EAC3E6B4AAA9577D11B875BD02A35BE] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.ECDF534572156698E0FC39C3E22DDC6D] - (.Shareaza Development Team - Shareaza Media Player.) -- C:\Program Files\Shareaza\MediaPlayer.exe [141824]
[MD5.B66621D7360044D3645C0AC059CF60B2] - (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe [3558912]
[MD5.CBAC41ADDDD6D5C761CDDD2C015CEF2C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [580096]
---\\ Page de démarrage de Mozilla Firefox (M0)
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] http://start.jeux.fr
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] https://www.msn.com/fr-fr
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [STEPHANIE - 2wiwqwa7.default\{20a82645-c095-46ed-80e3-08825760534b}(2)] [MicrosoftCG] Microsoft .NET Framework Assistant 1.1 (.Microsoft.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16291.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1645522239-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{90AF040C-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Download with &Shareaza . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\ati2sgag.exe (.not file.)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU (NMSAccessU) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SesamTVMC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{F74AECE9-5D65-4A05-8737-7E943F820AC5}.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- Rundll32 IEDKCS32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: 23164431 (23164431) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\system32\DRIVERS\23164431.sys
O41 - Driver: AMD Processor Driver (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\system32\DRIVERS\AmdK8.sys
O41 - Driver: setup_9.0.0.722_23.10.2010_15-19drv (setup_9.0.0.722_23.10.2010_15-19drv) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\2316443.sys
O41 - Driver: Klif (klif) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 4 Elements - (.Pas de propriétaire.) [HKLM] -- 4 Elements
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Big City Adventure Sydney - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
O42 - Logiciel: Fashion Boutique - (.Pas de propriétaire.) [HKLM] -- Fashion Boutique
O42 - Logiciel: FormatFactory 2.30 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Governor of Poker - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IZArc 3.81 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Ice Cream Craze - Tycoon Takeover - (.Adnan_Boy 2008.) [HKLM] -- Ice Cream Craze - Tycoon Takeover1.0
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.) [HKLM] -- {6860B340-530D-46B3-91F8-1AE1F70F7C33}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Revo Uninstaller 1.90 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shareaza 2.5.3.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Driver Package - ASUSTeK (3xHybrid) MEDIA (05/05/2005 1.3.2.5) - (.ASUSTeK.) [HKLM] -- 3D2033483F28DB33D898C8A0ED1EAB50733C6CB5
O42 - Logiciel: Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) - (.Advanced Micro Devices.) [HKLM] -- 53F13DB4D9611FD63BE580F06F0729BF236ABE68
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Alawar]
[HKCU\Software\AppDataLow\Software\{E494BE67-1B70-C6FA-4A44-506C5867CAEB}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Brother]
[HKCU\Software\CDBurnerXP]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DScaler5]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameHouse]
[HKCU\Software\GoBit]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jitit Virtual Registry]
[HKCU\Software\JollyBear]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Lavasoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\Oberon Media]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Opendisc]
[HKCU\Software\Parisprog]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\SecuROM]
[HKCU\Software\Shareaza]
[HKCU\Software\Softonic]
[HKCU\Software\TVANTS]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Xobni]
[HKCU\Software\Zylom]
[HKCU\Software\ej-technologies]
[HKCU\Software\settings]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Alawar]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Compedia]
[HKLM\Software\Conduit]
[HKLM\Software\Disney Interactive]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Last Day of Work]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\ODBC]
[HKLM\Software\Oberon Media]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realore]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Shareaza]
[HKLM\Software\Street-Ads]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\TuneUp]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Winsudate]
[HKLM\Software\Wise Solutions]
[HKLM\Software\WiseCleaner]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\4 Elements
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Diner Dash Flo Through Time
O43 - CFD:Common File Directory ----D- C:\Program Files\Fashion Boutique
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Games
O43 - CFD:Common File Directory ----D- C:\Program Files\GamesBar
O43 - CFD:Common File Directory ----D- C:\Program Files\Ice Cream Craze - Tycoon Takeover
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux Rico
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\jeuxob.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\Kit ADSL
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Power IE
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Shareaza
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 14:19:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [79499]
O44 - LFC:[MD5.C91B9C952BAD72590B6525F6D3FD72A9] - 27/10/2010 - 14:19:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log [808]
O44 - LFC:[MD5.971D4D178E694AB14D55D9FA56CD37D0] - 27/10/2010 - 14:01:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [2860]
O44 - LFC:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 27/10/2010 - 14:01:10 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\System32\drivers\Lbd.sys [64288]
O44 - LFC:[MD5.4019149E4E296072831C8855605D9FDC] - 27/10/2010 - 14:00:37 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [95024]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\frvjktp.sys [54016]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 27/10/2010 - 12:54:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 27/10/2010 - 12:54:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/10/2010 - 12:30:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 27/10/2010 - 12:30:09 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:28:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32302]
O44 - LFC:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 25/10/2010 - 10:00:04 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [17744]
O44 - LFC:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 25/10/2010 - 10:00:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [165584]
O44 - LFC:[MD5.69823954BBD461A73D69774928C9737E] - 25/10/2010 - 10:00:02 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376]
O44 - LFC:[MD5.095ED820A926AA8189180B305E1BCFC9] - 25/10/2010 - 10:00:01 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672]
O44 - LFC:[MD5.8D488938E2F7048906F1FBD3AF394887] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880]
O44 - LFC:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94544]
O44 - LFC:[MD5.7D880C76A285A41284D862E2D798EC0D] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100176]
O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 25/10/2010 - 10:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]
O44 - LFC:[MD5.62C5E46076F52D394EA0B898FF7B8747] - 25/10/2010 - 09:59:37 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [38848]
O44 - LFC:[MD5.C983EB22398295B00A5A10B681DABC6E] - 25/10/2010 - 09:59:36 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [167592]
O44 - LFC:[MD5.C53F7484F8E517F328D41D6920FF2560] - 24/10/2010 - 16:31:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rapport.txt [2630]
O44 - LFC:[MD5.CF115624030C349C0698E5D88FEB8141] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.reg [1332]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.txt [0]
O44 - LFC:[MD5.811F5C625680CF858891407DB7A8FC67] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\WS2Fix.exe [75776]
O44 - LFC:[MD5.21868B2D22C726D94D98F15825D4134B] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\dumphive.exe [51200]
O44 - LFC:[MD5.C16B1595E3C2FFC875EF28BF66EC557F] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\swsc.exe [40960]
O44 - LFC:[MD5.FC041F7D1341EEE456F1FA1A256CD24F] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - Search SharedTaskScheduler.) -- C:\WINDOWS\System32\SrchSTS.exe [288417]
O44 - LFC:[MD5.D726E152E257A1AB819F88312EC69620] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - VC CLSID Cleaner.) -- C:\WINDOWS\System32\VCCLSID.exe [289144]
O44 - LFC:[MD5.61FD593673225697D091DE2DDD2E9E47] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - 404Fix.) -- C:\WINDOWS\System32\404Fix.exe [82432]
O44 - LFC:[MD5.C02562A732F0223082D4CCFC7D4F23DF] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - Agent.OMZ.Fix.) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [78336]
O44 - LFC:[MD5.799A9EA3FFB220780AE3D3C11B08D067] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.) -- C:\WINDOWS\System32\IEDFix.exe [82944]
O44 - LFC:[MD5.9769AB38CB77C9914C25B8141A2A3FBE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.C.) -- C:\WINDOWS\System32\IEDFix.C.exe [82944]
O44 - LFC:[MD5.81BC780E5FD520838C6A417840127635] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - VACFix.) -- C:\WINDOWS\System32\VACFix.exe [87552]
O44 - LFC:[MD5.CEBEF7E3612A75D15C73E8CA71D012AE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - o4Patch.) -- C:\WINDOWS\System32\o4Patch.exe [80384]
O44 - LFC:[MD5.E417D888FDDE9A2290C369C82A7AEC3E] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\System32\swreg.exe [135168]
O44 - LFC:[MD5.EF5DC4CF7C39CFB4653859878C14D86C] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\System32\swxcacls.exe [79360]
O44 - LFC:[MD5.7397F6EE4A9601A123B645C0CD428017] - 24/10/2010 - 16:05:39 ---A- . (.https://www.beyondlogic.org/ - Command Line Process Utility.) -- C:\WINDOWS\System32\Process.exe [53248]
O44 - LFC:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\23164432.sys [37392]
O44 - LFC:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\23164431.sys [128016]
O44 - LFC:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\2316443.sys [315408]
O44 - LFC:[MD5.B4A6E5D22609723B8632018A9D18677A] - 22/10/2010 - 16:09:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.35B53E9FF5D35B7D4B2CFCE7FDD5B682] - 17/10/2010 - 15:46:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Disney.ini [31]
O44 - LFC:[MD5.44F548B4315923C4E00B426CBFA15D7D] - 16/10/2010 - 11:37:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [126112]
O44 - LFC:[MD5.D9BB18D338F575D120A31BB7AC3A0E32] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1114846]
O44 - LFC:[MD5.B6E38AB22A77DF9737C4AE8B6FA4BB7E] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [71816]
O44 - LFC:[MD5.4F632DBC770DFBA47C2B5A45A5E1D368] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [94572]
O44 - LFC:[MD5.C6CCFA7246A574FAA049E7083B0E4138] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [442456]
O44 - LFC:[MD5.3D76EF0666AAE7DDA11D3F908AF9AAA2] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [535216]
O44 - LFC:[MD5.46B3B3F06A84D66854C144AE0BB29A83] - 29/09/2010 - 22:00:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [28886]
O44 - LFC:[MD5.D364582A9858BEB5D2C4136826731AB6] - 29/09/2010 - 17:04:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp468A1.FOT [1409]
O44 - LFC:[MD5.D06C32AD66646C4383B3B18076A04174] - 29/09/2010 - 17:04:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpBF1A1.FOT [1409]
O44 - LFC:[MD5.1FE4173C1D67E12E51DB71B1C539B945] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp0A0AD.FOT [1409]
O44 - LFC:[MD5.2032C9679E0C9D5D0A6690E982E125F9] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpDB3AD.FOT [1409]
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FrostWire\FrostWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team - Shareaza Ultimate File Sharing.) (.not file.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3b6b71f0-6002-11df-b52e-0013d3b1020d}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- J:\USBAutoRun.exe
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 09/10/2009 - 22:31:10 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\2316443.sys
O58 - SDL:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 25/09/2009 - 16:59:42 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\23164431.sys
O58 - SDL:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 22/10/2009 - 12:54:18 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\23164432.sys
O58 - SDL:[MD5.8C859744BB069A86E9159DD7B5B92629] - 03/05/2005 - 09:25:56 ---A- . (.Philips Semiconductors GmbH - 3xHybrid.) -- C:\WINDOWS\system32\drivers\3xHybrid.sys
O58 - SDL:[MD5.8D488938E2F7048906F1FBD3AF394887] - 07/09/2010 - 15:46:51 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.9A6AA923F00D368C8AD3BD7485D5CDCA] - 18/05/2005 - 16:50:30 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:[MD5.0A4D13B388C814560BD69C3A496ECFA8] - 18/06/2006 - 22:37:34 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys
O58 - SDL:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 07/09/2010 - 15:47:07 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 07/09/2010 - 15:47:16 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.7D880C76A285A41284D862E2D798EC0D] - 07/09/2010 - 15:47:19 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.69823954BBD461A73D69774928C9737E] - 07/09/2010 - 15:47:46 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 07/09/2010 - 15:52:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.095ED820A926AA8189180B305E1BCFC9] - 07/09/2010 - 15:52:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.F5FC6AC1E7BC776871361D463FC86BE2] - 07/06/2006 - 22:08:56 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.92A964547B96D697E5E9ED43B4297F5A] - 15/10/2004 - 04:50:20 ---A- . (.Brother Industries Ltd. - Brother USB Scanner Driver.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 02/03/2006 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\frvjktp.sys
O58 - SDL:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 08/09/2010 - 13:59:42 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multi
Run by STEPHANIE at 27/10/2010 16:19:42
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 31 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (33% free)
System drive C: has 1 GB (1%) free of 38 GB
---\\ Logged in mode
Computer Name: BEST-S
User Name: STEPHANIE
All Users Names: SUPPORT_388945a0, STEPHANIE, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 38 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 111 Go)
I:\ CD-ROM drive (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
---\\ Processus lancés
[MD5.C23082B890F21267037CA6111C385FF3] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [409600]
[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.AECBBD99F06C11302B0C53758F89ACDB] - (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe [4574208]
[MD5.93663F0EEAB2CE2CD8D3A60DD9C98CB2] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1357464]
[MD5.2EAC3E6B4AAA9577D11B875BD02A35BE] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.ECDF534572156698E0FC39C3E22DDC6D] - (.Shareaza Development Team - Shareaza Media Player.) -- C:\Program Files\Shareaza\MediaPlayer.exe [141824]
[MD5.B66621D7360044D3645C0AC059CF60B2] - (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe [3558912]
[MD5.CBAC41ADDDD6D5C761CDDD2C015CEF2C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [580096]
---\\ Page de démarrage de Mozilla Firefox (M0)
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] http://start.jeux.fr
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] https://www.msn.com/fr-fr
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [STEPHANIE - 2wiwqwa7.default\{20a82645-c095-46ed-80e3-08825760534b}(2)] [MicrosoftCG] Microsoft .NET Framework Assistant 1.1 (.Microsoft.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16291.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1645522239-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{90AF040C-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Download with &Shareaza . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\ati2sgag.exe (.not file.)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU (NMSAccessU) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SesamTVMC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{F74AECE9-5D65-4A05-8737-7E943F820AC5}.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- Rundll32 IEDKCS32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: 23164431 (23164431) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\system32\DRIVERS\23164431.sys
O41 - Driver: AMD Processor Driver (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\system32\DRIVERS\AmdK8.sys
O41 - Driver: setup_9.0.0.722_23.10.2010_15-19drv (setup_9.0.0.722_23.10.2010_15-19drv) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\2316443.sys
O41 - Driver: Klif (klif) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 4 Elements - (.Pas de propriétaire.) [HKLM] -- 4 Elements
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Big City Adventure Sydney - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
O42 - Logiciel: Fashion Boutique - (.Pas de propriétaire.) [HKLM] -- Fashion Boutique
O42 - Logiciel: FormatFactory 2.30 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Governor of Poker - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IZArc 3.81 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Ice Cream Craze - Tycoon Takeover - (.Adnan_Boy 2008.) [HKLM] -- Ice Cream Craze - Tycoon Takeover1.0
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.) [HKLM] -- {6860B340-530D-46B3-91F8-1AE1F70F7C33}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Revo Uninstaller 1.90 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shareaza 2.5.3.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Driver Package - ASUSTeK (3xHybrid) MEDIA (05/05/2005 1.3.2.5) - (.ASUSTeK.) [HKLM] -- 3D2033483F28DB33D898C8A0ED1EAB50733C6CB5
O42 - Logiciel: Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) - (.Advanced Micro Devices.) [HKLM] -- 53F13DB4D9611FD63BE580F06F0729BF236ABE68
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Alawar]
[HKCU\Software\AppDataLow\Software\{E494BE67-1B70-C6FA-4A44-506C5867CAEB}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Brother]
[HKCU\Software\CDBurnerXP]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DScaler5]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameHouse]
[HKCU\Software\GoBit]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jitit Virtual Registry]
[HKCU\Software\JollyBear]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Lavasoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\Oberon Media]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Opendisc]
[HKCU\Software\Parisprog]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\SecuROM]
[HKCU\Software\Shareaza]
[HKCU\Software\Softonic]
[HKCU\Software\TVANTS]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Xobni]
[HKCU\Software\Zylom]
[HKCU\Software\ej-technologies]
[HKCU\Software\settings]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Alawar]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Compedia]
[HKLM\Software\Conduit]
[HKLM\Software\Disney Interactive]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Last Day of Work]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\ODBC]
[HKLM\Software\Oberon Media]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realore]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Shareaza]
[HKLM\Software\Street-Ads]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\TuneUp]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Winsudate]
[HKLM\Software\Wise Solutions]
[HKLM\Software\WiseCleaner]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\4 Elements
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Diner Dash Flo Through Time
O43 - CFD:Common File Directory ----D- C:\Program Files\Fashion Boutique
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Games
O43 - CFD:Common File Directory ----D- C:\Program Files\GamesBar
O43 - CFD:Common File Directory ----D- C:\Program Files\Ice Cream Craze - Tycoon Takeover
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux Rico
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\jeuxob.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\Kit ADSL
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Power IE
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Shareaza
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 14:19:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [79499]
O44 - LFC:[MD5.C91B9C952BAD72590B6525F6D3FD72A9] - 27/10/2010 - 14:19:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log [808]
O44 - LFC:[MD5.971D4D178E694AB14D55D9FA56CD37D0] - 27/10/2010 - 14:01:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [2860]
O44 - LFC:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 27/10/2010 - 14:01:10 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\System32\drivers\Lbd.sys [64288]
O44 - LFC:[MD5.4019149E4E296072831C8855605D9FDC] - 27/10/2010 - 14:00:37 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [95024]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\frvjktp.sys [54016]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 27/10/2010 - 12:54:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 27/10/2010 - 12:54:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/10/2010 - 12:30:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 27/10/2010 - 12:30:09 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:28:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32302]
O44 - LFC:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 25/10/2010 - 10:00:04 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [17744]
O44 - LFC:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 25/10/2010 - 10:00:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [165584]
O44 - LFC:[MD5.69823954BBD461A73D69774928C9737E] - 25/10/2010 - 10:00:02 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376]
O44 - LFC:[MD5.095ED820A926AA8189180B305E1BCFC9] - 25/10/2010 - 10:00:01 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672]
O44 - LFC:[MD5.8D488938E2F7048906F1FBD3AF394887] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880]
O44 - LFC:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94544]
O44 - LFC:[MD5.7D880C76A285A41284D862E2D798EC0D] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100176]
O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 25/10/2010 - 10:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]
O44 - LFC:[MD5.62C5E46076F52D394EA0B898FF7B8747] - 25/10/2010 - 09:59:37 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [38848]
O44 - LFC:[MD5.C983EB22398295B00A5A10B681DABC6E] - 25/10/2010 - 09:59:36 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [167592]
O44 - LFC:[MD5.C53F7484F8E517F328D41D6920FF2560] - 24/10/2010 - 16:31:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rapport.txt [2630]
O44 - LFC:[MD5.CF115624030C349C0698E5D88FEB8141] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.reg [1332]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.txt [0]
O44 - LFC:[MD5.811F5C625680CF858891407DB7A8FC67] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\WS2Fix.exe [75776]
O44 - LFC:[MD5.21868B2D22C726D94D98F15825D4134B] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\dumphive.exe [51200]
O44 - LFC:[MD5.C16B1595E3C2FFC875EF28BF66EC557F] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\swsc.exe [40960]
O44 - LFC:[MD5.FC041F7D1341EEE456F1FA1A256CD24F] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - Search SharedTaskScheduler.) -- C:\WINDOWS\System32\SrchSTS.exe [288417]
O44 - LFC:[MD5.D726E152E257A1AB819F88312EC69620] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - VC CLSID Cleaner.) -- C:\WINDOWS\System32\VCCLSID.exe [289144]
O44 - LFC:[MD5.61FD593673225697D091DE2DDD2E9E47] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - 404Fix.) -- C:\WINDOWS\System32\404Fix.exe [82432]
O44 - LFC:[MD5.C02562A732F0223082D4CCFC7D4F23DF] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - Agent.OMZ.Fix.) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [78336]
O44 - LFC:[MD5.799A9EA3FFB220780AE3D3C11B08D067] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.) -- C:\WINDOWS\System32\IEDFix.exe [82944]
O44 - LFC:[MD5.9769AB38CB77C9914C25B8141A2A3FBE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.C.) -- C:\WINDOWS\System32\IEDFix.C.exe [82944]
O44 - LFC:[MD5.81BC780E5FD520838C6A417840127635] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - VACFix.) -- C:\WINDOWS\System32\VACFix.exe [87552]
O44 - LFC:[MD5.CEBEF7E3612A75D15C73E8CA71D012AE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - o4Patch.) -- C:\WINDOWS\System32\o4Patch.exe [80384]
O44 - LFC:[MD5.E417D888FDDE9A2290C369C82A7AEC3E] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\System32\swreg.exe [135168]
O44 - LFC:[MD5.EF5DC4CF7C39CFB4653859878C14D86C] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\System32\swxcacls.exe [79360]
O44 - LFC:[MD5.7397F6EE4A9601A123B645C0CD428017] - 24/10/2010 - 16:05:39 ---A- . (.https://www.beyondlogic.org/ - Command Line Process Utility.) -- C:\WINDOWS\System32\Process.exe [53248]
O44 - LFC:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\23164432.sys [37392]
O44 - LFC:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\23164431.sys [128016]
O44 - LFC:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\2316443.sys [315408]
O44 - LFC:[MD5.B4A6E5D22609723B8632018A9D18677A] - 22/10/2010 - 16:09:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.35B53E9FF5D35B7D4B2CFCE7FDD5B682] - 17/10/2010 - 15:46:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Disney.ini [31]
O44 - LFC:[MD5.44F548B4315923C4E00B426CBFA15D7D] - 16/10/2010 - 11:37:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [126112]
O44 - LFC:[MD5.D9BB18D338F575D120A31BB7AC3A0E32] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1114846]
O44 - LFC:[MD5.B6E38AB22A77DF9737C4AE8B6FA4BB7E] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [71816]
O44 - LFC:[MD5.4F632DBC770DFBA47C2B5A45A5E1D368] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [94572]
O44 - LFC:[MD5.C6CCFA7246A574FAA049E7083B0E4138] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [442456]
O44 - LFC:[MD5.3D76EF0666AAE7DDA11D3F908AF9AAA2] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [535216]
O44 - LFC:[MD5.46B3B3F06A84D66854C144AE0BB29A83] - 29/09/2010 - 22:00:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [28886]
O44 - LFC:[MD5.D364582A9858BEB5D2C4136826731AB6] - 29/09/2010 - 17:04:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp468A1.FOT [1409]
O44 - LFC:[MD5.D06C32AD66646C4383B3B18076A04174] - 29/09/2010 - 17:04:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpBF1A1.FOT [1409]
O44 - LFC:[MD5.1FE4173C1D67E12E51DB71B1C539B945] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp0A0AD.FOT [1409]
O44 - LFC:[MD5.2032C9679E0C9D5D0A6690E982E125F9] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpDB3AD.FOT [1409]
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FrostWire\FrostWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team - Shareaza Ultimate File Sharing.) (.not file.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3b6b71f0-6002-11df-b52e-0013d3b1020d}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- J:\USBAutoRun.exe
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 09/10/2009 - 22:31:10 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\2316443.sys
O58 - SDL:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 25/09/2009 - 16:59:42 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\23164431.sys
O58 - SDL:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 22/10/2009 - 12:54:18 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\23164432.sys
O58 - SDL:[MD5.8C859744BB069A86E9159DD7B5B92629] - 03/05/2005 - 09:25:56 ---A- . (.Philips Semiconductors GmbH - 3xHybrid.) -- C:\WINDOWS\system32\drivers\3xHybrid.sys
O58 - SDL:[MD5.8D488938E2F7048906F1FBD3AF394887] - 07/09/2010 - 15:46:51 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.9A6AA923F00D368C8AD3BD7485D5CDCA] - 18/05/2005 - 16:50:30 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:[MD5.0A4D13B388C814560BD69C3A496ECFA8] - 18/06/2006 - 22:37:34 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys
O58 - SDL:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 07/09/2010 - 15:47:07 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 07/09/2010 - 15:47:16 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.7D880C76A285A41284D862E2D798EC0D] - 07/09/2010 - 15:47:19 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.69823954BBD461A73D69774928C9737E] - 07/09/2010 - 15:47:46 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 07/09/2010 - 15:52:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.095ED820A926AA8189180B305E1BCFC9] - 07/09/2010 - 15:52:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.F5FC6AC1E7BC776871361D463FC86BE2] - 07/06/2006 - 22:08:56 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.92A964547B96D697E5E9ED43B4297F5A] - 15/10/2004 - 04:50:20 ---A- . (.Brother Industries Ltd. - Brother USB Scanner Driver.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 02/03/2006 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\frvjktp.sys
O58 - SDL:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 08/09/2010 - 13:59:42 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multi
ci-joint rapport demandé merci
Rapport de ZHPDiag v1.22.06 par Nicolas Coolman, Update du 14/10/2010
Run by STEPHANIE at 27/10/2010 16:19:42
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 31 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (33% free)
System drive C: has 1 GB (1%) free of 38 GB
---\\ Logged in mode
Computer Name: BEST-S
User Name: STEPHANIE
All Users Names: SUPPORT_388945a0, STEPHANIE, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 38 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 111 Go)
I:\ CD-ROM drive (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
---\\ Processus lancés
[MD5.C23082B890F21267037CA6111C385FF3] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [409600]
[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.AECBBD99F06C11302B0C53758F89ACDB] - (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe [4574208]
[MD5.93663F0EEAB2CE2CD8D3A60DD9C98CB2] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1357464]
[MD5.2EAC3E6B4AAA9577D11B875BD02A35BE] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.ECDF534572156698E0FC39C3E22DDC6D] - (.Shareaza Development Team - Shareaza Media Player.) -- C:\Program Files\Shareaza\MediaPlayer.exe [141824]
[MD5.B66621D7360044D3645C0AC059CF60B2] - (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe [3558912]
[MD5.CBAC41ADDDD6D5C761CDDD2C015CEF2C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [580096]
---\\ Page de démarrage de Mozilla Firefox (M0)
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] http://start.jeux.fr
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] https://www.msn.com/fr-fr
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [STEPHANIE - 2wiwqwa7.default\{20a82645-c095-46ed-80e3-08825760534b}(2)] [MicrosoftCG] Microsoft .NET Framework Assistant 1.1 (.Microsoft.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16291.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1645522239-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{90AF040C-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Download with &Shareaza . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\ati2sgag.exe (.not file.)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU (NMSAccessU) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SesamTVMC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{F74AECE9-5D65-4A05-8737-7E943F820AC5}.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- Rundll32 IEDKCS32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: 23164431 (23164431) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\system32\DRIVERS\23164431.sys
O41 - Driver: AMD Processor Driver (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\system32\DRIVERS\AmdK8.sys
O41 - Driver: setup_9.0.0.722_23.10.2010_15-19drv (setup_9.0.0.722_23.10.2010_15-19drv) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\2316443.sys
O41 - Driver: Klif (klif) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 4 Elements - (.Pas de propriétaire.) [HKLM] -- 4 Elements
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Big City Adventure Sydney - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
O42 - Logiciel: Fashion Boutique - (.Pas de propriétaire.) [HKLM] -- Fashion Boutique
O42 - Logiciel: FormatFactory 2.30 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Governor of Poker - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IZArc 3.81 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Ice Cream Craze - Tycoon Takeover - (.Adnan_Boy 2008.) [HKLM] -- Ice Cream Craze - Tycoon Takeover1.0
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.) [HKLM] -- {6860B340-530D-46B3-91F8-1AE1F70F7C33}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Revo Uninstaller 1.90 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shareaza 2.5.3.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Driver Package - ASUSTeK (3xHybrid) MEDIA (05/05/2005 1.3.2.5) - (.ASUSTeK.) [HKLM] -- 3D2033483F28DB33D898C8A0ED1EAB50733C6CB5
O42 - Logiciel: Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) - (.Advanced Micro Devices.) [HKLM] -- 53F13DB4D9611FD63BE580F06F0729BF236ABE68
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Alawar]
[HKCU\Software\AppDataLow\Software\{E494BE67-1B70-C6FA-4A44-506C5867CAEB}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Brother]
[HKCU\Software\CDBurnerXP]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DScaler5]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameHouse]
[HKCU\Software\GoBit]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jitit Virtual Registry]
[HKCU\Software\JollyBear]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Lavasoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\Oberon Media]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Opendisc]
[HKCU\Software\Parisprog]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\SecuROM]
[HKCU\Software\Shareaza]
[HKCU\Software\Softonic]
[HKCU\Software\TVANTS]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Xobni]
[HKCU\Software\Zylom]
[HKCU\Software\ej-technologies]
[HKCU\Software\settings]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Alawar]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Compedia]
[HKLM\Software\Conduit]
[HKLM\Software\Disney Interactive]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Last Day of Work]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\ODBC]
[HKLM\Software\Oberon Media]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realore]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Shareaza]
[HKLM\Software\Street-Ads]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\TuneUp]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Winsudate]
[HKLM\Software\Wise Solutions]
[HKLM\Software\WiseCleaner]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\4 Elements
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Diner Dash Flo Through Time
O43 - CFD:Common File Directory ----D- C:\Program Files\Fashion Boutique
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Games
O43 - CFD:Common File Directory ----D- C:\Program Files\GamesBar
O43 - CFD:Common File Directory ----D- C:\Program Files\Ice Cream Craze - Tycoon Takeover
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux Rico
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\jeuxob.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\Kit ADSL
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Power IE
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Shareaza
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 14:19:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [79499]
O44 - LFC:[MD5.C91B9C952BAD72590B6525F6D3FD72A9] - 27/10/2010 - 14:19:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log [808]
O44 - LFC:[MD5.971D4D178E694AB14D55D9FA56CD37D0] - 27/10/2010 - 14:01:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [2860]
O44 - LFC:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 27/10/2010 - 14:01:10 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\System32\drivers\Lbd.sys [64288]
O44 - LFC:[MD5.4019149E4E296072831C8855605D9FDC] - 27/10/2010 - 14:00:37 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [95024]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\frvjktp.sys [54016]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 27/10/2010 - 12:54:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 27/10/2010 - 12:54:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/10/2010 - 12:30:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 27/10/2010 - 12:30:09 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:28:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32302]
O44 - LFC:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 25/10/2010 - 10:00:04 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [17744]
O44 - LFC:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 25/10/2010 - 10:00:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [165584]
O44 - LFC:[MD5.69823954BBD461A73D69774928C9737E] - 25/10/2010 - 10:00:02 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376]
O44 - LFC:[MD5.095ED820A926AA8189180B305E1BCFC9] - 25/10/2010 - 10:00:01 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672]
O44 - LFC:[MD5.8D488938E2F7048906F1FBD3AF394887] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880]
O44 - LFC:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94544]
O44 - LFC:[MD5.7D880C76A285A41284D862E2D798EC0D] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100176]
O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 25/10/2010 - 10:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]
O44 - LFC:[MD5.62C5E46076F52D394EA0B898FF7B8747] - 25/10/2010 - 09:59:37 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [38848]
O44 - LFC:[MD5.C983EB22398295B00A5A10B681DABC6E] - 25/10/2010 - 09:59:36 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [167592]
O44 - LFC:[MD5.C53F7484F8E517F328D41D6920FF2560] - 24/10/2010 - 16:31:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rapport.txt [2630]
O44 - LFC:[MD5.CF115624030C349C0698E5D88FEB8141] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.reg [1332]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.txt [0]
O44 - LFC:[MD5.811F5C625680CF858891407DB7A8FC67] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\WS2Fix.exe [75776]
O44 - LFC:[MD5.21868B2D22C726D94D98F15825D4134B] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\dumphive.exe [51200]
O44 - LFC:[MD5.C16B1595E3C2FFC875EF28BF66EC557F] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\swsc.exe [40960]
O44 - LFC:[MD5.FC041F7D1341EEE456F1FA1A256CD24F] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - Search SharedTaskScheduler.) -- C:\WINDOWS\System32\SrchSTS.exe [288417]
O44 - LFC:[MD5.D726E152E257A1AB819F88312EC69620] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - VC CLSID Cleaner.) -- C:\WINDOWS\System32\VCCLSID.exe [289144]
O44 - LFC:[MD5.61FD593673225697D091DE2DDD2E9E47] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - 404Fix.) -- C:\WINDOWS\System32\404Fix.exe [82432]
O44 - LFC:[MD5.C02562A732F0223082D4CCFC7D4F23DF] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - Agent.OMZ.Fix.) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [78336]
O44 - LFC:[MD5.799A9EA3FFB220780AE3D3C11B08D067] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.) -- C:\WINDOWS\System32\IEDFix.exe [82944]
O44 - LFC:[MD5.9769AB38CB77C9914C25B8141A2A3FBE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.C.) -- C:\WINDOWS\System32\IEDFix.C.exe [82944]
O44 - LFC:[MD5.81BC780E5FD520838C6A417840127635] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - VACFix.) -- C:\WINDOWS\System32\VACFix.exe [87552]
O44 - LFC:[MD5.CEBEF7E3612A75D15C73E8CA71D012AE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - o4Patch.) -- C:\WINDOWS\System32\o4Patch.exe [80384]
O44 - LFC:[MD5.E417D888FDDE9A2290C369C82A7AEC3E] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\System32\swreg.exe [135168]
O44 - LFC:[MD5.EF5DC4CF7C39CFB4653859878C14D86C] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\System32\swxcacls.exe [79360]
O44 - LFC:[MD5.7397F6EE4A9601A123B645C0CD428017] - 24/10/2010 - 16:05:39 ---A- . (.https://www.beyondlogic.org/ - Command Line Process Utility.) -- C:\WINDOWS\System32\Process.exe [53248]
O44 - LFC:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\23164432.sys [37392]
O44 - LFC:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\23164431.sys [128016]
O44 - LFC:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\2316443.sys [315408]
O44 - LFC:[MD5.B4A6E5D22609723B8632018A9D18677A] - 22/10/2010 - 16:09:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.35B53E9FF5D35B7D4B2CFCE7FDD5B682] - 17/10/2010 - 15:46:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Disney.ini [31]
O44 - LFC:[MD5.44F548B4315923C4E00B426CBFA15D7D] - 16/10/2010 - 11:37:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [126112]
O44 - LFC:[MD5.D9BB18D338F575D120A31BB7AC3A0E32] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1114846]
O44 - LFC:[MD5.B6E38AB22A77DF9737C4AE8B6FA4BB7E] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [71816]
O44 - LFC:[MD5.4F632DBC770DFBA47C2B5A45A5E1D368] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [94572]
O44 - LFC:[MD5.C6CCFA7246A574FAA049E7083B0E4138] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [442456]
O44 - LFC:[MD5.3D76EF0666AAE7DDA11D3F908AF9AAA2] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [535216]
O44 - LFC:[MD5.46B3B3F06A84D66854C144AE0BB29A83] - 29/09/2010 - 22:00:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [28886]
O44 - LFC:[MD5.D364582A9858BEB5D2C4136826731AB6] - 29/09/2010 - 17:04:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp468A1.FOT [1409]
O44 - LFC:[MD5.D06C32AD66646C4383B3B18076A04174] - 29/09/2010 - 17:04:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpBF1A1.FOT [1409]
O44 - LFC:[MD5.1FE4173C1D67E12E51DB71B1C539B945] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp0A0AD.FOT [1409]
O44 - LFC:[MD5.2032C9679E0C9D5D0A6690E982E125F9] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpDB3AD.FOT [1409]
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FrostWire\FrostWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team - Shareaza Ultimate File Sharing.) (.not file.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3b6b71f0-6002-11df-b52e-0013d3b1020d}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- J:\USBAutoRun.exe
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 09/10/2009 - 22:31:10 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\2316443.sys
O58 - SDL:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 25/09/2009 - 16:59:42 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\23164431.sys
O58 - SDL:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 22/10/2009 - 12:54:18 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\23164432.sys
O58 - SDL:[MD5.8C859744BB069A86E9159DD7B5B92629] - 03/05/2005 - 09:25:56 ---A- . (.Philips Semiconductors GmbH - 3xHybrid.) -- C:\WINDOWS\system32\drivers\3xHybrid.sys
O58 - SDL:[MD5.8D488938E2F7048906F1FBD3AF394887] - 07/09/2010 - 15:46:51 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.9A6AA923F00D368C8AD3BD7485D5CDCA] - 18/05/2005 - 16:50:30 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:[MD5.0A4D13B388C814560BD69C3A496ECFA8] - 18/06/2006 - 22:37:34 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys
O58 - SDL:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 07/09/2010 - 15:47:07 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 07/09/2010 - 15:47:16 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.7D880C76A285A41284D862E2D798EC0D] - 07/09/2010 - 15:47:19 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.69823954BBD461A73D69774928C9737E] - 07/09/2010 - 15:47:46 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 07/09/2010 - 15:52:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.095ED820A926AA8189180B305E1BCFC9] - 07/09/2010 - 15:52:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.F5FC6AC1E7BC776871361D463FC86BE2] - 07/06/2006 - 22:08:56 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.92A964547B96D697E5E9ED43B4297F5A] - 15/10/2004 - 04:50:20 ---A- . (.Brother Industries Ltd. - Brother USB Scanner Driver.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 02/03/2006 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\frvjktp.sys
O58 - SDL:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 08/09/2010 - 13:59:42 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 0
Rapport de ZHPDiag v1.22.06 par Nicolas Coolman, Update du 14/10/2010
Run by STEPHANIE at 27/10/2010 16:19:42
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 31 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (33% free)
System drive C: has 1 GB (1%) free of 38 GB
---\\ Logged in mode
Computer Name: BEST-S
User Name: STEPHANIE
All Users Names: SUPPORT_388945a0, STEPHANIE, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 38 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 111 Go)
I:\ CD-ROM drive (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
---\\ Processus lancés
[MD5.C23082B890F21267037CA6111C385FF3] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [409600]
[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.AECBBD99F06C11302B0C53758F89ACDB] - (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe [4574208]
[MD5.93663F0EEAB2CE2CD8D3A60DD9C98CB2] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1357464]
[MD5.2EAC3E6B4AAA9577D11B875BD02A35BE] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.ECDF534572156698E0FC39C3E22DDC6D] - (.Shareaza Development Team - Shareaza Media Player.) -- C:\Program Files\Shareaza\MediaPlayer.exe [141824]
[MD5.B66621D7360044D3645C0AC059CF60B2] - (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe [3558912]
[MD5.CBAC41ADDDD6D5C761CDDD2C015CEF2C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [580096]
---\\ Page de démarrage de Mozilla Firefox (M0)
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] http://start.jeux.fr
M0 - MFSP: prefs.js [STEPHANIE - 2wiwqwa7.default] https://www.msn.com/fr-fr
---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [STEPHANIE - 2wiwqwa7.default\{20a82645-c095-46ed-80e3-08825760534b}(2)] [MicrosoftCG] Microsoft .NET Framework Assistant 1.1 (.Microsoft.)
---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16291.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)) -- C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1645522239-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{90AF040C-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\STEPHANIE\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Download with &Shareaza . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C0DAEA-D688-4047-B89D-DD2AB1B9DCC2}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\ati2sgag.exe (.not file.)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU (NMSAccessU) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SesamTVMC.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{F74AECE9-5D65-4A05-8737-7E943F820AC5}.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- Rundll32 IEDKCS32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: 23164431 (23164431) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\system32\DRIVERS\23164431.sys
O41 - Driver: AMD Processor Driver (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\system32\DRIVERS\AmdK8.sys
O41 - Driver: setup_9.0.0.722_23.10.2010_15-19drv (setup_9.0.0.722_23.10.2010_15-19drv) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\2316443.sys
O41 - Driver: Klif (klif) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\klif.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 4 Elements - (.Pas de propriétaire.) [HKLM] -- 4 Elements
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel - (.Pas de propriétaire.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Big City Adventure Sydney - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}
O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
O42 - Logiciel: Fashion Boutique - (.Pas de propriétaire.) [HKLM] -- Fashion Boutique
O42 - Logiciel: FormatFactory 2.30 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Governor of Poker - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IZArc 3.81 - (.Ivan Zahariev.) [HKLM] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Ice Cream Craze - Tycoon Takeover - (.Adnan_Boy 2008.) [HKLM] -- Ice Cream Craze - Tycoon Takeover1.0
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM] -- {90AF040C-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.) [HKLM] -- {6860B340-530D-46B3-91F8-1AE1F70F7C33}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre
O42 - Logiciel: Revo Uninstaller 1.90 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Shareaza 2.5.3.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Driver Package - ASUSTeK (3xHybrid) MEDIA (05/05/2005 1.3.2.5) - (.ASUSTeK.) [HKLM] -- 3D2033483F28DB33D898C8A0ED1EAB50733C6CB5
O42 - Logiciel: Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) - (.Advanced Micro Devices.) [HKLM] -- 53F13DB4D9611FD63BE580F06F0729BF236ABE68
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Alawar]
[HKCU\Software\AppDataLow\Software\{E494BE67-1B70-C6FA-4A44-506C5867CAEB}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Brother]
[HKCU\Software\CDBurnerXP]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DScaler5]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameHouse]
[HKCU\Software\GoBit]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jitit Virtual Registry]
[HKCU\Software\JollyBear]
[HKCU\Software\KasperskyLab]
[HKCU\Software\Lavasoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaChance]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\Oberon Media]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Opendisc]
[HKCU\Software\Parisprog]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\SecuROM]
[HKCU\Software\Shareaza]
[HKCU\Software\Softonic]
[HKCU\Software\TVANTS]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Xobni]
[HKCU\Software\Zylom]
[HKCU\Software\ej-technologies]
[HKCU\Software\settings]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Alawar]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Compedia]
[HKLM\Software\Conduit]
[HKLM\Software\Disney Interactive]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Last Day of Work]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\ODBC]
[HKLM\Software\Oberon Media]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realore]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Shareaza]
[HKLM\Software\Street-Ads]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\TuneUp]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Winsudate]
[HKLM\Software\Wise Solutions]
[HKLM\Software\WiseCleaner]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ej-technologies]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\4 Elements
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Diner Dash Flo Through Time
O43 - CFD:Common File Directory ----D- C:\Program Files\Fashion Boutique
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Games
O43 - CFD:Common File Directory ----D- C:\Program Files\GamesBar
O43 - CFD:Common File Directory ----D- C:\Program Files\Ice Cream Craze - Tycoon Takeover
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux Rico
O43 - CFD:Common File Directory ----D- C:\Program Files\Jeux.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\jeuxob.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\Kit ADSL
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Power IE
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Shareaza
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 14:19:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [79499]
O44 - LFC:[MD5.C91B9C952BAD72590B6525F6D3FD72A9] - 27/10/2010 - 14:19:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log [808]
O44 - LFC:[MD5.971D4D178E694AB14D55D9FA56CD37D0] - 27/10/2010 - 14:01:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [2860]
O44 - LFC:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 27/10/2010 - 14:01:10 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\System32\drivers\Lbd.sys [64288]
O44 - LFC:[MD5.4019149E4E296072831C8855605D9FDC] - 27/10/2010 - 14:00:37 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [95024]
O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\frvjktp.sys [54016]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 27/10/2010 - 12:54:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 27/10/2010 - 12:54:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:30:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/10/2010 - 12:30:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 27/10/2010 - 12:30:09 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 27/10/2010 - 12:28:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32302]
O44 - LFC:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 25/10/2010 - 10:00:04 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [17744]
O44 - LFC:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 25/10/2010 - 10:00:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [165584]
O44 - LFC:[MD5.69823954BBD461A73D69774928C9737E] - 25/10/2010 - 10:00:02 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376]
O44 - LFC:[MD5.095ED820A926AA8189180B305E1BCFC9] - 25/10/2010 - 10:00:01 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672]
O44 - LFC:[MD5.8D488938E2F7048906F1FBD3AF394887] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880]
O44 - LFC:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94544]
O44 - LFC:[MD5.7D880C76A285A41284D862E2D798EC0D] - 25/10/2010 - 10:00:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100176]
O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 25/10/2010 - 10:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]
O44 - LFC:[MD5.62C5E46076F52D394EA0B898FF7B8747] - 25/10/2010 - 09:59:37 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [38848]
O44 - LFC:[MD5.C983EB22398295B00A5A10B681DABC6E] - 25/10/2010 - 09:59:36 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [167592]
O44 - LFC:[MD5.C53F7484F8E517F328D41D6920FF2560] - 24/10/2010 - 16:31:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rapport.txt [2630]
O44 - LFC:[MD5.CF115624030C349C0698E5D88FEB8141] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.reg [1332]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/10/2010 - 16:24:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.txt [0]
O44 - LFC:[MD5.811F5C625680CF858891407DB7A8FC67] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\WS2Fix.exe [75776]
O44 - LFC:[MD5.21868B2D22C726D94D98F15825D4134B] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\dumphive.exe [51200]
O44 - LFC:[MD5.C16B1595E3C2FFC875EF28BF66EC557F] - 24/10/2010 - 16:05:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\swsc.exe [40960]
O44 - LFC:[MD5.FC041F7D1341EEE456F1FA1A256CD24F] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - Search SharedTaskScheduler.) -- C:\WINDOWS\System32\SrchSTS.exe [288417]
O44 - LFC:[MD5.D726E152E257A1AB819F88312EC69620] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri - VC CLSID Cleaner.) -- C:\WINDOWS\System32\VCCLSID.exe [289144]
O44 - LFC:[MD5.61FD593673225697D091DE2DDD2E9E47] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - 404Fix.) -- C:\WINDOWS\System32\404Fix.exe [82432]
O44 - LFC:[MD5.C02562A732F0223082D4CCFC7D4F23DF] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - Agent.OMZ.Fix.) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [78336]
O44 - LFC:[MD5.799A9EA3FFB220780AE3D3C11B08D067] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.) -- C:\WINDOWS\System32\IEDFix.exe [82944]
O44 - LFC:[MD5.9769AB38CB77C9914C25B8141A2A3FBE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - IEDFix.C.) -- C:\WINDOWS\System32\IEDFix.C.exe [82944]
O44 - LFC:[MD5.81BC780E5FD520838C6A417840127635] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - VACFix.) -- C:\WINDOWS\System32\VACFix.exe [87552]
O44 - LFC:[MD5.CEBEF7E3612A75D15C73E8CA71D012AE] - 24/10/2010 - 16:05:39 ---A- . (.S!Ri.URZ - o4Patch.) -- C:\WINDOWS\System32\o4Patch.exe [80384]
O44 - LFC:[MD5.E417D888FDDE9A2290C369C82A7AEC3E] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\System32\swreg.exe [135168]
O44 - LFC:[MD5.EF5DC4CF7C39CFB4653859878C14D86C] - 24/10/2010 - 16:05:39 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\System32\swxcacls.exe [79360]
O44 - LFC:[MD5.7397F6EE4A9601A123B645C0CD428017] - 24/10/2010 - 16:05:39 ---A- . (.https://www.beyondlogic.org/ - Command Line Process Utility.) -- C:\WINDOWS\System32\Process.exe [53248]
O44 - LFC:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\23164432.sys [37392]
O44 - LFC:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\23164431.sys [128016]
O44 - LFC:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 23/10/2010 - 15:47:51 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\2316443.sys [315408]
O44 - LFC:[MD5.B4A6E5D22609723B8632018A9D18677A] - 22/10/2010 - 16:09:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.35B53E9FF5D35B7D4B2CFCE7FDD5B682] - 17/10/2010 - 15:46:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Disney.ini [31]
O44 - LFC:[MD5.44F548B4315923C4E00B426CBFA15D7D] - 16/10/2010 - 11:37:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [126112]
O44 - LFC:[MD5.D9BB18D338F575D120A31BB7AC3A0E32] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1114846]
O44 - LFC:[MD5.B6E38AB22A77DF9737C4AE8B6FA4BB7E] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [71816]
O44 - LFC:[MD5.4F632DBC770DFBA47C2B5A45A5E1D368] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [94572]
O44 - LFC:[MD5.C6CCFA7246A574FAA049E7083B0E4138] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [442456]
O44 - LFC:[MD5.3D76EF0666AAE7DDA11D3F908AF9AAA2] - 06/10/2010 - 22:04:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [535216]
O44 - LFC:[MD5.46B3B3F06A84D66854C144AE0BB29A83] - 29/09/2010 - 22:00:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [28886]
O44 - LFC:[MD5.D364582A9858BEB5D2C4136826731AB6] - 29/09/2010 - 17:04:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp468A1.FOT [1409]
O44 - LFC:[MD5.D06C32AD66646C4383B3B18076A04174] - 29/09/2010 - 17:04:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpBF1A1.FOT [1409]
O44 - LFC:[MD5.1FE4173C1D67E12E51DB71B1C539B945] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp0A0AD.FOT [1409]
O44 - LFC:[MD5.2032C9679E0C9D5D0A6690E982E125F9] - 28/09/2010 - 16:59:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmpDB3AD.FOT [1409]
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FrostWire\FrostWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team - Shareaza Ultimate File Sharing.) (.not file.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3b6b71f0-6002-11df-b52e-0013d3b1020d}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- J:\USBAutoRun.exe
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=128
---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 09/10/2009 - 22:31:10 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\2316443.sys
O58 - SDL:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 25/09/2009 - 16:59:42 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\23164431.sys
O58 - SDL:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 22/10/2009 - 12:54:18 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\23164432.sys
O58 - SDL:[MD5.8C859744BB069A86E9159DD7B5B92629] - 03/05/2005 - 09:25:56 ---A- . (.Philips Semiconductors GmbH - 3xHybrid.) -- C:\WINDOWS\system32\drivers\3xHybrid.sys
O58 - SDL:[MD5.8D488938E2F7048906F1FBD3AF394887] - 07/09/2010 - 15:46:51 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.9A6AA923F00D368C8AD3BD7485D5CDCA] - 18/05/2005 - 16:50:30 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:[MD5.0A4D13B388C814560BD69C3A496ECFA8] - 18/06/2006 - 22:37:34 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys
O58 - SDL:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 07/09/2010 - 15:47:07 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 07/09/2010 - 15:47:16 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.7D880C76A285A41284D862E2D798EC0D] - 07/09/2010 - 15:47:19 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.69823954BBD461A73D69774928C9737E] - 07/09/2010 - 15:47:46 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 07/09/2010 - 15:52:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.095ED820A926AA8189180B305E1BCFC9] - 07/09/2010 - 15:52:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.F5FC6AC1E7BC776871361D463FC86BE2] - 07/06/2006 - 22:08:56 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.92A964547B96D697E5E9ED43B4297F5A] - 15/10/2004 - 04:50:20 ---A- . (.Brother Industries Ltd. - Brother USB Scanner Driver.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 02/03/2006 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 27/10/2010 - 13:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\frvjktp.sys
O58 - SDL:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 08/09/2010 - 13:59:42 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 02/03/2006 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 0
Re
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Re
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
