PhysicalDrive0 Controlled by rootkit

allé jawaryinti prends le ;)

Merci beaucoup pour la réponse si rapide !
J'ai du éteindre le pc, mais je fais ça demain dès que je peux et je poste le tout.

D'accord à demain pour le résultat

C'est fait :)
http://up.sur-la-toile.com/iMYu

D'accord merci merci merci encore de m'accorder du temps !

Bonjour !
J'essaye d'être la plus vigilante possible, mais toute ma famille utilise l'ordinateur, et tout le monde fait un peu n'importe quoi, donc c'est un peu compliqué. Voilà le rapport :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:48:06 le 18/05/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
TommyTOMMY ( )

============== RECHERCHE ==============


Fichier trouvé: C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default\searchplugins\ask.xml
Dossier trouvé: C:\Documents and Settings\Tommy\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Documents and Settings\Lena\Application Data\Dealio
Dossier trouvé: C:\Program Files\webHancer

-- Fichier ouvert: C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask");
Ligne trouvée: user_pref("browser.search.order.1", "Ask");
Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne trouvée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&g...
Ligne trouvée: user_pref("keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A}
Clé trouvée: HKLM\Software\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD}
Clé trouvée: HKLM\Software\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514}
Clé trouvée: HKLM\Software\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960}
Clé trouvée: HKLM\Software\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{A471012F-E2E5-48EB-9A8B-9D4090B1D0C7}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Dealio.CDealioSidebar
Clé trouvée: HKLM\Software\Classes\Dealio.CDealioSidebar.1
Clé trouvée: HKLM\Software\Classes\Dealio.DealioBHO
Clé trouvée: HKLM\Software\Classes\Dealio.DealioBHO.1
Clé trouvée: HKLM\Software\Classes\Dealio.DealioSearch
Clé trouvée: HKLM\Software\Classes\Dealio.DealioSearch.1
Clé trouvée: HKLM\Software\Classes\Dealio.DealioToolbar
Clé trouvée: HKLM\Software\Classes\Dealio.DealioToolbar.1
Clé trouvée: HKLM\Software\Classes\Dealio.DealioToolbarHelper
Clé trouvée: HKLM\Software\Classes\Dealio.DealioToolbarHelper.1
Clé trouvée: HKLM\Software\Classes\Sidebar.SESidebar
Clé trouvée: HKLM\Software\Classes\Sidebar.SESidebar.1
Clé trouvée: HKLM\Software\Classes\Sidebar.SidebarLogic
Clé trouvée: HKLM\Software\Classes\Sidebar.SidebarLogic.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2583879
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
Clé trouvée: HKCU\Software\AppDataLow\AskSA
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default --
Extensions\2020Player 2020Technologies.com (20-20 3D Viewer)
Searchplugins\ask.xml (?)
Prefs.js - browser.download.lastDir, G:\\Manon\\0 ROCK 6 0
Prefs.js - browser.search.defaultenginename, Ask
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\p73f0twj.default --
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.18

-- C:\Documents and Settings\Laurence\Application Data\Mozilla\FireFox\Profiles\bcaf8yub.default --
Prefs.js - browser.download.lastDir, G:\\Manon
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.16

-- C:\Documents and Settings\Lena\Application Data\Mozilla\FireFox\Profiles\2ss05jkv.default --
Extensions\ffxtlbr babylon.com (Babylon)
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c4484f690000000000000007e984ef91&tlver=1.4.19.19&instlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB} (x)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Tom's Guide France Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} - "Ask Search" (hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&tool...)
HKCU_Toolbar\ShellBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} (x)
HKCU_Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} (x)
HKCU_Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 18/05/2011 13:48:17 (6787 Octet(s))

Fin à: 13:49:24, 18/05/2011

============== E.O.F ==============

Je vais essayer de les surveillez le plus possible. En attendant, le rapport :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 13:59:06 le 18/05/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Tommy TOMMY ( )

============== ACTION(S) ==============


Fichier supprimé: C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default\searchplugins\ask.xml
Dossier supprimé: C:\Documents and Settings\Tommy\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Documents and Settings\Lena\Application Data\Dealio
Dossier supprimé: C:\Program Files\webHancer

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default\Prefs.js --
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask");
Ligne supprimée: user_pref("browser.search.order.1", "Ask");
Ligne supprimée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne supprimée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&g...
Ligne supprimée: user_pref("keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=");
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A}
Clé supprimée: HKLM\Software\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD}
Clé supprimée: HKLM\Software\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514}
Clé supprimée: HKLM\Software\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960}
Clé supprimée: HKLM\Software\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2}
Clé supprimée: HKLM\Software\Classes\TypeLib\{A471012F-E2E5-48EB-9A8B-9D4090B1D0C7}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Dealio.CDealioSidebar
Clé supprimée: HKLM\Software\Classes\Dealio.CDealioSidebar.1
Clé supprimée: HKLM\Software\Classes\Dealio.DealioBHO
Clé supprimée: HKLM\Software\Classes\Dealio.DealioBHO.1
Clé supprimée: HKLM\Software\Classes\Dealio.DealioSearch
Clé supprimée: HKLM\Software\Classes\Dealio.DealioSearch.1
Clé supprimée: HKLM\Software\Classes\Dealio.DealioToolbar
Clé supprimée: HKLM\Software\Classes\Dealio.DealioToolbar.1
Clé supprimée: HKLM\Software\Classes\Dealio.DealioToolbarHelper
Clé supprimée: HKLM\Software\Classes\Dealio.DealioToolbarHelper.1
Clé supprimée: HKLM\Software\Classes\Sidebar.SESidebar
Clé supprimée: HKLM\Software\Classes\Sidebar.SESidebar.1
Clé supprimée: HKLM\Software\Classes\Sidebar.SidebarLogic
Clé supprimée: HKLM\Software\Classes\Sidebar.SidebarLogic.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2583879
Clé supprimée: HKLM\Software\AskBarDis
Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
Clé supprimée: HKCU\Software\AppDataLow\AskSA
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Tommy\Application Data\Mozilla\FireFox\Profiles\d0r6l0pr.default --
Extensions\2020Player 2020Technologies.com (20-20 3D Viewer)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Tommy\\Bureau
Prefs.js - browser.search.defaultenginename, Ask
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\p73f0twj.default --
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.18

-- C:\Documents and Settings\Laurence\Application Data\Mozilla\FireFox\Profiles\bcaf8yub.default --
Prefs.js - browser.download.lastDir, G:\\Manon
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.16

-- C:\Documents and Settings\Lena\Application Data\Mozilla\FireFox\Profiles\2ss05jkv.default --
Extensions\ffxtlbr babylon.com (Babylon)
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c4484f690000000000000007e984ef91&tlver=1.4.19.19&instlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 279 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 18/05/2011 13:59:11 (1406 Octet(s))
C:\Ad-Report-SCAN[1].txt - 18/05/2011 13:48:17 (7191 Octet(s))

Fin à: 14:00:25, 18/05/2011

============== E.O.F ==============

http://up.sur-la-toile.com/iMZh

Bonsoir !
Je ne trouve pas agai.sys !

Envoie celui là : c:\windows\system32\imm32.dll

http://virusscan.jotti.org/fr/scanresult/06ad73f6b21bf9ad2ffdd99f74e69a7c4538bf8c

ouais ComboFix s'affole pour rien ^^

peux tu faire un clic droit > modifier sur C:\copymbr.bat
et me coller le contenu ici?

@ECHO OFF
cd c:\
start remover.exe dump \\.\PhysicalDrive0 tralala
EXIT

Bonsoir Juju
Il possède déjà ZHPDiag
Manong, refait ZHPDiag et héberge le rapport et donne le lien

ah te revoilà ^^

bonne suite :p

En fait, "elle" possède déjà ZHP Diag :)
Et voici le lien du rapport :

http://up.sur-la-toile.com/iN0P

@Juju
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-


O42 - Logiciel: Adobe Reader 8.1.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160060}

Les valeurs de registre doivent être supprimées après avoir mis à jour les logiciels, car la
valeur de registre va se réinstaller

Merci d'avoir pris le relai juju666 !

Voici le lien !
http://up.sur-la-toile.com/iN7R

Bonsoir ! Désolée je n'ai pas pu faire tout avant ajourd'hui !
Voici le rapport ZHPFix :

Rapport de ZHPDiag v1.27.21 par Nicolas Coolman, Update du 21/05/2011
Run by Tommy at 21/05/2011 22:41:09
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 4.0.1 v4.0.1

---\\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 15 Model 2 Stepping 7, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 767 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (12%) free of 49 GB

---\\ Logged in mode
Computer Name: TOMMY
User Name: Tommy
All Users Names: Tommy, SUPPORT_388945a0, Lena, Laurence, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Tommy\Application Data
%LocalAppData%=C:\Documents and Settings\Tommy\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Tommy\Menu Démarrer

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 49 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 52 Go of 149 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.77C66BD5CED4E555919A5FB713322CDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/02/2011 00:05:48.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]



---\\ Processus lancés
[MD5.25FB74EABCE5EC7836BA3CFB3C58449A] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.F2060A34C8A75BC24A9222EB4F8C07BD] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [349472]
[MD5.890369AED0DDE1A98F09F7DC239CA2BD] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [152984]
[MD5.A2D390F1F2408B94EF34BFE3A00C29D3] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [148888]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [3396624]
[MD5.43722D15C8A955A8130ACD3151178CE5] - (.Creative Technology Ltd. - DevLdr32.) -- C:\WINDOWS\system32\devldr32.exe [24064]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472]
[MD5.E51BD095B2FDF56B17EE010BB794D6ED] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820520]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.AF2A4686F7B696A3952F40350CC37DD3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [657408]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
P2 - FPN: [HKLM] [microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKCU] [adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
M0 - MFSP: prefs.js [Tommy - d0r6l0pr.default] http://www.google.fr/
M2 - MFEP: prefs.js [Tommy - d0r6l0pr.default\2020Player2020Technologies.com] [] Visualisateur 3D de 20-20 v4.5.4.0 (.20-20 Technologies.)
M2 - MFEP: prefs.js [Tommy - d0r6l0pr.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.1 (.Microsoft.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-1343024091-1078145449-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-1343024091-1078145449-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19048 (longhorn_ie8_gdr.110221-1700)) -- C:\WINDOWS\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\Tommy\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS3\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Pas de propriétaire - Pas de description.) -- WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8.1.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {853A4763-6643-4604-8D64-28BDD8925F4C}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {CACAEB5F-174D-4C7C-AC56-A33289A807CA}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {C2E4B5BD-32DB-4817-A060-341AB17C3F90}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Intel(R) PRO Ethernet Adapter and Software - (.Pas de propriétaire.) [HKLM] -- PROSet
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160060}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
O42 - Logiciel: K-Lite Codec Pack 3.4.5 Full - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.) [HKLM] -- {56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95120000-0122-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: OpenOffice.org 2.3 - (.OpenOffice.org.) [HKLM] -- {FADB55D0-403F-4413-A268-CF0A6F1185C2}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Safari - (.Apple Inc..) [HKLM] -- {6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2466156) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CEF209AB-F96D-404F-B5CC-44057C057CA3}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2509488) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD0DE453-0804-4495-9C91-33D0F9AA5463}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2464583) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2509470) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1365864D-4C58-489D-9982-844D75691CCC}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2536413) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{95DF5260-331D-4FFD-A2D5-C64164751945}
O42 - Logiciel: Utilitaire de configuration iPhone - (.Apple Inc..) [HKLM] -- {FA54AFB1-5745-4389-B8C1-9F7509672ED1}
O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live OneCare safety scanner - (.Pas de propriétaire.) [HKLM] -- Windows Live OneCare safety scanner
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {F59A9E08-A6A4-4ACF-91F2-D0344956C30B}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Aurigma]
[HKCU\Software\Bugsplat]
[HKCU\Software\CDDB]
[HKCU\Software\CREATIVE TECH]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreVorbis]
[HKCU\Software\Cucusoft, Inc.]
[HKCU\Software\Cyberlink]
[HKCU\Software\DSP-worx]
[HKCU\Software\DVDVideoSoft]
[HKCU\Software\DivXNetworks]
[HKCU\Software\FotoWire]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Iris]
[HKCU\Software\Jasc]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\PT25DHYRAW]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trafficninja]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veoh]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\eBay]
[HKCU\Software\yahooinstall]
[HKLM\Software\781]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Audible]
[HKLM\Software\BroadJump]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\CLSYSTEM]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec tweak Tool]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cyberlink]
[HKLM\Software\DVDVideoSoft]
[HKLM\Software\DivXNetworks]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HPS]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\I.R.I.S.]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Ktdxgcor]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\Matrox]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\Ntpad]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Rainbow Technologies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Reviversoft]
[HKLM\Software\S3R521]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SoundFont]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/11/2008 - 17:33:34 - [128796416] ----D- C:\Program Files\Adobe
O43 - CFD: 13/07/2010 - 13:32:38 - [156388801] ----D- C:\Program Files\Alwil Software
O43 - CFD: 27/09/2008 - 08:40:08 - [2221118] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 26/06/2010 - 18:45:16 - [4859926] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 14/05/2011 - 01:20:00 - [620967] ----D- C:\Program Files\Bonjour
O43 - CFD: 27/04/2011 - 20:27:56 - [3704864] ----D- C:\Program Files\CCleaner
O43 - CFD: 08/05/2009 - 22:59:28 - [1005568] ----D- C:\Program Files\Common Files
O43 - CFD: 19/09/2007 - 17:24:50 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 13/04/2011 - 20:42:14 - [14216193] ----D- C:\Program Files\Cucusoft
O43 - CFD: 14/05/2009 - 23:58:44 - [2916264] ----D- C:\Program Files\DIFX
O43 - CFD: 15/05/2011 - 18:01:14 - [1890602] ----D- C:\Program Files\DivX
O43 - CFD: 18/05/2011 - 21:31:46 - [735423275] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 30/04/2011 - 14:50:56 - [3783584] ----D- C:\Program Files\Google
O43 - CFD: 24/04/2011 - 22:01:26 - [368640] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 15/04/2011 - 21:21:44 - [5649624] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 14/05/2011 - 01:28:10 - [1856627] ----D- C:\Program Files\iPod
O43 - CFD: 14/05/2011 - 01:29:42 - [128197016] ----D- C:\Program Files\iTunes
O43 - CFD: 02/06/2009 - 13:14:34 - [237134287] ----D- C:\Program Files\Java
O43 - CFD: 19/09/2007 - 18:26:48 - [26123917] ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 30/04/2011 - 13:35:06 - [77214238] ----D- C:\Program Files\LimeWire
O43 - CFD: 30/04/2011 - 13:36:28 - [0] ----D- C:\Program Files\Logitech
O43 - CFD: 25/04/2011 - 21:27:38 - [4922237] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 22/03/2010 - 23:02:16 - [2147758] ----D- C:\Program Files\Messenger
O43 - CFD: 09/12/2009 - 19:45:02 - [728627] ----D- C:\Program Files\Microsoft
O43 - CFD: 10/03/2008 - 15:07:06 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 19/09/2007 - 17:28:16 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 13/05/2008 - 20:57:04 - [561454552] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 09/12/2009 - 19:50:10 - [1559148] ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD: 21/04/2011 - 19:59:10 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 08/05/2009 - 23:10:44 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 13/05/2008 - 20:56:58 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 02/12/2009 - 00:56:52 - [3726168] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 22/08/2010 - 21:17:32 - [10374874] ----D- C:\Program Files\Movie Maker
O43 - CFD: 15/05/2011 - 18:01:14 - [32638570] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 15/08/2009 - 02:01:28 - [26521] ----D- C:\Program Files\MSBuild
O43 - CFD: 15/05/2011 - 18:02:56 - [19278399] ----D- C:\Program Files\MSN
O43 - CFD: 19/09/2007 - 17:24:32 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 14/11/2007 - 16:42:08 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 15/08/2009 - 01:57:00 - [6849] ----D- C:\Program Files\MSXML 6.0
O43 - CFD: 21/03/2010 - 14:37:18 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 19/09/2007 - 17:24:40 - [1804] ----D- C:\Program Files\Online Services
O43 - CFD: 07/11/2007 - 16:59:50 - [319687453] ----D- C:\Program Files\OpenOffice.org 2.3
O43 - CFD: 16/12/2010 - 21:53:02 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 30/01/2011 - 17:40:40 - [76322555] ----D- C:\Program Files\QuickTime
O43 - CFD: 15/08/2009 - 02:01:16 - [36400897] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 30/01/2011 - 17:46:02 - [42293335] ----D- C:\Program Files\Safari
O43 - CFD: 19/09/2007 - 17:26:34 - [1025] ----D- C:\Program Files\Services en ligne
O43 - CFD: 19/09/2007 - 17:33:48 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 24/09/2009 - 17:30:06 - [23509198] ----D- C:\Program Files\Utilitaire de configuration iPhone
O43 - CFD: 09/12/2009 - 19:49:00 - [130598388] ----D- C:\Program Files\Windows Live
O43 - CFD: 15/07/2009 - 12:41:12 - [44923857] ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD: 08/05/2009 - 23:08:04 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 14/12/2007 - 12:56:04 - [0] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 08/07/2010 - 19:30:00 - [5142414] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 15/05/2011 - 20:46:42 - [1611264] ----D- C:\Program Files\Windows NT
O43 - CFD: 19/09/2007 - 17:26:36 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 24/09/2007 - 20:30:10 - [4235318] ----D- C:\Program Files\Winrar
O43 - CFD: 19/09/2007 - 17:28:16 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 21/05/2011 - 22:41:20 - [6444538] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 20/09/2007 - 20:12:44 - [1005568] ----D- C:\Program Files\Common Files\Motive
O43 - CFD: 18/05/2011 - 14:56:46 - [4530200] --H-D- C:\Documents and Settings\Tommy\Application Data\Adobe
O43 - CFD: 29/05/2010 - 18:34:02 - [53248] --H-D- C:\Documents and Settings\Tommy\Application Data\AdSigner
O43 - CFD: 27/09/2008 - 14:49:44 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Alchemy Mindworks
O43 - CFD: 27/11/2010 - 11:59:48 - [9459425401] --H-D- C:\Documents and Settings\Tommy\Application Data\Apple Computer
O43 - CFD: 10/08/2009 - 13:10:58 - [37265] --H-D- C:\Documents and Settings\Tommy\Application Data\AVS4YOU
O43 - CFD: 16/04/2011 - 19:19:06 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\BabylonToolbar
O43 - CFD: 13/04/2011 - 20:50:02 - [1462] --H-D- C:\Documents and Settings\Tommy\Application Data\DiskAid
O43 - CFD: 24/11/2008 - 14:11:28 - [13368] --H-D- C:\Documents and Settings\Tommy\Application Data\DivX
O43 - CFD: 04/04/2011 - 20:50:56 - [1323008] --H-D- C:\Documents and Settings\Tommy\Application Data\DTencryptor-H
O43 - CFD: 31/12/2010 - 17:32:26 - [1323008] --H-D- C:\Documents and Settings\Tommy\Application Data\DTencryptor-I
O43 - CFD: 28/10/2007 - 15:29:34 - [33039] --H-D- C:\Documents and Settings\Tommy\Application Data\Google
O43 - CFD: 22/03/2009 - 15:15:00 - [51795] --H-D- C:\Documents and Settings\Tommy\Application Data\HP
O43 - CFD: 19/09/2007 - 17:33:52 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Identities
O43 - CFD: 13/04/2011 - 20:43:00 - [4767209] --H-D- C:\Documents and Settings\Tommy\Application Data\iPhone Tool Kits
O43 - CFD: 27/09/2008 - 18:07:28 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Jasc
O43 - CFD: 24/03/2011 - 00:29:54 - [103111644] --H-D- C:\Documents and Settings\Tommy\Application Data\LimeWire
O43 - CFD: 21/09/2007 - 19:47:12 - [1931224] --H-D- C:\Documents and Settings\Tommy\Application Data\Macromedia
O43 - CFD: 25/04/2011 - 22:16:46 - [14468] ----D- C:\Documents and Settings\Tommy\Application Data\Malwarebytes
O43 - CFD: 20/09/2007 - 13:00:00 - [95] --H-D- C:\Documents and Settings\Tommy\Application Data\Media Player Classic
O43 - CFD: 05/09/2010 - 14:54:18 - [9090716] -S--D- C:\Documents and Settings\Tommy\Application Data\Microsoft
O43 - CFD: 13/11/2008 - 16:13:50 - [475096] --H-D- C:\Documents and Settings\Tommy\Application Data\Mostick
O43 - CFD: 29/08/2008 - 16:30:00 - [24591694] --H-D- C:\Documents and Settings\Tommy\Application Data\Mozilla
O43 - CFD: 15/05/2011 - 18:02:54 - [327] ----D- C:\Documents and Settings\Tommy\Application Data\MSNInstaller
O43 - CFD: 12/12/2007 - 20:39:14 - [101085] --H-D- C:\Documents and Settings\Tommy\Application Data\Nero
O43 - CFD: 01/05/2011 - 10:44:52 - [1714947] --H-D- C:\Documents and Settings\Tommy\Application Data\OpenOffice.org2
O43 - CFD: 08/07/2010 - 18:59:06 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Samsung
O43 - CFD: 20/03/2011 - 22:42:58 - [5339941] --H-D- C:\Documents and Settings\Tommy\Application Data\Skype
O43 - CFD: 20/03/2011 - 22:12:32 - [12536] --H-D- C:\Documents and Settings\Tommy\Application Data\skypePM
O43 - CFD: 04/05/2008 - 19:31:24 - [9925952] --H-D- C:\Documents and Settings\Tommy\Application Data\Sun
O43 - CFD: 08/06/2008 - 10:11:10 - [45056] --H-D- C:\Documents and Settings\Tommy\Application Data\TaoUSign
O43 - CFD: 09/12/2009 - 20:37:06 - [18188499] --H-D- C:\Documents and Settings\Tommy\Application Data\Thinstall
O43 - CFD: 17/09/2010 - 22:15:56 - [3604480] --H-D- C:\Documents and Settings\Tommy\Application Data\U3
O43 - CFD: 27/04/2011 - 22:27:26 - [9164] ----D- C:\Documents and Settings\Tommy\Application Data\WindSolutions
O43 - CFD: 13/02/2010 - 18:24:32 - [392942] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Adobe
O43 - CFD: 12/12/2007 - 20:51:56 - [2756426] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Ahead
O43 - CFD: 21/09/2007 - 20:44:46 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Apple
O43 - CFD: 27/11/2010 - 11:59:48 - [115339645] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Apple Computer
O43 - CFD: 10/08/2009 - 13:11:40 - [3966] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\ApplicationHistory
O43 - CFD: 15/05/2011 - 16:42:24 - [83707] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Google
O43 - CFD: 22/03/2009 - 15:13:46 - [8892585] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\HP
O43 - CFD: 23/10/2007 - 17:59:48 - [303396] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Identities
O43 - CFD: 20/09/2007 - 20:11:54 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Logitech-LS
O43 - CFD: 02/05/2011 - 22:47:00 - [333720244] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft
O43 - CFD: 13/05/2008 - 20:51:48 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft Help
O43 - CFD: 13/11/2008 - 16:13:50 - [580004] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Mostick
O43 - CFD: 14/04/2008 - 19:35:58 - [109298202] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Mozilla
O43 - CFD: 09/03/2008 - 17:25:34 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\PCHealth
O43 - CFD: 27/04/2011 - 20:28:36 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Temp



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7F7AE8DA948DB614ED3ADEA99AE1E6AE] - 21/05/2011 - 21:28:05 ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.tmp [1324]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 21/05/2011 - 21:02:51 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1118424]
O44 - LFC:[MD5.68AD2475739952AAEB5194C739D2B2DF] - 21/05/2011 - 15:58:53 ---A- . (...) -- C:\WINDOWS\setupapi.log [22601]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/05/2011 - 15:58:52 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 21/05/2011 - 15:58:22 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 21/05/2011 - 15:58:22 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 21/05/2011 - 15:57:59 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.D28DAF9AE85ECA769869D64C257DF485] - 21/05/2011 - 14:46:55 ---A- . (...) -- C:\WINDOWS\KB979687.log [12376]
O44 - LFC:[MD5.36FCE79A750B6ADCB0257A58E89AF940] - 21/05/2011 - 14:46:14 ---A- . (...) -- C:\WINDOWS\KB978706.log [12001]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 21/05/2011 - 10:49:37 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32520]
O44 - LFC:[MD5.103D0C47794104B6B58A249000076422] - 21/05/2011 - 10:49:32 ---A- . (...) -- C:\WINDOWS\KB2485663.log [8481]
O44 - LFC:[MD5.B668C3D052FE4749E94A1DCC207B3F13] - 21/05/2011 - 10:48:53 ---A- . (...) -- C:\WINDOWS\KB973904.log [8468]
O44 - LFC:[MD5.13E839A1DE6DBABE2FEC8C363F099D4E] - 21/05/2011 - 10:48:13 ---A- . (...) -- C:\WINDOWS\KB923561.log [8468]
O44 - LFC:[MD5.4022377A7F2CDAC1D57557C3D75562CB] - 18/05/2011 - 20:43:47 ---A- . (...) -- C:\ComboFix.txt [11028]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/05/2011 - 20:37:45 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.499EF3AE8D9F4244E61811F99EA17993] - 18/05/2011 - 20:25:52 ---A- . (...) -- C:\CF-Submit.htm [1276]
O44 - LFC:[MD5.88633907E9A7090974B545F46850423D] - 18/05/2011 - 13:45:27 RSHA- . (...) -- C:\boot.ini [328]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 18/05/2011 - 13:38:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.C790B08C6F0405499F813167DE1D48D0] - 18/05/2011 - 13:21:16 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.43847A56AEE65BEC2EBCF96519616E27] - 01/05/2011 - 10:14:57 ---A- . (...) -- C:\WINDOWS\System32\d3d8caps.dat [552]
O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 25/04/2011 - 20:27:35 R--A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 25/04/2011 - 20:27:32 R--A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 08/11/2010 - 00:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (...) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.775E188DD15C9AC9E735A556FB95578E] - 19/09/2007 - 16:23:18 ---A- . (...) -- C:\Boot.bak [212]
O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 03/08/2004 - 22:00:08 RSHA- . (...) -- C:\cmldr [263488]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [Enabled] .(.Pas de propriétaire - P

Et le ZHPDiag après redémarrage :

Rapport de ZHPDiag v1.27.21 par Nicolas Coolman, Update du 21/05/2011
Run by Tommy at 24/05/2011 21:20:20
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 4.0.1 v4.0.1

---\\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 15 Model 2 Stepping 7, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 767 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (11%) free of 49 GB

---\\ Logged in mode
Computer Name: TOMMY
User Name: Tommy
All Users Names: Tommy, SUPPORT_388945a0, Lena, Laurence, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Tommy\Application Data
%LocalAppData%=C:\Documents and Settings\Tommy\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Tommy\Menu Démarrer

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 49 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 52 Go of 149 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.77C66BD5CED4E555919A5FB713322CDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/02/2011 00:05:48.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]



---\\ Processus lancés
[MD5.25FB74EABCE5EC7836BA3CFB3C58449A] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.13B19DD5EBEB6FDDBD11DD77490A3585] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253672]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [3396624]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.F2060A34C8A75BC24A9222EB4F8C07BD] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [349472]
[MD5.11C3EFB4BAC41175D03B1595DB1A4A4F] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472]
[MD5.43722D15C8A955A8130ACD3151178CE5] - (.Creative Technology Ltd. - DevLdr32.) -- C:\WINDOWS\system32\devldr32.exe [24064]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.9950380DD31FB50D18C02DAC635B1EB3] - (.Microsoft Corporation - Installation du Service Pack Windows.) -- C:\WINDOWS\SoftwareDistribution\Download\65e2b3a83ab21dd9a0a82631c6a532c8\update\update.exe [767352]
[MD5.AF2A4686F7B696A3952F40350CC37DD3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [657408]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Tommy] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_25 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
P2 - FPN: [HKLM] [microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKCU] [adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
M0 - MFSP: prefs.js [Tommy - d0r6l0pr.default] http://www.google.fr/
M2 - MFEP: prefs.js [Tommy - d0r6l0pr.default\2020Player2020Technologies.com] [] Visualisateur 3D de 20-20 v4.5.4.0 (.20-20 Technologies.)
M2 - MFEP: prefs.js [Tommy - d0r6l0pr.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.1 (.Microsoft.)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-1343024091-1078145449-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-1343024091-1078145449-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19048 (longhorn_ie8_gdr.110221-1700)) -- C:\WINDOWS\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA0000000001}\SC_Reader.ico
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\Tommy\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CS3\Services\Tcpip\..\{510CFE70-90C9-49FE-A5CE-B24EB46787DD}: DhcpDomain = numericable.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Pas de propriétaire - Pas de description.) -- WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {853A4763-6643-4604-8D64-28BDD8925F4C}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {CACAEB5F-174D-4C7C-AC56-A33289A807CA}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {C2E4B5BD-32DB-4817-A060-341AB17C3F90}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Intel(R) PRO Ethernet Adapter and Software - (.Pas de propriétaire.) [HKLM] -- PROSet
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 25 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: Java(TM) 6 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160060}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
O42 - Logiciel: K-Lite Codec Pack 3.4.5 Full - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.) [HKLM] -- {56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95120000-0122-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: OpenOffice.org 2.3 - (.OpenOffice.org.) [HKLM] -- {FADB55D0-403F-4413-A268-CF0A6F1185C2}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452
O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Safari - (.Apple Inc..) [HKLM] -- {6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2466156) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CEF209AB-F96D-404F-B5CC-44057C057CA3}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2509488) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD0DE453-0804-4495-9C91-33D0F9AA5463}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2464583) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2509470) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1365864D-4C58-489D-9982-844D75691CCC}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2536413) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{95DF5260-331D-4FFD-A2D5-C64164751945}
O42 - Logiciel: Utilitaire de configuration iPhone - (.Apple Inc..) [HKLM] -- {FA54AFB1-5745-4389-B8C1-9F7509672ED1}
O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live OneCare safety scanner - (.Pas de propriétaire.) [HKLM] -- Windows Live OneCare safety scanner
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {F59A9E08-A6A4-4ACF-91F2-D0344956C30B}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Aurigma]
[HKCU\Software\Bugsplat]
[HKCU\Software\CDDB]
[HKCU\Software\CREATIVE TECH]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreVorbis]
[HKCU\Software\Cucusoft, Inc.]
[HKCU\Software\Cyberlink]
[HKCU\Software\DSP-worx]
[HKCU\Software\DVDVideoSoft]
[HKCU\Software\DivXNetworks]
[HKCU\Software\FotoWire]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Iris]
[HKCU\Software\Jasc]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Samsung]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trafficninja]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veoh]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\eBay]
[HKCU\Software\yahooinstall]
[HKLM\Software\781]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Audible]
[HKLM\Software\BroadJump]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\CLSYSTEM]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec tweak Tool]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cyberlink]
[HKLM\Software\DVDVideoSoft]
[HKLM\Software\DivXNetworks]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HPS]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\I.R.I.S.]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Ktdxgcor]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MarkAny]
[HKLM\Software\Matrox]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\Ntpad]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Rainbow Technologies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Reviversoft]
[HKLM\Software\S3R521]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SoundFont]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/05/2011 - 21:01:20 - [114255585] ----D- C:\Program Files\Adobe
O43 - CFD: 13/07/2010 - 13:32:38 - [156773270] ----D- C:\Program Files\Alwil Software
O43 - CFD: 27/09/2008 - 08:40:08 - [2221118] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 26/06/2010 - 18:45:16 - [4859926] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 14/05/2011 - 01:20:00 - [620967] ----D- C:\Program Files\Bonjour
O43 - CFD: 27/04/2011 - 20:27:56 - [3704864] ----D- C:\Program Files\CCleaner
O43 - CFD: 08/05/2009 - 22:59:28 - [1005568] ----D- C:\Program Files\Common Files
O43 - CFD: 19/09/2007 - 17:24:50 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 13/04/2011 - 20:42:14 - [14216193] ----D- C:\Program Files\Cucusoft
O43 - CFD: 14/05/2009 - 23:58:44 - [2916264] ----D- C:\Program Files\DIFX
O43 - CFD: 15/05/2011 - 18:01:14 - [1890602] ----D- C:\Program Files\DivX
O43 - CFD: 18/05/2011 - 21:31:46 - [729303644] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 30/04/2011 - 14:50:56 - [3783584] ----D- C:\Program Files\Google
O43 - CFD: 24/04/2011 - 22:01:26 - [368640] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 15/04/2011 - 21:21:44 - [5793384] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 14/05/2011 - 01:28:10 - [1856627] ----D- C:\Program Files\iPod
O43 - CFD: 14/05/2011 - 01:29:42 - [128197016] ----D- C:\Program Files\iTunes
O43 - CFD: 24/05/2011 - 21:08:26 - [238748521] ----D- C:\Program Files\Java
O43 - CFD: 19/09/2007 - 18:26:48 - [26123917] ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 30/04/2011 - 13:35:06 - [77214238] ----D- C:\Program Files\LimeWire
O43 - CFD: 30/04/2011 - 13:36:28 - [0] ----D- C:\Program Files\Logitech
O43 - CFD: 25/04/2011 - 21:27:38 - [4922237] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 22/03/2010 - 23:02:16 - [2147758] ----D- C:\Program Files\Messenger
O43 - CFD: 09/12/2009 - 19:45:02 - [728627] ----D- C:\Program Files\Microsoft
O43 - CFD: 10/03/2008 - 15:07:06 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 19/09/2007 - 17:28:16 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 13/05/2008 - 20:57:04 - [561454552] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 09/12/2009 - 19:50:10 - [1559148] ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD: 21/04/2011 - 19:59:10 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 08/05/2009 - 23:10:44 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 13/05/2008 - 20:56:58 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 02/12/2009 - 00:56:52 - [3726168] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 22/08/2010 - 21:17:32 - [10374874] ----D- C:\Program Files\Movie Maker
O43 - CFD: 15/05/2011 - 18:01:14 - [33259279] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 15/08/2009 - 02:01:28 - [26521] ----D- C:\Program Files\MSBuild
O43 - CFD: 15/05/2011 - 18:02:56 - [19278399] ----D- C:\Program Files\MSN
O43 - CFD: 19/09/2007 - 17:24:32 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 14/11/2007 - 16:42:08 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 15/08/2009 - 01:57:00 - [6849] ----D- C:\Program Files\MSXML 6.0
O43 - CFD: 21/03/2010 - 14:37:18 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 19/09/2007 - 17:24:40 - [1804] ----D- C:\Program Files\Online Services
O43 - CFD: 07/11/2007 - 16:59:50 - [319687453] ----D- C:\Program Files\OpenOffice.org 2.3
O43 - CFD: 16/12/2010 - 21:53:02 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 30/01/2011 - 17:40:40 - [76322555] ----D- C:\Program Files\QuickTime
O43 - CFD: 15/08/2009 - 02:01:16 - [36400897] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 30/01/2011 - 17:46:02 - [42293335] ----D- C:\Program Files\Safari
O43 - CFD: 19/09/2007 - 17:26:34 - [1025] ----D- C:\Program Files\Services en ligne
O43 - CFD: 19/09/2007 - 17:33:48 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 24/09/2009 - 17:30:06 - [23509198] ----D- C:\Program Files\Utilitaire de configuration iPhone
O43 - CFD: 09/12/2009 - 19:49:00 - [130598388] ----D- C:\Program Files\Windows Live
O43 - CFD: 15/07/2009 - 12:41:12 - [44923857] ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD: 08/05/2009 - 23:08:04 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 14/12/2007 - 12:56:04 - [0] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 08/07/2010 - 19:30:00 - [5142414] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 15/05/2011 - 20:46:42 - [1611264] ----D- C:\Program Files\Windows NT
O43 - CFD: 19/09/2007 - 17:26:36 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 24/09/2007 - 20:30:10 - [4235318] ----D- C:\Program Files\Winrar
O43 - CFD: 19/09/2007 - 17:28:16 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 24/05/2011 - 21:20:30 - [6457524] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 20/09/2007 - 20:12:44 - [1005568] ----D- C:\Program Files\Common Files\Motive
O43 - CFD: 24/05/2011 - 21:03:38 - [4614329] --H-D- C:\Documents and Settings\Tommy\Application Data\Adobe
O43 - CFD: 29/05/2010 - 18:34:02 - [53248] --H-D- C:\Documents and Settings\Tommy\Application Data\AdSigner
O43 - CFD: 27/09/2008 - 14:49:44 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Alchemy Mindworks
O43 - CFD: 27/11/2010 - 11:59:48 - [9459425401] --H-D- C:\Documents and Settings\Tommy\Application Data\Apple Computer
O43 - CFD: 10/08/2009 - 13:10:58 - [37265] --H-D- C:\Documents and Settings\Tommy\Application Data\AVS4YOU
O43 - CFD: 13/04/2011 - 20:50:02 - [1462] --H-D- C:\Documents and Settings\Tommy\Application Data\DiskAid
O43 - CFD: 24/11/2008 - 14:11:28 - [13368] --H-D- C:\Documents and Settings\Tommy\Application Data\DivX
O43 - CFD: 04/04/2011 - 20:50:56 - [1323008] --H-D- C:\Documents and Settings\Tommy\Application Data\DTencryptor-H
O43 - CFD: 31/12/2010 - 17:32:26 - [1323008] --H-D- C:\Documents and Settings\Tommy\Application Data\DTencryptor-I
O43 - CFD: 28/10/2007 - 15:29:34 - [33039] --H-D- C:\Documents and Settings\Tommy\Application Data\Google
O43 - CFD: 22/03/2009 - 15:15:00 - [51795] --H-D- C:\Documents and Settings\Tommy\Application Data\HP
O43 - CFD: 19/09/2007 - 17:33:52 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Identities
O43 - CFD: 13/04/2011 - 20:43:00 - [4767209] --H-D- C:\Documents and Settings\Tommy\Application Data\iPhone Tool Kits
O43 - CFD: 27/09/2008 - 18:07:28 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Jasc
O43 - CFD: 24/03/2011 - 00:29:54 - [103111644] --H-D- C:\Documents and Settings\Tommy\Application Data\LimeWire
O43 - CFD: 21/09/2007 - 19:47:12 - [1931224] --H-D- C:\Documents and Settings\Tommy\Application Data\Macromedia
O43 - CFD: 25/04/2011 - 22:16:46 - [14468] ----D- C:\Documents and Settings\Tommy\Application Data\Malwarebytes
O43 - CFD: 20/09/2007 - 13:00:00 - [95] --H-D- C:\Documents and Settings\Tommy\Application Data\Media Player Classic
O43 - CFD: 24/05/2011 - 21:03:38 - [9090716] -S--D- C:\Documents and Settings\Tommy\Application Data\Microsoft
O43 - CFD: 13/11/2008 - 16:13:50 - [475096] --H-D- C:\Documents and Settings\Tommy\Application Data\Mostick
O43 - CFD: 29/08/2008 - 16:30:00 - [23563277] --H-D- C:\Documents and Settings\Tommy\Application Data\Mozilla
O43 - CFD: 15/05/2011 - 18:02:54 - [327] ----D- C:\Documents and Settings\Tommy\Application Data\MSNInstaller
O43 - CFD: 12/12/2007 - 20:39:14 - [101085] --H-D- C:\Documents and Settings\Tommy\Application Data\Nero
O43 - CFD: 01/05/2011 - 10:44:52 - [1714947] --H-D- C:\Documents and Settings\Tommy\Application Data\OpenOffice.org2
O43 - CFD: 08/07/2010 - 18:59:06 - [0] --H-D- C:\Documents and Settings\Tommy\Application Data\Samsung
O43 - CFD: 20/03/2011 - 22:42:58 - [5339941] --H-D- C:\Documents and Settings\Tommy\Application Data\Skype
O43 - CFD: 20/03/2011 - 22:12:32 - [12536] --H-D- C:\Documents and Settings\Tommy\Application Data\skypePM
O43 - CFD: 04/05/2008 - 19:31:24 - [10764124] --H-D- C:\Documents and Settings\Tommy\Application Data\Sun
O43 - CFD: 08/06/2008 - 10:11:10 - [45056] --H-D- C:\Documents and Settings\Tommy\Application Data\TaoUSign
O43 - CFD: 09/12/2009 - 20:37:06 - [18188499] --H-D- C:\Documents and Settings\Tommy\Application Data\Thinstall
O43 - CFD: 17/09/2010 - 22:15:56 - [3604480] --H-D- C:\Documents and Settings\Tommy\Application Data\U3
O43 - CFD: 27/04/2011 - 22:27:26 - [9164] ----D- C:\Documents and Settings\Tommy\Application Data\WindSolutions
O43 - CFD: 24/05/2011 - 20:59:58 - [15049450] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Adobe
O43 - CFD: 12/12/2007 - 20:51:56 - [2756426] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Ahead
O43 - CFD: 21/09/2007 - 20:44:46 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Apple
O43 - CFD: 27/11/2010 - 11:59:48 - [115339645] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Apple Computer
O43 - CFD: 10/08/2009 - 13:11:40 - [3966] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\ApplicationHistory
O43 - CFD: 15/05/2011 - 16:42:24 - [83707] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Google
O43 - CFD: 22/03/2009 - 15:13:46 - [8892585] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\HP
O43 - CFD: 23/10/2007 - 17:59:48 - [303396] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Identities
O43 - CFD: 20/09/2007 - 20:11:54 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Logitech-LS
O43 - CFD: 24/05/2011 - 21:03:38 - [333720244] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft
O43 - CFD: 13/05/2008 - 20:51:48 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft Help
O43 - CFD: 13/11/2008 - 16:13:50 - [580004] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Mostick
O43 - CFD: 14/04/2008 - 19:35:58 - [123792432] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Mozilla
O43 - CFD: 09/03/2008 - 17:25:34 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\PCHealth
O43 - CFD: 24/05/2011 - 21:03:38 - [0] --H-D- C:\Documents and Settings\Tommy\Local Settings\Application Data\Temp



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 24/05/2011 - 20:21:30 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1315256]
O44 - LFC:[MD5.FACF3606356EF34115D857906D449F13] - 24/05/2011 - 20:21:29 ---A- . (...) -- C:\WINDOWS\KB979687.log [22676]
O44 - LFC:[MD5.BF061DE0D9953E13B1BF3CB1314C9378] - 24/05/2011 - 20:21:12 ---A- . (...) -- C:\WINDOWS\setupapi.log [38016]
O44 - LFC:[MD5.0E7EE42092F2A5C24A77081FAD0CE306] - 24/05/2011 - 20:20:44 ---A- . (...) -- C:\WINDOWS\KB978706.log [22301]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/05/2011 - 20:17:55 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 24/05/2011 - 20:17:50 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 24/05/2011 - 20:17:49 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 24/05/2011 - 20:17:18 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.DCEE1200F915817C00FCFD7FB0EF1200] - 24/05/2011 - 20:16:23 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32520]
O44 - LFC:[MD5.E7D612EDCDCD622447B8DDE67A1848EB] - 24/05/2011 - 20:08:37 ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.tmp [1324]
O44 - LFC:[MD5.1299E5D605BD39CA828B8FFB68CC29CD] - 24/05/2011 - 20:08:27 ---A- . (.Sun Microsystems, Inc. - Java(TM) Control Panel.) -- C:\WINDOWS\System32\REN201.tmp [73728]
O44 - LFC:[MD5.C88C969B8E477E4297E4A65D66852BF3] - 24/05/2011 - 20:08:27 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808]
O44 - LFC:[MD5.B157E305260FF2A607591F33DE41BFCA] - 24/05/2011 - 20:08:27 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]
O44 - LFC:[MD5.364F7A2B4B535659F3B50DE5E5C20123] - 24/05/2011 - 20:08:27 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]
O44 - LFC:[MD5.A0AC7907D47B54238CA60FC47807F119] - 24/05/2011 - 20:08:27 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]
O44 - LFC:[MD5.D204CC2C8EC0998AD359AAD8A5CF9449] - 24/05/2011 - 20:08:24 ---A- . (...) -- C:\WINDOWS\System32\jupdate-1.6.0_25-b06.log [6844]
O44 - LFC:[MD5.2A253D605FB6AE64134FFACD90E03A9E] - 24/05/2011 - 20:06:04 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\jxpiinstall.exe [886560]
O44 - LFC:[MD5.9CF86ACE040B86AA2A45C7EE58862CBE] - 24/05/2011 - 19:51:35 ---A- . (.Adobe Systems Incorporated - Adobe Self Extractor.) -- C:\AdbeRdr1001_fr_FR.exe [47929240]
O44 - LFC:[MD5.7B7CB078E967092EDF3D2EB5780C1D30] - 24/05/2011 - 19:41:07 ---A- . (...) -- C:\ZHPExportRegistry-24-05-2011-20-41-07.txt [11808]
O44 - LFC:[MD5.800911EC419D5BCD192DF88D7FD21009] - 23/05/2011 - 21:53:18 ---A- . (...) -- C:\WINDOWS\KB2485663.log [12713]
O44 - LFC:[MD5.94FAC96C81819A69732C1FC490E986D1] - 23/05/2011 - 21:52:39 ---A- . (...) -- C:\WINDOWS\KB973904.log [12694]
O44 - LFC:[MD5.55189104170E637C97EB8808F01FF7FD] - 23/05/2011 - 21:51:58 ---A- . (...) -- C:\WINDOWS\KB923561.log [12694]
O44 - LFC:[MD5.4022377A7F2CDAC1D57557C3D75562CB] - 18/05/2011 - 20:43:47 ---A- . (...) -- C:\ComboFix.txt [11028]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/05/2011 - 20:37:45 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.499EF3AE8D9F4244E61811F99EA17993] - 18/05/2011 - 20:25:52 ---A- . (...) -- C:\CF-Submit.htm [1276]
O44 - LFC:[MD5.88633907E9A7090974B545F46850423D] - 18/05/2011 - 13:45:27 RSHA- . (...) -- C:\boot.ini [328]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 18/05/2011 - 13:38:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 18/05/2011 - 13:38:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.C790B08C6F0405499F813167DE1D48D0] - 18/05/2011 - 13:21:16 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.43847A56AEE65BEC2EBCF96519616E27] - 01/05/2011 - 10:14:57 ---A- . (...) -- C:\WINDOWS\System32\d3d8caps.dat [552]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 08/11/2010 - 00:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (...) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.775E188DD15C9AC9E735A556FB95578E] - 19/09/2007 - 16:23:18 ---A- . (...) -- C:\Boot.bak [212]
O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 03/08/2004 - 22:00:08 RSHA- . (...) -- C:\cmldr [263488]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\WINDOW

ZPHFix : http://up.sur-la-toile.com/iNfS

ZPHDiag : http://up.sur-la-toile.com/iNfT