aliuz virusFermé

Question

Bonjour, 
voici le rapport 
ZHPdiag


Rapport de ZHPDiag v1.27.2406 par Nicolas Coolman, Update du 12/07/2011
Run by Administrateur at 14/07/2011 14:16:18
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\ Web Browser
MSIE: Internet Explorer v7.0.5730.11
MFIE: Mozilla Firefox v (Defaut)

---\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
~ Boot mode: ~ Normal (Normal boot)
Total RAM: 1014 MB (66% free)
~ System Restore: Désactivé (Disabled)
System drive C: has 40 GB (53%) free of 75 GB

---\ Logged in mode
~ Computer Name: MADO
~ User Name: Administrateur
~ All Users Names: MAMAN DODO, IWAM_EDITION_CLASSIC, IUSR_EDITION_CLASSIC, HelpAssistant, ASPNET, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O82
~ Logged in as Administrator

---\ Environnement Variables
~ %AppData%=C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop%=C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites%=C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData%=C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu%=C:\Documents and Settings\Administrateur\Menu Démarrer\

---\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 40 Go of 75 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)



---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK



---\ Recherche particulière de fichiers génériques
[MD5.3EFE912DD25D2586E6A0341DB0A66F69] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [979968]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (....) (.14/07/2011 - 19:34:22.) -- C:\WINDOWS\system32undll32.exe [33792]
[MD5.898E4DAFB08336318C649A885C830E27] - (.Microsoft Corporation - Internet Extensions for Win32.) (.14/07/2011 - 01:35:22.) -- C:\WINDOWS\system32\wininet.dll [816128]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/07/2011 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/07/2011 - 11:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/07/2011 - 12:15:54.) -- C:\WINDOWS\system32\drivers
tfs.sys [574976]



---\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 5/266
~ Mes musiques (My Musics) : 2/124
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 70/2737
~ Mon Bureau (My Desktop) : 3/4760
~ Menu demarrer (Programs) : 5/39



---\ Processus lancés
[MD5.8408B80B5D1927D5063E1250EA5D9A78] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe   [119200]
[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe   [40384]
[MD5.9A9B4EC714444884B26F0F07A2D31756] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe   [196608]
[MD5.9C8B3FFAFF2AEBE24F5D7CA1DD8FF708] - (.AVAST Software - avast! antivirus Update.) -- C:\Program Files\Alwil Software\Avast5\setup\avast.setup   [3485480]
[MD5.6E15CAC2275E0B0A22E7EE9BAC30D7BA] - (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe   [280779]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe   [83608]
[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe   [2838912]
[MD5.F38092DE1D6A8CBB11B6B6D0F07E268E] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe   [135168]
[MD5.E44733C30F7FE6A1CE7A6B1D2B335CFC] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe   [159744]
[MD5.2889F25A9296C0579E8755861A01AB55] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\Apoint2K\Apntex.exe   [45056]
[MD5.1D4F13DBB57C5152FC9A5DABBCFC78B4] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe   [249856]
[MD5.2022C54B3A79A51C9538CE47D1F50BC3] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe   [131072]
[MD5.4AC28B51530D3A93B3F27EB7A72F575F] - (...) -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe   [630784]
[MD5.3FE5A84FAC62753A20F539BE3E7BFC56] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe   [15872]
[MD5.D358E077A0A05D9B12DA22D137EE8464] - (.Microsoft Corp. - Microsoft SeaPort Search Enhancement Broker.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe   [226656]
[MD5.478B314098276163EDD8FCD47CC15BE5] - (.Microsoft Corporation - Mises à jour automatiques.) -- C:\WINDOWS\system32\wuauclt.exe   [102400]
[MD5.00365B3515C30F66CDB938F6729F3D0C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [656896]
[MD5.5577D0E3AC2F9F035ACD81B44AF5F511] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE   [625152]
[MD5.20A098A4D12E49342228D3AFE98EAFDF] - (.Microsoft Corporation - Windows Live Toolbar User Elevation Helper.) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe   [223584]



---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\fh973otf.default\prefs.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins
pnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins
ppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com
phardwaredetection.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2852] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins
ppl3260.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.46] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins
ppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.1662] - (.RealNetworks, Inc. - 6.0.12.1662.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins
prpjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.46] - (.RealNetworks, Inc. - 6.0.12.1662.) -- C:\Program Files\K-Lite Codec Pack\Real\browser\plugins
prpjplug.dll



---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-117609710-1078145449-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-117609710-1078145449-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.20661 (vista_ldr.070814-1500)) -- C:\WINDOWS\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll



---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll



---\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe 
O4 - HKLM\..\Run: [VistaDrive] . (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe 
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe 
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\Windows\System32\CHDAudPropShortcut.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe 
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe 
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe 
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe 
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe 
O4 - HKUS\S-1-5-21-117609710-1078145449-1177238915-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-21-117609710-1078145449-1177238915-500\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll 
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] Clé orpheline 
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll 
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] Clé orpheline 
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll 
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] Clé orpheline 
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll 
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] Clé orpheline 
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk . (...)  -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\TransBar.lnk . (.AKSoftware.)  -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe



---\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...)  -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A80000000002}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.)  -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.)  -- C:\WINDOWS\system32cimlby.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Foxit PDF Reader.lnk . (...)  -- C:\Program Files\Foxit\FoxitReader.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Windows Media Player\wmplayer.exe



---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe



---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Skype Plug-In - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll



---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_4_0.cab



---\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0C0AB36-74D3-4D86-AE49-A023282F5CB4}: NameServer = 200.0.0.1,213.136.96.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0C0AB36-74D3-4D86-AE49-A023282F5CB4}: NameServer = 200.0.0.1,213.136.96.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{B0C0AB36-74D3-4D86-AE49-A023282F5CB4}: NameServer = 200.0.0.1,213.136.96.2



---\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll



---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll



---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll



---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall (avast! Firewall) . (.AVAST Software - avast! firewall service.) - C:\Program Files\Alwil Software\Avast5\afwServ.exe



---\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe



---\ Pilotes lancés au démarrage (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys
O41 - Driver:  (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
O41 - Driver:  (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS
etbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS
etbt.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERSasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERSdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERSedbook.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS	cpip.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS	ermdd.sys
O41 - Driver:  (Tosrfcom) . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) - C:\WINDOWS\System32\Drivers	osrfcom.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys



---\ Logiciels installés (O42)
O42 - Logiciel: 300 Recettes de Cuisine - (.Pas de propriétaire.) [HKLM] -- {21E73A3F-DA86-4DA7-9BC3-C8F5CC48CD5D}
O42 - Logiciel: 7-Zip 4.57 - (.Pas de propriétaire.) [HKLM] -- 7-Zip
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A80000000002}
O42 - Logiciel: Anim-FX - (.Pas de propriétaire.) [HKLM] -- Anim-FX
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Auto-école 3D - (.Anuman Interactive.) [HKLM] -- Auto-école 3D_is1
O42 - Logiciel: Bluetooth Stack for Windows - (.Pas de propriétaire.) [HKLM] -- {CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
O42 - Logiciel: CCleaner (remove only) - (.Pas de propriétaire.) [HKLM] -- CCleaner
O42 - Logiciel: Code de la route - (.Anuman Interactive.) [HKLM] -- Code de la route_is1
O42 - Logiciel: Code de la route - Classic 2010 - (.Anuman Interactive.) [HKLM] -- Code de la route - Classic 2010_is1
O42 - Logiciel: Conexant HD Audio - (.Pas de propriétaire.) [HKLM] -- CNXT_HDAUDIO
O42 - Logiciel: GIMP 2.6.4 - (.Pas de propriétaire.) [HKLM] -- WinGimp-2.0_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- HDMI
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: K-Lite Mega Codec Pack 3.8.0 - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {69F02EF7-5303-4ECC-B2ED-A6433DA1B305}
O42 - Logiciel: Magic ISO Maker v5.1 (build 0184) - (.Pas de propriétaire.) [HKLM] -- Magic ISO Maker v5.1 (build 0184)
O42 - Logiciel: Microsoft .NET Framework 2.0 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 2.0 Language Pack - FRA
O42 - Logiciel: Moto-école 3D - (.Anuman Interactive.) [HKLM] -- Moto-école 3D_is1
O42 - Logiciel: Mozilla Firefox (2.0.0.20) - (.Mozilla.) [HKLM] -- Mozilla Firefox (2.0.0.20)
O42 - Logiciel: Nero 8 Micro 8.3.2.1 - (.Updatepack.nl.) [HKLM] -- Nero8Lite_is1
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Pack Vista Inspirat 2 1.0 - (.Bricomix.) [HKLM] -- Pack Vista Inspirat 2
O42 - Logiciel: Sage 100 Comptabilité - (.Sage.) [HKLM] -- {93A837CB-5919-4BBA-B1AE-2E42F0E00794}
O42 - Logiciel: Sage 100 Gestion commerciale - (.Sage.) [HKLM] -- {52270BD3-1B06-42B6-B76A-3E6B95D3F218}
O42 - Logiciel: Security Update pour Microsoft .NET Framework 2.0 (KB928365) - (.Microsoft Corporation.) [HKLM] -- KB928365.T1_1ToU569_1
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
O42 - Logiciel: The Logo Creator v5.2 - (.Pas de propriétaire.) [HKLM] -- The Logo Creator v5.2
O42 - Logiciel: VLC media player 0.9.2 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Vista Drive Indicator! - (.KelCorp.) [HKLM] -- VDrive
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: avast! Internet Security - (.Alwil Software.) [HKLM] -- avast5

---\ HKCU & HKLM Software Keys
[HKCU\Software\7-Zip]
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\Alps]
[HKCU\Software\Besier 3D-Edutainment]
[HKCU\Software\Classes]
[HKCU\Software\Cyberlink]
[HKCU\Software\DSP-worx]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Foxit Software]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GameHouse]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Imprimante PDF Sage]
[HKCU\Software\Intel]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Jitit Virtual Registry]
[HKCU\Software\Macromedia]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Revenger inc.]
[HKCU\Software\RocketDock]
[HKCU\Software\Sage]
[HKCU\Software\Skype]
[HKCU\Software\Toshiba]
[HKCU\Software\Trolltech]
[HKCU\Software\UberIcon-v1.0.0]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\cybelsoft]
[HKLM\Software\ALWIL Software]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\Alps]
[HKLM\Software\Bricomix.net]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Conexant]
[HKLM\Software\Cyberlink]
[HKLM\Software\DivXNetworks]
[HKLM\Software\Doug]
[HKLM\Software\FullCircle]
[HKLM\Software\GNU]
[HKLM\Software\GameHouse]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\INTEL]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Macromedia]
[HKLM\Software\MagicISO]
[HKLM\Software\Micro Application]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\PC SOFT]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Revenger inc.]
[HKLM\Software\S3R521]
[HKLM\Software\Sage]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Toshiba]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\cybelsoft]
[HKLM\Software\iColorFolder]
[HKLM\Software\mozilla.org]



---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2011 - 15:02:36 - [2845370] ----D- C:\Program Files\7-Zip
O43 - CFD: 22/05/2011 - 13:29:00 - [126416293] ----D- C:\Program Files\Adobe
O43 - CFD: 21/05/2011 - 15:48:18 - [159625833] ----D- C:\Program Files\Alwil Software
O43 - CFD: 09/07/2011 - 16:12:50 - [3660854] ----D- C:\Program Files\Anim-FX
O43 - CFD: 10/07/2011 - 13:56:16 - [5225597304] ----D- C:\Program Files\Anuman interactive
O43 - CFD: 21/05/2011 - 14:51:00 - [3236403] ----D- C:\Program Files\Apoint2K
O43 - CFD: 21/05/2011 - 15:03:02 - [1044000] ----D- C:\Program Files\CCleaner
O43 - CFD: 21/05/2011 - 14:56:00 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 21/05/2011 - 16:10:08 - [577536] ----D- C:\Program Files\CONEXANT
O43 - CFD: 13/07/2011 - 17:11:44 - [505478014] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 21/05/2011 - 15:03:12 - [5793568] ----D- C:\Program Files\Foxit
O43 - CFD: 13/07/2011 - 11:12:58 - [26279936] ----D- C:\Program Files\GecoMaes
O43 - CFD: 22/05/2011 - 13:40:30 - [83369064] ----D- C:\Program Files\GIMP-2.0
O43 - CFD: 13/07/2011 - 11:14:54 - [12425142] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 13/07/2011 - 15:32:46 - [96757] ----D- C:\Program Files\Intel
O43 - CFD: 21/05/2011 - 15:00:24 - [2304083] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 21/05/2011 - 15:04:22 - [79819377] ----D- C:\Program Files\Java
O43 - CFD: 21/05/2011 - 15:02:44 - [45924916] ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 13/07/2011 - 15:27:22 - [6511189] ----D- C:\Program Files\ma-config.com
O43 - CFD: 13/07/2011 - 11:14:56 - [22269952] ----D- C:\Program Files\Maestria
O43 - CFD: 10/07/2011 - 10:51:12 - [2446376] ----D- C:\Program Files\MagicISO
O43 - CFD: 21/05/2011 - 14:55:02 - [2045178] ----D- C:\Program Files\Messenger
O43 - CFD: 22/05/2011 - 16:21:12 - [30326385] ----D- C:\Program Files\Micro Application
O43 - CFD: 13/07/2011 - 17:17:20 - [854520] ----D- C:\Program Files\Microsoft
O43 - CFD: 21/05/2011 - 15:04:38 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 22/05/2011 - 13:17:26 - [551643340] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 13/07/2011 - 17:18:22 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 22/05/2011 - 13:17:22 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 22/05/2011 - 13:14:02 - [1387249] ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 22/05/2011 - 13:17:50 - [3178824] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 22/05/2011 - 13:16:32 - [8152064] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 21/05/2011 - 16:13:00 - [9709041] ----D- C:\Program Files\Movie Maker
O43 - CFD: 14/07/2011 - 14:07:04 - [22732902] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 22/05/2011 - 13:17:38 - [764] ----D- C:\Program Files\MSBuild
O43 - CFD: 21/05/2011 - 15:33:24 - [0] ----D- C:\Program Files\MSECache
O43 - CFD: 21/05/2011 - 14:54:02 - [19278399] ----D- C:\Program Files\MSN
O43 - CFD: 21/05/2011 - 14:54:44 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 21/05/2011 - 15:09:50 - [25792227] ----D- C:\Program Files\Nero
O43 - CFD: 21/05/2011 - 14:57:54 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 21/05/2011 - 14:55:34 - [1804] ----D- C:\Program Files\Online Services
O43 - CFD: 21/05/2011 - 16:13:00 - [4542649] ----D- C:\Program Files\Outlook Express
O43 - CFD: 13/07/2011 - 11:15:42 - [0] ----D- C:\Program Files\Sage
O43 - CFD: 21/05/2011 - 14:58:18 - [1025] ----D- C:\Program Files\Services en ligne
O43 - CFD: 13/07/2011 - 16:52:32 - [25972936] R---D- C:\Program Files\Skype
O43 - CFD: 08/07/2011 - 11:46:40 - [731872212] ----D- C:\Program Files\The Logo Creator v5
O43 - CFD: 21/05/2011 - 16:11:40 - [24183779] ----D- C:\Program Files\Toshiba
O43 - CFD: 14/07/2011 - 11:34:18 - [403893] ----D- C:\Program Files\Trend Micro
O43 - CFD: 21/05/2011 - 15:09:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 22/05/2011 - 13:28:24 - [49968262] ----D- C:\Program Files\VideoLAN
O43 - CFD: 13/07/2011 - 17:18:38 - [48813851] ----D- C:\Program Files\Windows Live
O43 - CFD: 13/07/2011 - 17:16:56 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 21/05/2011 - 14:55:06 - [3581070] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 21/05/2011 - 14:59:28 - [7641288] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 21/05/2011 - 14:54:38 - [3938047] ----D- C:\Program Files\Windows NT
O43 - CFD: 21/05/2011 - 14:58:22 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 21/05/2011 - 15:03:18 - [3718034] ----D- C:\Program Files\WinRAR
O43 - CFD: 21/05/2011 - 15:04:38 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 14/07/2011 - 14:17:20 - [3929379] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 13:29:20 - [9333675] ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 22/05/2011 - 13:17:22 - [92976] ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD: 12/07/2011 - 22:58:08 - [2894043] ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 21/05/2011 - 15:04:04 - [31085729] ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD: 13/07/2011 - 17:17:06 - [219190450] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 21/05/2011 - 14:57:50 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 21/05/2011 - 15:09:46 - [28325498] ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD: 21/05/2011 - 14:48:52 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 13/07/2011 - 11:14:58 - [44838133] ----D- C:\Program Files\Fichiers Communs\Sage
O43 - CFD: 21/05/2011 - 14:57:52 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 21/05/2011 - 14:48:48 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 22/05/2011 - 13:11:46 - [41125744] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 13/07/2011 - 17:11:44 - [124512271] ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD: 02/07/2011 - 10:02:44 - [290268] ----D- C:\Documents and Settings\Administrateur\Application Data\Adobe
O43 - CFD: 10/07/2011 - 13:55:32 - [347786] ----D- C:\Documents and Settings\Administrateur\Application Data\Anuman Interactive
O43 - CFD: 09/07/2011 - 21:42:06 - [210881] ----D- C:\Documents and Settings\Administrateur\Application Data\Casual Arts
O43 - CFD: 21/05/2011 - 15:10:00 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Identities
O43 - CFD: 22/05/2011 - 16:22:04 - [24362] ----D- C:\Documents and Settings\Administrateur\Application Data\Macromedia
O43 - CFD: 14/07/2011 - 08:00:10 - [1177764] -S--D- C:\Documents and Settings\Administrateur\Application Data\Microsoft
O43 - CFD: 04/07/2011 - 20:42:24 - [606638] ----D- C:\Documents and Settings\Administrateur\Application Data\Mozilla
O43 - CFD: 14/07/2011 - 13:03:30 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Real
O43 - CFD: 13/07/2011 - 11:15:58 - [23717] ----D- C:\Documents and Settings\Administrateur\Application Data\Sage
O43 - CFD: 13/07/2011 - 17:23:02 - [2090941] ----D- C:\Documents and Settings\Administrateur\Application Data\Skype
O43 - CFD: 21/05/2011 - 15:03:50 - [13680640] ----D- C:\Documents and Settings\Administrateur\Application Data\Sun
O43 - CFD: 04/07/2011 - 20:42:36 - [7386] ----D- C:\Documents and Settings\Administrateur\Application Data\Talkback
O43 - CFD: 22/05/2011 - 14:24:18 - [447914] ----D- C:\Documents and Settings\Administrateur\Application Data\vlc
O43 - CFD: 02/07/2011 - 10:02:48 - [12841] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe
O43 - CFD: 29/05/2011 - 20:26:22 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Axialis
O43 - CFD: 14/07/2011 - 08:00:08 - [62408331] -S--D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft
O43 - CFD: 22/05/2011 - 13:10:38 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft Help
O43 - CFD: 04/07/2011 - 20:42:24 - [24455423] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla
O43 - CFD: 21/05/2011 - 15:02:38 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Real
O43 - CFD: 21/05/2011 - 16:26:30 - [6254] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Toshiba



---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.10EF1200FEFFFFFF57494E444F577E31] - 14/07/2011 - 14:15:15 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log   [158215]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/07/2011 - 14:15:14 ---A- . (...) -- C:\WINDOWS\0.log   [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 14/07/2011 - 14:14:53 -S-A- . (...) -- C:\WINDOWS\bootstat.dat   [2048]
O44 - LFC:[MD5.C985C93F44FC2730B89304999C05ADE8] - 14/07/2011 - 11:51:04 ---A- . (...) -- C:\ZHPExportRegistry-14-07-2011-11-51-04.txt   [770]
O44 - LFC:[MD5.A1951704CB43D43E5FDA15878C640A11] - 14/07/2011 - 11:49:41 ---A- . (...) -- C:\WINDOWS\setupact.log   [94]
O44 - LFC:[MD5.10EF1200FEFFFFFF000000002CF21200] - 14/07/2011 - 11:11:21 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt   [17552]
O44 - LFC:[MD5.0FF8CE85574FC15D8F1081E0B212DB2B] - 13/07/2011 - 16:24:16 ---A- . (...) -- C:\WINDOWS\setupapi.log   [228839]
O44 - LFC:[MD5.37251C924EC81821E573334A045AA331] - 13/07/2011 - 16:23:26 ---A- . (.Intel® Corporation - Intel® Graphics Media Accelerator Driver in.) -- C:\WINDOWS\System32\igxpun.exe   [920088]
O44 - LFC:[MD5.22780E0721D5511FA0FE079ED8EDF0A8] - 13/07/2011 - 16:13:13 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT   [448184]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/07/2011 - 15:33:27 ---A- . (...) -- C:\WINDOWS\setuperr.log   [0]
O44 - LFC:[MD5.E3F9DA68FE296EACBB2F4432351B481C] - 13/07/2011 - 15:32:45 ---A- . (.Windows XP Bundled build C-Centric Single U - CSVer.) -- C:\WINDOWS\System32\CSVer.dll   [53248]
O44 - LFC:[MD5.C974EC3894D47E132A7412C3363E2165] - 13/07/2011 - 11:12:54 ---A- . (.Amyuni Technologies  http://www.amyuni.com - Common Driver Interface DLL.) -- C:\WINDOWS\System32\cdintf251.dll   [1966080]
O44 - LFC:[MD5.58A46F39283C720D3E8AF7938586A50A] - 13/07/2011 - 11:12:51 ---A- . (.Compagnie Internationale d'Edition de Logic - CRun Dynamic Link Library.) -- C:\WINDOWS\System32\crun500.dll   [274432]
O44 - LFC:[MD5.732B9781E8AC7042D878B4D4EE98C5BE] - 13/07/2011 - 11:12:50 ---A- . (.Sage - Implémentation CBase locale..) -- C:\WINDOWS\System32\cbaselocal.dll   [274432]
O44 - LFC:[MD5.79634CD4DDF3B63BFEF39D6F4456E87E] - 13/07/2011 - 11:12:50 ---A- . (.Sage - Interface gestion fichier CBase..) -- C:\WINDOWS\System32\cbaseintf.dll   [675840]
O44 - LFC:[MD5.BC9E1B5473F1965BEEC78BBBE26890E3] - 13/07/2011 - 11:12:50 ---A- . (.Sage - Sage runtime librairie.) -- C:\WINDOWS\System32\mlcorert.dll   [262144]
O44 - LFC:[MD5.BA9C037D692E5508B4CD415EA1C9B1A6] - 13/07/2011 - 09:16:32 ---A- . (...) -- C:\anumanlive.log   [2380]
O44 - LFC:[MD5.F36ED9CE312CDC1434A3C6ABB8465A77] - 13/07/2011 - 09:11:14 ---A- . (...) -- C:\WINDOWS\S_Sage.log   [9]
O44 - LFC:[MD5.387E187D6C9D9FC912CE5E13A9EA6974] - 12/07/2011 - 23:31:39 ---A- . (.Inner Media, Inc. - DynaZIP Multi-Threading Zip DLL.) -- C:\WINDOWS\System32\dzip32.dll   [159744]
O44 - LFC:[MD5.3FBA7E23B1C518DD2C4F8F1A2D8E7CEA] - 12/07/2011 - 23:31:39 ---A- . (.Inner Media, Inc. - DynaZIP-32 Multi-Threading UnZIP DLL.) -- C:\WINDOWS\System32\dunzip32.dll   [139264]
O44 - LFC:[MD5.4BFAA0D351DD0C07E3B07B46ED52B8C2] - 12/07/2011 - 22:02:45 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl   [2206]
O44 - LFC:[MD5.15E4000CAB0AB6DFD2E7EF1290AAA120] - 10/07/2011 - 11:24:01 ---A- . (...) -- C:\WINDOWS\cdteaswd2003.ini   [21]
O44 - LFC:[MD5.889C24D5D5A6317059FECBC1AAE83086] - 10/07/2011 - 10:43:35 -SHA- . (...) -- C:\WINDOWS\Thumbs.db   [5120]
O44 - LFC:[MD5.B3A74D8CAE058079A006ADD03B4FF37B] - 09/07/2011 - 21:32:58 ---A- . (...) -- C:\open.ini   [17]
O44 - LFC:[MD5.2F22E4C17C9F7CBFDA07BD8167370B90] - 08/07/2011 - 17:18:21 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [216]
O44 - LFC:[MD5.1F860366DD2DE8E9CF58ACA584BD4D01] - 08/07/2011 - 11:35:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/07/2011 - 11:35:24 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log   [0]
O44 - LFC:[MD5.65645CDB56756B80B85895D01DB0D936] - 07/07/2011 - 17:48:11 ---A- . (...) -- C:\WINDOWS\win.ini   [629]
O44 - LFC:[MD5.2AA8213E7E3B946127349ACD04F4A0E9] - 07/07/2011 - 17:20:22 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI   [1047336]
O44 - LFC:[MD5.8D00A0630277AD13E686D1BCC2CA3A11] - 07/07/2011 - 17:20:22 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat   [67240]
O44 - LFC:[MD5.EA8580BF3AFE9FAA2600EB958506FB87] - 07/07/2011 - 17:20:22 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat   [81662]
O44 - LFC:[MD5.B59FFA201700A713654FE49868BB4B20] - 07/07/2011 - 17:20:22 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat   [426074]
O44 - LFC:[MD5.4409D80D88FB842DE825753888B445CD] - 07/07/2011 - 17:20:22 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat   [497624]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/07/2011 - 20:42:27 ---A- . (...) -- C:\WINDOWS
sreg.dat   [0]
O44 - LFC:[MD5.672A2B36338A1F7401D091D09AAB1B22] - 15/04/2008 - 09:26:24 ---A- . (...) -- C:\WINDOWS\System32\SAGEPERS.DLL   [598016]
O44 - LFC:[MD5.1C59745CF3A5F820D3E3854B95272263] - 15/02/2008 - 13:21:56 ---A- . (...) -- C:\WINDOWS\System32\igfxCoIn_v4926.dll   [147456]



---\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll



---\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\doc franck\DORA\fscommand\Vividas_ep12.exe" [Enabled] .(.Vividas - Vividas Player.) -- C:\doc franck\DORA\fscommand\Vividas_ep12.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe



---\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Driversdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpdd.sys . (...) -- C:\WINDOWS\System32\Driversdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Driversdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network	dpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers	dpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network	dtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers	dtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)



---\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d



---\ MountPoints2 Shell Key (O51)
O51 - MPSK:{5d125452-83bc-11e0-93ae-8e7f6ddacf7d}\AutoRun\command - Clé orpheline
O51 - MPSK:{5d125453-83bc-11e0-93ae-8e7f6ddacf7d}\AutoRun\command. (...) -- G:\aliuz\pomoc.exe (.not file.)
O51 - MPSK:{a835a72e-a98b-11e0-839d-000df02cfb88}\AutoRun\command. (...) -- E:\aliuz\pomoc.exe
O51 - MPSK:{be905e7f-ad30-11e0-8641-000df02cfb88}\AutoRun\command. (...) -- E:\aliuz\pomoc.exe



---\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32	ssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\divx.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\WINDOWS\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (...) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.8.0" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.97b2" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (...) -- C:\WINDOWS\System32\ff_vfw.dll



---\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\MsnMsgr  [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe



---\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll



---\

jacques.gache · Answer

bonjour, pas la peinne d'ouvrir un autre sujet !!

repostes ton rapport mais en antier en passant par cijoint afin que l'on puisse l'avoir entier 

envoie-le sur : http://www.cijoint.fr/index.php , 

fais parcourir recherche le rapport 

puis sélectionne le rapport en double cliquand dessus

et puis sur " cliquer ici pour déposer le fichier "

un lien bleu de cette forme va apparaitre :

Veuillez noter le lien ci-dessous qui vous permettra d'accéder à ce fichier. 
C'est ce même lien que vous devrez transmettre à vos correspondants
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt 


renvoie le lien tout frais dans ta prochaine reponse . 



et si problème passe par celui ci : http://cjoint.com/

Aliuz virus

1 réponse

Discussions similaires

Newsletters