pub drive clean [RESOLU]

[LoGiC]

impressionnant le nombre de services installés par McAfee !!!!

 

z'ont été rachetés par symantec ?

[lexgamer]

tu m'etonne pourtant je le recent pas !

[LoGiC]

non, par contre tu le ressentirait de passer sur un antivirus plus leger !!!!

 

a voir apres ta desinfection !

 

n'hesite pas a demander une optimisation de ton systeme !

 

@+

[lexgamer]

je vais d'abord regler se probleme d'infection ensuite je verrai pour optimisation , mais Mcafee est tres loin d'etre un mauvais anti virus , maintenant il demande a etre bien configurer ses comme la suite kaspersky , mal configurer il fait ramer le pc ,d'ailleur j'ai une question , avec la suite Mcafee j'ai un outil appeler quick clean le probleme ses que lorsque je la lance elle ne s'arrete jamais elle analyse non stop mon pc et me donne aucun resultat .

Modifié le 24 août 2007 par lexgamer

[bruce lee]

Re,

 

Merci d'utiliser Vundofix

[lexgamer]

j'ai poster un peu plus haut ma reponse ses pa grave la voici

 

j'ai fait le scan mais il m'a afficher comme quoi que aucun fichier n'etait infecter enfin voici le rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11:21, on 24/08/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\McAfee\MSK\mskagent.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Lex\AppData\Local\Temp\~DF6EC9.tmp C:\Users\Lex\AppData\Local\Temp\~DF6EB8.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E51.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E42.tmp C:\Users\Lex\AppData\Local\Temp\~DF525F.tmp C:\Users\Lex\AppData\Local\Temp\~DF519B.tmp C:\Users\Lex\AppData\Local\Temp\~DF41E6.tmp C:\Users\Lex\AppData\Local\Temp\~DF41C0.tmp C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\192168~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UGE8VS7M\BBANER~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\QUICKC~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RTY1SI1G\CONFIG~1.SH! (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Lex\AppData\Local\Temp\~DF6EC9.tmp C:\Users\Lex\AppData\Local\Temp\~DF6EB8.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E51.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E42.tmp C:\Users\Lex\AppData\Local\Temp\~DF525F.tmp C:\Users\Lex\AppData\Local\Temp\~DF519B.tmp C:\Users\Lex\AppData\Local\Temp\~DF41E6.tmp C:\Users\Lex\AppData\Local\Temp\~DF41C0.tmp C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\192168~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UGE8VS7M\BBANER~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\QUICKC~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RTY1SI1G\CONFIG~1.SH! (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://collegio-cam.pittstate.edu/kxhcm10.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://cam1.coloprovider.nl/activex/AMC.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://vs1-73418.highspeedoffice.net/activ...sCamControl.ocx

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

 

--

End of file - 8966 bytes

[bruce lee]

Re,

 

Télécharge Deckard's System Scanner http://deckard.geekstogo.com/dss.exe sur ton bureau

 

Ferme toutes les applications en cours

Doublie clique sur dss.exe. Tu auras deux messages qui vont apparaitre à l'écran, clique sur OK pour les deux.

 

Sois patient, le scan peut être long.

 

A la fin tu auras de nouveau un message disant que bloc-notes va s'ouvrir clique sur OK puis fais un copier/coller de tout son contenu.

[lexgamer]

Voici le rapport . Je te remercie de l'aide que tu m'apporte .

 

 

Deckard's System Scanner v20070819.64

Run by Lex on 2007-08-25 13:02:49

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

5: 2007-08-24 14:50:13 UTC - RP296 - Windows Update

4: 2007-08-23 12:37:29 UTC - RP295 - Installed ProductName

3: 2007-08-23 12:36:12 UTC - RP294 - Installed AGEIA PhysX v7.07.09

2: 2007-08-22 15:26:30 UTC - RP293 - Point de contrôle planifié

1: 2007-08-21 09:17:45 UTC - RP292 - DirectX est installé

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Lex.exe) -------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11:21, on 24/08/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\McAfee\MSK\mskagent.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Lex\AppData\Local\Temp\~DF6EC9.tmp C:\Users\Lex\AppData\Local\Temp\~DF6EB8.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E51.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E42.tmp C:\Users\Lex\AppData\Local\Temp\~DF525F.tmp C:\Users\Lex\AppData\Local\Temp\~DF519B.tmp C:\Users\Lex\AppData\Local\Temp\~DF41E6.tmp C:\Users\Lex\AppData\Local\Temp\~DF41C0.tmp C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\192168~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UGE8VS7M\BBANER~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\QUICKC~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RTY1SI1G\CONFIG~1.SH! (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Lex\AppData\Local\Temp\~DF6EC9.tmp C:\Users\Lex\AppData\Local\Temp\~DF6EB8.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E51.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E42.tmp C:\Users\Lex\AppData\Local\Temp\~DF525F.tmp C:\Users\Lex\AppData\Local\Temp\~DF519B.tmp C:\Users\Lex\AppData\Local\Temp\~DF41E6.tmp C:\Users\Lex\AppData\Local\Temp\~DF41C0.tmp C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\192168~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UGE8VS7M\BBANER~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\QUICKC~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RTY1SI1G\CONFIG~1.SH! (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://collegio-cam.pittstate.edu/kxhcm10.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://cam1.coloprovider.nl/activex/AMC.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://vs1-73418.highspeedoffice.net/activ...sCamControl.ocx

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

 

--

End of file - 8966 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

S0 OemBiosDevice (Royalty OEM Bios Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>

S3 ENTECH - \??\c:\windows\system32\drivers\entech.sys

S3 keychain (M Three KeyChain Driver 03/09/2005, 1.0.0.2) - c:\windows\system32\drivers\keychain.sys <Not Verified; M Three Technologies Ltd.; Photo KeyChain>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

 

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}

Description: Lecteur de disquettes

Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&6CF51A1&1&0

Manufacturer: (Lecteurs de disquettes standard)

Name: Lecteur de disquettes

PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&6CF51A1&1&0

Service: flpydisk

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-08-24 17:16:58 404 --a------ C:\Windows\Tasks\Maintenance en 1 clic.job

2007-04-05 18:58:40 352 --a------ C:\Windows\Tasks\McQcTask.job

2007-04-05 18:58:40 272 --a------ C:\Windows\Tasks\McDefragTask.job

 

 

-- Files created between 2007-07-25 and 2007-08-25 -----------------------------

 

2007-08-24 16:45:43 0 d-------- C:\VundoFix Backups

2007-08-23 17:37:07 0 d-------- C:\Program Files\Trend Micro

2007-08-23 14:36:58 0 d-------- C:\Windows\system32\AGEIA

2007-08-23 14:36:57 0 d-------- C:\Program Files\AGEIA Technologies

2007-08-22 14:27:51 0 d-------- C:\Users\All Users\Azureus

2007-08-21 11:13:43 0 d-------- C:\Program Files\2K Games

2007-08-17 12:37:57 0 dr------- C:\Users\Lex\Saved Games

2007-08-17 11:02:42 0 d-------- C:\Users\Lex\HALO 2

2007-08-15 17:38:14 0 d-------- C:\Users\All Users\Microsoft Games

2007-08-14 15:43:39 0 d-------- C:\Program Files\Western Digital Technologies

2007-08-11 13:35:53 0 d-------- C:\Users\Lex\dj astel

2007-08-11 13:34:32 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>

2007-08-11 13:34:32 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>

2007-08-11 13:34:32 21504 --a------ C:\Windows\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>

2007-08-11 13:34:32 15360 --a------ C:\Windows\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>

2007-08-11 13:34:31 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>

2007-08-11 13:34:31 59904 --a------ C:\Windows\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>

2007-08-11 13:34:31 32768 --a------ C:\Windows\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>

2007-08-05 22:29:53 0 d-------- C:\Users\Lex\Rednex - The Best -= Up by R =-

2007-08-03 22:18:41 0 d-------- C:\Users\Lex\RFM Party 80's

2007-08-01 16:59:01 0 d-------- C:\Users\Lex\Devil may cry

2007-07-30 21:30:12 0 d-------- C:\Users\All Users\Skyline

2007-07-30 17:42:37 0 d-------- C:\Users\Lex\tunebite

2007-07-30 17:11:57 0 d-------- C:\Users\All Users\tunebite

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-08-24 17:10:09 0 d-------- C:\Program Files\McAfee

2007-08-23 14:37:47 0 d-------- C:\Program Files\Electronic Arts

2007-08-23 14:36:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-23 14:09:01 693350 --a------ C:\Windows\system32\perfh00C.dat

2007-08-23 14:09:01 118244 --a------ C:\Windows\system32\perfc00C.dat

2007-08-22 15:16:08 0 d-------- C:\Users\Lex\AppData\Roaming\Azureus

2007-08-21 18:20:31 0 d-------- C:\Users\Lex\AppData\Roaming\Bioshock

2007-08-21 11:13:43 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-08-21 11:13:04 0 d-------- C:\Users\Lex\AppData\Roaming\InstallShield

2007-08-15 17:53:34 0 d-------- C:\Program Files\Microsoft Games

2007-08-15 17:52:12 0 d-------- C:\Users\Lex\AppData\Roaming\Microsoft Game Studios

2007-08-14 15:14:20 0 d-------- C:\Program Files\FlashGet

2007-08-03 17:58:34 0 d-------- C:\Users\Lex\AppData\Roaming\SiteAdvisor

2007-07-30 17:47:11 0 d-------- C:\Users\Lex\AppData\Roaming\tunebite

2007-07-17 18:23:39 0 d-------- C:\Program Files\MSECache

2007-07-11 13:03:27 0 d-------- C:\Users\Lex\AppData\Roaming\Command & Conquer 3 Les guerres du Tiberium

2007-07-09 22:58:33 0 d-------- C:\Program Files\Common Files\InstallShield

2007-07-09 11:49:54 0 dr-h----- C:\Users\Lex\AppData\Roaming\SecuROM

2007-07-03 21:37:01 0 d-------- C:\Program Files\Common Files

2007-06-23 14:59:19 1 --a------ C:\Windows\system32\SI.bin

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]

"RtHDVCpl"="RtHDVCpl.exe" [23/03/2007 19:04 C:\Windows\RtHDVCpl.exe]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 16:30]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [31/07/2006 17:03]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 13:15]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 13:15]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 13:15]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:34]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 14:33]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Lex\AppData\Local\Temp\~DF6EC9.tmp C:\Users\Lex\AppData\Local\Temp\~DF6EB8.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E51.tmp C:\Users\Lex\AppData\Local\Temp\~DF5E42.tmp C:\Users\Lex\AppData\Local\Temp\~DF525F.tmp C:\Users\Lex\AppData\Local\Temp\~DF519B.tmp C:\Users\Lex\AppData\Local\Temp\~DF41E6.tmp C:\Users\Lex\AppData\Local\Temp\~DF41C0.tmp C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\192168~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UGE8VS7M\BBANER~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\1UVWG6VF\QUICKC~1.SH! C:\Users\Lex\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RTY1SI1G\CONFIG~1.SH!

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{befd2abb-c3f1-11da-8eac-806e6f6e6963}]

AutoRun\command- E:\Startup.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2007-08-25 13:10:38 ------------

[bruce lee]

Re,

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

(fait clique droit sur le lien, puis enregistrer la cible sous)

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

[lexgamer]

voila le rapport

 

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]

"MskAgentexe" = "C:\Program Files\McAfee\MSK\MskAgent.exe" ["McAfee Inc."]

"SiteAdvisor" = "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" ["McAfee, Inc."]

"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\6066\SiteAdv.dll" ["McAfee, Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "c:\program files\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{E7DE9B1A-7533-4556-9484-B26FB486475E}" = (no title provided)

-> {HKLM...CLSID} = "Network Map"

\InProcServer32\(Default) = "C:\Windows\system32\shdocvw.dll" [MS]

"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"

-> {HKLM...CLSID} = "IGD Property Page"

\InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" [MS]

"{8856f961-340a-11d0-a96b-00c04fd705a2}" = "Microsoft Web Browser"

-> {HKLM...CLSID} = "Microsoft Web Browser"

\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}" = "MSHTML Document"

-> {HKLM...CLSID} = "MHTML Document"

\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{25336920-03f9-11cf-8fd0-00aa00686f13}" = "HTML Document"

-> {HKLM...CLSID} = "HTML Document"

\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{74246bfc-4c96-11d0-abef-0020af6b0b7a}" = "Device Manager"

-> {HKLM...CLSID} = "Device Manager"

\InProcServer32\(Default) = "C:\Windows\System32\devmgr.dll" [MS]

"{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}" = "MyDocuments menu and properties"

-> {HKLM...CLSID} = "MyDocuments menu and properties"

\InProcServer32\(Default) = "C:\Windows\system32\mydocs.dll" [MS]

"{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}" = "Common Places Folder"

-> {HKLM...CLSID} = "Common Places FS Folder"

\InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]

"{865e5e76-ad83-4dca-a109-50dc2113ce9a}" = "Programs Folder and Fast Items"

-> {HKLM...CLSID} = "Programs Folder and Fast Items"

\InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{21ec2020-3aea-1069-a2dd-08002b30309d}" = "Control Panel"

-> {HKLM...CLSID} = "Control Panel"

\InProcServer32\(Default) = "shell32.dll" [MS]

"{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" = "Client application shell extension"

-> {HKLM...CLSID} = "Client application shell extension"

\InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{4d5c8c2a-d075-11d0-b416-00c04fb90376}" = "Microsoft CommBand"

-> {HKLM...CLSID} = "Microsoft CommBand"

\InProcServer32\(Default) = "C:\Windows\system32\browseui.dll" [MS]

"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" = "OlePrn.PrinterURL"

-> {HKLM...CLSID} = "prturl Class"

\InProcServer32\(Default) = "C:\Windows\system32\oleprn.dll" [MS]

"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" = "group_wab_auto_file"

-> {HKLM...CLSID} = ".group shell context menu"

\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

"{CF67796C-F57F-45F8-92FB-AD698826C602}" = "contact_wab_auto_file"

-> {HKLM...CLSID} = ".contact shell context menu"

\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

"{90b9bce2-b6db-4fd3-8451-35917ea1081b}" = "Search Execute Command"

-> {HKLM...CLSID} = "CLSID_SearchExecute"

\InProcServer32\(Default) = "ExplorerFrame.dll" [MS]

"{1a184871-359e-4f67-aad9-5b9905d62232}" = "Microsoft Windows Font File Context Menu Handler"

-> {HKLM...CLSID} = "Microsoft Windows Font Context Menu Handler"

\InProcServer32\(Default) = "fontext.dll" [MS]

"{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}" = "Microsoft Windows Font Previewer"

-> {HKLM...CLSID} = "Microsoft Windows Font Preview Handler"

\InProcServer32\(Default) = "fontext.dll" [MS]

"{BC65FB43-1958-4349-971A-210290480130}" = "Network Explorer Property Sheet Handler"

-> {HKLM...CLSID} = "Ncd Property Page"

\InProcServer32\(Default) = "C:\Windows\System32\NcdProp.dll" [MS]

"{0a4286ea-e355-44fb-8086-af3df7645bd9}" = "Windows Media Player"

-> {HKLM...CLSID} = "&Windows Media Player"

\InProcServer32\(Default) = "C:\PROGRA~1\WI4EB4~1\wmpband.dll" [MS]

"{BB6B2374-3D79-41DB-87F4-896C91846510}" = "EMDFileProperties"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "emdmgmt.dll" [MS]

"{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" = "Sync Center Simple Conflict Presenter"

-> {HKLM...CLSID} = "Simple Conflict Presenter"

\InProcServer32\(Default) = "C:\Windows\System32\SyncCenter.dll" [MS]

"{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" = "PhotoAcqDropTarget"

-> {HKLM...CLSID} = "PhotoAcqDropTarget"

\InProcServer32\(Default) = "C:\Program Files\Windows Photo Gallery\PhotoAcq.dll" [MS]

"{91ADC906-6722-4B05-A12B-471ADDCCE132}" = "Touch Band"

-> {HKLM...CLSID} = "Touch Pointer"

\InProcServer32\(Default) = "C:\Windows\System32\TouchX.dll" [MS]

"{7D4734E6-047E-41e2-AEAA-E763B4739DC4}" = "Windows Media Player Play as Playlist Context Menu Handler"

-> {HKLM...CLSID} = "WMP Play Folder As Playlist Launcher"

\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]

"{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" = "GameUX.RichGameMediaThumbnail"

-> {HKLM...CLSID} = "RichGameMediaThumbnail Class"

\InProcServer32\(Default) = "C:\Windows\System32\gameux.dll" [MS]

"{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" = "Tablet PC Input Panel"

-> {HKLM...CLSID} = "Tablet PC Input Panel"

\InProcServer32\(Default) = "C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll" [MS]

"{6b9228da-9c15-419e-856c-19e768a13bdc}" = "Windows gadget DropTarget"

-> {HKLM...CLSID} = "Windows gadget DropTarget"

\InProcServer32\(Default) = "C:\Program Files\Windows Sidebar\sbdrop.dll" [MS]

"{8A734961-C4AA-4741-AC1E-791ACEBF5B39}" = "Windows Media Player Shop Music Context Menu Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

-> {HKLM...CLSID} = "TuneUp Theme Extension"

\InProcServer32\(Default) = "C:\Windows\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{E31004D1-A431-41B8-826F-E902F9D95C81}" = "Windows DreamScene"

-> {HKLM...CLSID} = "Windows DreamScene"

\InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"ConsentPromptBehaviorAdmin" = (REG_DWORD) hex:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

 

"ConsentPromptBehaviorUser" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

 

"EnableInstallerDetection" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

 

"EnableLUA" = (REG_DWORD) hex:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

 

"EnableSecureUIAPaths" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

 

"EnableVirtualization" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

 

"PromptOnSecureDesktop" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Conrol: Switch to the secure desktop when prompting for elevation}

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"FilterAdministratorToken" = (REG_DWORD) hex:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Lex\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]

 

 

Startup items in "Lex" & "All Users" startup folders:

-----------------------------------------------------

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

 

 

Non-disabled Scheduled Tasks:

-----------------------------

 

C:\Windows\System32\Tasks

"Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

"McDefragTask" -> launches: "C:\Windows\system32\Defrag.exe C: -f" [MS]

"McQcTask" -> launches: "c:\program files\mcafee\mqc\QcConsol.exe 4158 0" ["McAfee, Inc."]

"{7044842C-4E1C-4C1E-9A09-DE754FC8DADE}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{CADDE354-C78C-46CB-A006-E2B178EFC271}" [MS]

"{801A4216-CAEE-486F-8AAB-4A57FC6D892B}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Skyline\TerraExplorer\Setup.exe" -c [OP]/U" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ManualDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]

"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]

"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]

"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]

"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

-> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"

-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

"Mcbuilder" -> launches: "C:\Windows\System32\mcbuilder.exe" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"

-> {HKLM...CLSID} = "Nap ITask Handler Implementation"

\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System

"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"

-> {HKLM...CLSID} = "CrawlStartPages Task Handler"

\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"

-> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

-> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Wired

"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

 

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 14

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"

-> {HKLM...CLSID} = "FlashGet Bar"

\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor"

-> {HKLM...CLSID} = "McAfee SiteAdvisor"

\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\6066\SiteAdv.dll" ["McAfee, Inc."]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherche"

 

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<<H>> "TuneUp" = "file://C|/ProgramData/TuneUp Software/Common/base.css" [file not found]

 

 

HOSTS file

----------

 

C:\Windows\System32\drivers\etc\HOSTS

 

maps: 2 domain names to IP addresses,

1 of the IP addresses is *not* localhost!

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Accès du périphérique d'interface utilisateur, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

Explorateur d'ordinateurs, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}

Gestion d'applications, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}

Hôte de périphérique UPnP, upnphost, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\upnphost.dll" [MS]}

Journal d’événements Windows, Eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {(missing data)}

McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]

McAfee Network Agent, McNASvc, ""c:\program files\common files\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]

McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]

McAfee Privacy Service, MPS9, "C:\PROGRA~1\McAfee\MPS\mps.exe" ["McAfee, Inc."]

McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]

McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]

McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]

McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]

McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]

McAfee SpamKiller Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee Inc."]

McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]

NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]

Publication des ressources de découverte de fonctions, FDResPub, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\fdrespub.dll" [MS]}

Sauvegarde Windows, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]}

Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]

SiteAdvisor Service, SiteAdvisor Service, "C:\Program Files\SiteAdvisor\6066\SAService.exe" ["McAfee, Inc."]

TuneUp Extension de thème, UxTuneUp, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Windows Connect Now - Registre de configuration, wcncsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wcncsvc.dll" [MS]}

Windows Driver Foundation - Infrastructure de pilote mode-utilisateur, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2007-08-26 19:58:21)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 39 seconds, including 3 seconds for message boxes)

Modifié le 26 août 2007 par lexgamer