cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v1.27.194 par Nicolas Coolman, Update du 02/05/2011
Run by Tony at 02/05/2011 22:03:06
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox v3.6.10 (fr) (Defaut)

---\\ System Information
Windows XP Home Edition Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 999 MB (80% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (42%) free of 8 GB

---\\ Logged in mode
Computer Name: TONY-HIOTQCZT6G
User Name: Tony
All Users Names: Tony, SUPPORT_388945a0, HelpAssistant, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=
%LocalAppData%=
%StartMenu%=

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 10 Go)
D:\ CD-ROM drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.4A6E04EA20F48D750D9BFED8600D516B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2008 18:33:50.) -- C:\WINDOWS\system32\wininet.dll [670208]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 10:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 11:15:54.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]



---\\ Processus lancés
[MD5.1B92F6F3D84E0EA21ED8C5D180781BE9] - (.Oracle Corporation - VirtualBox Guest Additions Service.) -- C:\WINDOWS\system32\VBoxService.exe [1028400]
[MD5.CFC0A1396DDCBC472B26172F78D8E6B8] - (.Oracle Corporation - VirtualBox Guest Additions Tray Application.) -- C:\WINDOWS\system32\VBoxTray.exe [913712]
[MD5.CCEA2F6FD3ECE0833F9A404CFF60DE5F] - (.Google Inc. - Google Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [126976]
[MD5.7915E4CA20923ACD2E6F490CCB431042] - (.Adobe Flash Player - Adobe Player Setup.) -- C:\Windows\Qvosaa.exe [201728]
[MD5.13B19DD5EBEB6FDDBD11DD77490A3585] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253672]
[MD5.11C3EFB4BAC41175D03B1595DB1A4A4F] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.7E3DEFE771CB451B0FF630BFA435417E] - (.Microsoft Corporation - Mises à jour automatiques.) -- C:\WINDOWS\system32\wuauclt.exe [112640]
[MD5.F961914B24054D28EE16F7243196C6CF] - (.Pas de propriétaire - Pas de description.) -- c:\windows\nvsvc32.exe [74240]
[MD5.5D3EB549B1299390D5399D8A10644826] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [645120]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Tony] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_25 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Pas de propriétaire - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=14] - (.Google - Google Updater plugin
http://pack.) -- C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
P2 - FPN: [HKCU] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Pas de propriétaire - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
R0 - HKUS\S-1-5-21-117609710-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com
R1 - HKUS\S-1-5-21-117609710-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Bibliothèque d'objets et de contrôles de do.) (No version) -- %SystemRoot%\System32\shdocvw.dll



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} . (.facemoods.com BHO - Pas de description.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} . (.Pas de propriétaire - ToolBand Module.) -- C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (.facemoods.com - Pas de description.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [VBoxTray] . (.Oracle Corporation - VirtualBox Guest Additions Tray Application.) -- C:\WINDOWS\system32\VBoxTray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] . (.Google Inc. - Google Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] . (.Pas de propriétaire - Pas de description.) -- c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [facemoods] . (.facemoods.com - Pas de description.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-117609710-746137067-839522115-1004\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3362492033-2313565865-4160027829-1001\..\Run: [NVIDIA driver monitor] . (.Pas de propriétaire - Pas de description.) -- c:\windows\nvsvc32.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\JDownloader Uninstaller.lnk . (.AppWork GmbH.) -- C:\Program Files\JDownloader\JDUninstall.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\JDownloader Update.lnk . (...) -- C:\Program Files\JDownloader\JDUpdate.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\JDownloader.lnk . (.AppWork UG (haftungsbeschränkt).) -- C:\Program Files\JDownloader\JDownloaderD3D.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\SumatraPDF.lnk . (.Krzysztof Kowalczyk.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe
O4 - Global Startup: C:\Documents And Settings\Tony\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Tony\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: DirectAnimation Java Classes - (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E1DB51-92D0-4C88-B9D1-7DE89B817974}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{97E1DB51-92D0-4C88-B9D1-7DE89B817974}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{97E1DB51-92D0-4C88-B9D1-7DE89B817974}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\System32\stobject.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AcerSamSs) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\1033d.exe
O23 - Service: (Acer Media Server) . (.Acer Inc. - Acer UPnP Media Server Service.) - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (VBoxService) - Clé orpheline



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.7915E4CA20923ACD2E6F490CCB431042] [APT] [{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}] (.Adobe Flash Player.) -- C:\Windows\Qvosaa.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VBoxSF) . (.Oracle Corporation - VirtualBox Shared Folders Minirdr.) - C:\Windows\System32\drivers\VBoxSF.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: Acer eConsole - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Acer eMode Management - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: DownloadH version 7.0.0.1 - (.Mcvivien2(Hacker Tool).) [HKLM] -- {BBF44A62-A65A-446B-82C6-12878FD70728}_is1
O42 - Logiciel: Facemoods Toolbar - (.Pas de propriétaire.) [HKLM] -- facemoods
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: JDownloader 0.9 - (.AppWork GmbH.) [HKLM] -- 1489-3350-5074-6281
O42 - Logiciel: Java(TM) 6 Update 25 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216025FF}
O42 - Logiciel: LibreOffice 3.3 - (.LibreOffice.) [HKLM] -- {CEE2613D-3B53-4447-BA2D-E88C08272581}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Mozilla Firefox (3.6.10) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.10)
O42 - Logiciel: Oracle VM VirtualBox Guest Additions 4.0.6 - (.Oracle Corporation.) [HKLM] -- Oracle VM VirtualBox Guest Additions
O42 - Logiciel: SumatraPDF - (.Krzysztof Kowalczyk.) [HKLM] -- SumatraPDF
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: ZebHelpProcess 2.47 - (.Nicolas Coolman.) [HKLM] -- Zeb Help Process_is1

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DT Soft]
[HKCU\Software\Google]
[HKCU\Software\JavaSoft]
[HKCU\Software\LibreOffice]
[HKCU\Software\Macromedia]
[HKCU\Software\MindFusion Limited]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\ej-technologies]
[HKCU\Software\facemoods.com]
[HKLM\Software\Borland]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DT Soft]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LibreOffice]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Oracle]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\ej-technologies]
[HKLM\Software\facemoods.com]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/03/2011 - 16:40:56 - [65597451] ----D- C:\Program Files\Acer
O43 - CFD: 02/05/2011 - 21:43:04 - [3704864] ----D- C:\Program Files\CCleaner
O43 - CFD: 15/09/2010 - 23:51:50 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 02/05/2011 - 21:47:28 - [17268545] ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 02/05/2011 - 21:47:20 - [2466399] ----D- C:\Program Files\DAEMON Tools Toolbar
O43 - CFD: 02/05/2011 - 21:41:20 - [4176624] ----D- C:\Program Files\Defraggler
O43 - CFD: 02/05/2011 - 21:52:02 - [1798085] ----D- C:\Program Files\facemoods.com
O43 - CFD: 02/05/2011 - 21:46:10 - [26718552] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 02/05/2011 - 21:37:14 - [27304051] ----D- C:\Program Files\Google
O43 - CFD: 16/09/2010 - 19:52:48 - [4573631] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 02/05/2011 - 21:45:40 - [80951227] ----D- C:\Program Files\Java
O43 - CFD: 02/05/2011 - 21:53:44 - [56916114] ----D- C:\Program Files\JDownloader
O43 - CFD: 02/05/2011 - 21:44:32 - [452851299] ----D- C:\Program Files\LibreOffice 3
O43 - CFD: 16/09/2010 - 19:53:10 - [2222183] ----D- C:\Program Files\Messenger
O43 - CFD: 15/09/2010 - 23:53:26 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 16/09/2010 - 19:52:48 - [11350823] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/05/2011 - 21:35:26 - [30097170] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 16/09/2010 - 19:52:48 - [19278399] ----D- C:\Program Files\msn
O43 - CFD: 15/09/2010 - 23:51:22 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 16/09/2010 - 19:50:56 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 25/09/2010 - 00:11:54 - [2165736] ----D- C:\Program Files\Notepad++
O43 - CFD: 02/05/2011 - 21:09:46 - [2817251] ----D- C:\Program Files\Oracle
O43 - CFD: 16/09/2010 - 19:50:52 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 16/09/2010 - 00:02:32 - [1025] ----D- C:\Program Files\Services en ligne
O43 - CFD: 02/05/2011 - 21:39:04 - [8006100] ----D- C:\Program Files\SumatraPDF
O43 - CFD: 15/09/2010 - 23:57:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 16/09/2010 - 19:53:06 - [6563765] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 16/09/2010 - 19:50:52 - [1368576] ----D- C:\Program Files\Windows NT
O43 - CFD: 15/09/2010 - 23:51:26 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 15/09/2010 - 23:53:26 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 02/05/2011 - 21:16:58 - [103249413] ----D- C:\Program Files\ZebHelpProcess
O43 - CFD: 02/05/2011 - 22:03:10 - [3838396] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 02/05/2011 - 21:16:42 - [7675821] ----D- C:\Program Files\Fichiers Communs\Borland Shared
O43 - CFD: 02/05/2011 - 21:46:10 - [1252295] ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD: 15/09/2010 - 23:57:34 - [6635883] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 15/09/2010 - 23:52:04 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 16/09/2010 - 00:47:36 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 15/09/2010 - 23:52:08 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 16/09/2010 - 00:47:36 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 16/09/2010 - 19:50:50 - [7075058] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 02/05/2011 - 21:16:02 - [0] ----D- C:\Documents and Settings\Tony\Application Data\Adobe
O43 - CFD: 02/05/2011 - 21:46:50 - [0] ----D- C:\Documents and Settings\Tony\Application Data\DAEMON Tools Lite
O43 - CFD: 02/05/2011 - 22:01:48 - [0] ----D- C:\Documents and Settings\Tony\Application Data\facemoods.com
O43 - CFD: 02/05/2011 - 21:37:40 - [0] ----D- C:\Documents and Settings\Tony\Application Data\Google
O43 - CFD: 15/09/2010 - 23:57:30 - [0] ----D- C:\Documents and Settings\Tony\Application Data\Identities
O43 - CFD: 02/05/2011 - 21:16:02 - [728] ----D- C:\Documents and Settings\Tony\Application Data\Macromedia
O43 - CFD: 02/05/2011 - 21:46:04 - [216080] -S--D- C:\Documents and Settings\Tony\Application Data\Microsoft
O43 - CFD: 15/09/2010 - 23:59:30 - [8245801] ----D- C:\Documents and Settings\Tony\Application Data\Mozilla
O43 - CFD: 25/09/2010 - 00:11:54 - [87534] ----D- C:\Documents and Settings\Tony\Application Data\Notepad++
O43 - CFD: 02/05/2011 - 21:39:28 - [576] ----D- C:\Documents and Settings\Tony\Application Data\SumatraPDF
O43 - CFD: 02/05/2011 - 21:43:46 - [838740] ----D- C:\Documents and Settings\Tony\Application Data\Sun
O43 - CFD: 02/05/2011 - 21:37:42 - [1135387] ----D- C:\Documents and Settings\Tony\Local Settings\Application Data\Google
O43 - CFD: 16/09/2010 - 19:39:10 - [1014880] ----D- C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft
O43 - CFD: 15/09/2010 - 23:59:24 - [57271924] ----D- C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.20EF1200E915817C00DCFD7FF4EF1200] - 02/05/2011 - 21:02:00 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [22979]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2011 - 21:01:59 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.555E54AC2F601A8821CEF58961653991] - 02/05/2011 - 21:01:51 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [218688]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 02/05/2011 - 21:01:40 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.20EF1200E915817C00DCFD7FF4EF1200] - 02/05/2011 - 21:01:25 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [5722]
O44 - LFC:[MD5.7915e4ca20923acd2e6f490ccb431042] - 02/05/2011 - 20:56:56 ---A- . (.Adobe Flash Player - Adobe Player Setup.) -- C:\Windows\Qvosaa.exe [201728]
O44 - LFC:[MD5.995443360AB7BCC1D6216B051CDB5345] - 02/05/2011 - 20:54:20 ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.dat [664]
O44 - LFC:[MD5.352287242CA4EAC83DF5C3E8A3AE6E91] - 02/05/2011 - 20:48:23 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [124520]
O44 - LFC:[MD5.1299E5D605BD39CA828B8FFB68CC29CD] - 02/05/2011 - 20:45:43 ---A- . (.Sun Microsystems, Inc. - Java(TM) Control Panel.) -- C:\WINDOWS\System32\javacpl.cpl [73728]
O44 - LFC:[MD5.C88C969B8E477E4297E4A65D66852BF3] - 02/05/2011 - 20:45:43 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808]
O44 - LFC:[MD5.B157E305260FF2A607591F33DE41BFCA] - 02/05/2011 - 20:45:43 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]
O44 - LFC:[MD5.364F7A2B4B535659F3B50DE5E5C20123] - 02/05/2011 - 20:45:43 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]
O44 - LFC:[MD5.A0AC7907D47B54238CA60FC47807F119] - 02/05/2011 - 20:45:43 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]
O44 - LFC:[MD5.A5BF554CAC8CC8D3E447995AF630D9BB] - 02/05/2011 - 20:35:22 ---A- . (...) -- C:\PDOXUSRS.NET [13030]
O44 - LFC:[MD5.C9C6B38DE64D22E2DD1CDED487CD49EF] - 02/05/2011 - 20:18:12 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.9869AF864AF7411ED3C8F28152B094D4] - 02/05/2011 - 20:15:26 ---A- . (.Nicolas Coolman - Zeb Help Process.) -- C:\ZHPLite.exe [12927291]
O44 - LFC:[MD5.9F00809677AB2629478AFB4C1452C7F3] - 02/05/2011 - 20:15:10 ---A- . (...) -- C:\ZHPDiag2.zip [2413721]
O44 - LFC:[MD5.C45ED220573FC57A9BF8ACFF82E23E8F] - 02/05/2011 - 20:11:01 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.7404B310058C40D433E54DB1238B1AA0] - 02/05/2011 - 20:10:28 ---A- . (...) -- C:\WINDOWS\setupapi.log [367781]
O44 - LFC:[MD5.E246233F7DCFE923D7A54F29B63CC30E] - 26/04/2011 - 20:10:23 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\wibrf.jpg [3968]
O44 - LFC:[MD5.D3A3A9391EA080EDFEF8BA202CC36D2E] - 26/04/2011 - 20:10:23 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\wiybr.png [3416]
O44 - LFC:[MD5.525101561A36A34E630F240BA1669938] - 26/04/2011 - 20:10:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\ndl.dl [2270]
O44 - LFC:[MD5.F961914B24054D28EE16F7243196C6CF] - 26/04/2011 - 20:09:36 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\nvsvc32.exe [74240]
O44 - LFC:[MD5.1B92F6F3D84E0EA21ED8C5D180781BE9] - 26/04/2011 - 13:35:58 ---A- . (.Oracle Corporation - VirtualBox Guest Additions Service.) -- C:\WINDOWS\System32\VBoxService.exe [1028400]
O44 - LFC:[MD5.536C9B7F2CC2D0B2059F7CDB560512A6] - 26/04/2011 - 13:35:58 ---A- . (.Oracle Corporation - VirtualBox Shared Folders Minirdr NP.) -- C:\WINDOWS\System32\VBoxMRXNP.dll [717104]
O44 - LFC:[MD5.CFC0A1396DDCBC472B26172F78D8E6B8] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox Guest Additions Tray Application.) -- C:\WINDOWS\System32\VBoxTray.exe [913712]
O44 - LFC:[MD5.3DC27D2E9597E327B61FA17628A6895A] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox Guest Additions Utility.) -- C:\WINDOWS\System32\VBoxControl.exe [713008]
O44 - LFC:[MD5.B206063C0C181E131C15A1EE298FCB6B] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGL.dll [971056]
O44 - LFC:[MD5.068D2BAF4035A9DB50EFDE5FA19012DF] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLarrayspu.dll [479536]
O44 - LFC:[MD5.31B1076837492FD2BF11BCB33A98D7FA] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLerrorspu.dll [151856]
O44 - LFC:[MD5.1B4A3B6808532BF3D3C8B7B3D18D5F89] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLfeedbackspu.dll [639280]
O44 - LFC:[MD5.04037421754C8547F681B10A3428E5D9] - 26/04/2011 - 13:35:56 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLpackspu.dll [1306928]
O44 - LFC:[MD5.D54977E6218BAB3C1D3165C77F337947] - 26/04/2011 - 13:35:52 ---A- . (.Oracle Corporation - VirtualBox Mouse Filter.) -- C:\WINDOWS\System32\drivers\VBoxMouse.sys [81136]
O44 - LFC:[MD5.1AFA826D5A1DF48EE906FD1841B9D4AF] - 26/04/2011 - 13:35:52 ---A- . (.Oracle Corporation - VirtualBox Shared Folders Minirdr.) -- C:\WINDOWS\System32\drivers\VBoxSF.sys [237232]
O44 - LFC:[MD5.919B7D19B5105DF7DD6057339F2BAD66] - 26/04/2011 - 13:35:36 ---A- . (.Oracle Corporation - VirtualBox Hook Driver.) -- C:\WINDOWS\System32\VBoxHook.dll [67376]
O44 - LFC:[MD5.DDD8473C61935627FCF3B1729372A43D] - 26/04/2011 - 13:35:26 ---A- . (.Oracle Corporation - VirtualBox CoInst.) -- C:\WINDOWS\System32\vbcoinst.dll [86320]
O44 - LFC:[MD5.CB37D25B51590668107E17A94CC482D2] - 26/04/2011 - 13:35:26 ---A- . (.Oracle Corporation - VirtualBox Guest Driver.) -- C:\WINDOWS\System32\drivers\VBoxGuest.sys [111600]
O44 - LFC:[MD5.0AC681594F8767D2C5CEDF3A61BA7C2A] - 26/04/2011 - 13:35:22 ---A- . (.Oracle Corporation - VirtualBox Display Driver.) -- C:\WINDOWS\System32\VBoxDisp.dll [74288]
O44 - LFC:[MD5.ECC7494100D76869A4C6E18E4A93EF20] - 26/04/2011 - 13:35:22 ---A- . (.Oracle Corporation - VirtualBox Video Driver.) -- C:\WINDOWS\System32\drivers\VBoxVideo.sys [122096]
O44 - LFC:[MD5.3B2C7316AC1D3997FBF5DEC31FAB09EC] - 26/04/2011 - 13:35:22 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLcrutil.dll [246064]
O44 - LFC:[MD5.C01933783CB3DE290165CC95BD65D2E3] - 26/04/2011 - 13:35:22 ---A- . (.Oracle Corporation - VirtualBox crOpenGL ICD.) -- C:\WINDOWS\System32\VBoxOGLpassthroughspu.dll [114992]
O44 - LFC:[MD5.8C25E347F5E2C2BCA9B5258A68B72AE7] - 20/01/1999 - 04:01:00 ---A- . (...) -- C:\WINDOWS\System32\DBCLIENT.DLL [210032]
O44 - LFC:[MD5.4BC02BD73338C3A26265F5C64DBEC770] - 12/11/1999 - 04:11:00 ---A- . (...) -- C:\WINDOWS\System32\BDEADMIN.CPL [183808]



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\javaw.exe" [Enabled] .(.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\javaw.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.0F2D66D5F08EBE2F77BB904288DCF6F0] - 17/08/2001 - 20:20:04 ---A- . (.Intel Corporation - Intel(r) Integrated Controller Hub Audio Driver.) -- C:\WINDOWS\system32\drivers\ac97intc.sys [96256]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
O58 - SDL:[MD5.555E54AC2F601A8821CEF58961653991] - 02/05/2011 - 21:01:51 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys [218688]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
O58 - SDL:[MD5.7BC8027D56FAB153A987C56AE9835664] - 17/08/2001 - 20:11:22 ---A- . (.AMD Inc. - NDIS 5.0 driver.) -- C:\WINDOWS\system32\drivers\pcntpci5.sys [35328]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 08:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
O58 - SDL:[MD5.CB37D25B51590668107E17A94CC482D2] - 26/04/2011 - 13:35:26 ---A- . (.Oracle Corporation - VirtualBox Guest Driver.) -- C:\WINDOWS\system32\drivers\VBoxGuest.sys [111600]
O58 - SDL:[MD5.D54977E6218BAB3C1D3165C77F337947] - 26/04/2011 - 13:35:52 ---A- . (.Oracle Corporation - VirtualBox Mouse Filter.) -- C:\WINDOWS\system32\drivers\VBoxMouse.sys [81136]
O58 - SDL:[MD5.1AFA826D5A1DF48EE906FD1841B9D4AF] - 26/04/2011 - 13:35:52 ---A- . (.Oracle Corporation - VirtualBox Shared Folders Minirdr.) -- C:\WINDOWS\system32\drivers\VBoxSF.sys [237232]
O58 - SDL:[MD5.ECC7494100D76869A4C6E18E4A93EF20] - 26/04/2011 - 13:35:22 ---A- . (.Oracle Corporation - VirtualBox Video Driver.) -- C:\WINDOWS\system32\drivers\VBoxVideo.sys [122096]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\WINDOWS\system32\1033d.exe - Acer Media Server AcerSamSs (AcerSamSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_ACERSAMSS
O64 - Services: CurCS - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe - Acer Media Server (Acer Media Server) .(.Acer Inc. - Acer UPnP Media Server Service.) - LEGACY_ACER_MEDIA_SERVER
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS
O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP
O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - 13/04/2008 - C:\Windows\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - 28/08/2001 - C:\Windows\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - 02/05/2011 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate)(gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE
O64 - Services: CurCS - 02/05/2011 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater(gusvc) .(.Google - gusvc.) - LEGACY_GUSVC
O64 - Services: CurCS - C:\Acer\Empowering Technology\eRecovery\int15.sys - int15.sys (int15.sys) .(.Pas de propriétaire - Pas de description.) - LEGACY_INT15.SYS
O64 - Services: CurCS - 02/05/2011 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD
O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP
O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\SERIAL.sys - Serial (Serial) .(...) - LEGACY_SERIAL
O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE
O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(...) - LEGACY_UPLOADMGR
O64 - Services: CurCS - 26/04/2011 - C:\Windows\System32\VBoxService.exe - VirtualBox Guest Additions Service(VBoxService) .(.Oracle Corporation - VirtualBox Guest Additions Service.) - LEGACY_VBOXSERVICE
O64 - Services: CurCS - 26/04/2011 - C:\Windows\System32\drivers\VBoxSF.sys - VirtualBox Shared Folders(VBoxSF) .(.Oracle Corporation - VirtualBox Shared Folders Minirdr.) - LEGACY_VBOXSF
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP
O64 - Services: CurCS - (.not file.) - Numéro de série du média portable (WmdmPmSp) .(...) - LEGACY_WMDMPMSP



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} [DefaultScope] - (Facemoods Search) - http://start.facemoods.com



---\\ Scan Additionnel (O88)
Database Version : 6753 - (02/05/2011)
Number of Keys Founds (Clés trouvées) : 5
Number of Directories Founds (Dossiers trouvés) : 0

[HKCR\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}] =>Toolbar.Crawler
[HKCU\Software\facemoods.com] =>
[HKLM\Software\facemoods.com] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar] =>Toolbar.Agent



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SS - | Auto 02/05/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 02/05/2011 194104 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 02/05/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SR - | Auto 02/05/2011 0 | (VBoxService) . (...) - c:\system32\VBoxService.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Tony at 02/05/2011 22:03:50

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS TDI.SYS tcpip.sys
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x85BDFAB8]
3 CLASSPNP[0xF7571FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85BD04E0]
kernel: MBR read successfully
user & kernel MBR OK



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Tony at 02/05/2011 22:03:52

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite



End of the scan (843 lines in 00mn 56s)(0)