Problème de daemon search

[fredorp59]

Bonjour, sans le faire exprès, après mise à jour de daemon tools, j'ai installé un mauvais truc car j'ai oublié de le décocher et maintenant dès que j'allume Mozilla Firefox, j'ai ceci au démarrage : http://www.daemon-search.com/startpage.

 

 

Si non, voici mon rapport HijackThis quand même mais je pense qu'il y a rien d'autre en anomalie :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:08:54, on 09/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\rundll32.exe

E:\Program Files\Dofus\Dofus.exe

E:\Program Files\Dofus\dofus.dll

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\Administrateur.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1263055377234

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190657965562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214512375078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SlimFTPd - Unknown owner - G:\slimftpd\SlimFTPd.exe (file missing)

 

--

End of file - 12612 bytes

 

 

 

 

PS : je suis moins souvent là, oui, oui, je fais attention de plus en plus à ce que fais. Et g^race à vous, j'ai éliminé des problèmes mais bon là j'en ai moins.

 

Merci à vous de pouvoir m'aider à supprimé ce qui à fait que j'ai ceci au démarrage de Firefox.

 

Cordialement,

garrapotaloto.

Modifié le 10 janvier 2010 par garrapotaloto

[Tonton]

Bonjour garrapotaloto,

 

A noter qu'il y a beaucoup trop de programmes qui se lancent au démarrage :

--> ne conserve que l'anti-virus + pare-feu + connexion internet + éventuellement 1 ou 2 programmes que tu utilises très souvent.

 

Ceci n'est, bien entendu, pas une réponse au problème soulevé, mais soulegera et accélérera ton PC au démarrage.

 

Bonne soirée,

T57

Modifié le 9 janvier 2010 par Tonton57

[fredorp59]

Re, voilà j'ai allégé le lancement du démarrage en conservant que les choses dont j'ai besoin : antivirus, pare-feu, antispyware, le truc pour carte graphique NVIDIA et voilà.

 

Si non, merci de m'aider pour le problème de startpage et s'il y en a d'autres.

 

a+.

[fredorp59]

Bonjour, up.

Modifié le 10 janvier 2010 par garrapotaloto

[Thanos]

salut

 

Poste ce rapport stp >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

[fredorp59]

re,

 

ok, voici le log de RSIT :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2010-01-10 13:57:00

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 10 GB (25%) free of 39 GB

Total RAM: 1279 MB (41% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:57:19, on 10/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1263055377234

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190657965562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214512375078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SlimFTPd - Unknown owner - G:\slimftpd\SlimFTPd.exe (file missing)

 

--

End of file - 11954 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{E3D8020F-936A-4463-8BEC-A14BC7DDF9A3}.job

C:\WINDOWS\tasks\Wise Registry Cleaner 4.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - E:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-15 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-15 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Locked

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2006-10-09 176128]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]

"PtiuPbmd"=ulutil2.dll,SetWriteBack []

"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-12-14 524288]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"fsm"= []

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-15 149280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]

C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=91000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"E:\JEUX\CONSOLES\emulateurs\super nintendo\zsnesw142\zsnesw.exe"="E:\JEUX\CONSOLES\emulateurs\super nintendo\zsnesw142\zsnesw.exe:*:Enabled:zsnesw"

"E:\Programmes\Starcraft\StarCraft.exe"="E:\Programmes\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"

"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Disabled:AADeployClient"

"C:\Program Files\win'design\win'design 6.5\PROGRAMMES\Admin.exe"="C:\Program Files\win'design\win'design 6.5\PROGRAMMES\Admin.exe:*:Disabled:Administration"

"E:\jeux\TmNationsForever\TmForever.exe"="E:\jeux\TmNationsForever\TmForever.exe:*:Enabled:TmForever"

"E:\jeux\TrackMania Nations ESWC\TmNationsESWC.exe"="E:\jeux\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"

"E:\Program Files\UnrealTournament\System\UnrealTournament.exe"="E:\Program Files\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

"E:\Program Files\Cossacks\crack.exe"="E:\Program Files\Cossacks\crack.exe:*:Enabled:dmcr"

"E:\PROGRAMMES\Croteam\serious sam second encounter\serious sam - second contact\Bin\SeriousSam.exe"="E:\PROGRAMMES\Croteam\serious sam second encounter\serious sam - second contact\Bin\SeriousSam.exe:*:Enabled:SeriousSam"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Documents and Settings\fredo.FRED\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\fredo.FRED\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Disabled:Skype "

"E:\jeux\CONSOLES\emulateurs\game boy\vbalink 1.73\VisualBoyAdvance.exe"="E:\jeux\CONSOLES\emulateurs\game boy\vbalink 1.73\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"

"E:\Program Files\Cossacks\dmcr.exe"="E:\Program Files\Cossacks\dmcr.exe:*:Disabled:dmcr"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

======List of files/folders created in the last 1 months======

 

2010-01-10 13:57:00 ----D---- C:\rsit

2010-01-09 18:09:34 ----D---- C:\WINDOWS\NV6120512.TMP

2010-01-09 17:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-01-09 16:27:41 ----D---- C:\Program Files\CPUID

2010-01-04 16:47:32 ----D---- C:\Program Files\LogMeIn Hamachi

2009-12-29 17:29:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\VBA-M

2009-12-11 23:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-11 23:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-11 23:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

 

======List of files/folders modified in the last 1 months======

 

2010-01-10 13:57:06 ----D---- C:\Program Files\trend micro

2010-01-10 13:57:00 ----D---- C:\WINDOWS\Prefetch

2010-01-10 13:56:56 ----D---- C:\WINDOWS\Temp

2010-01-10 10:36:50 ----SHD---- C:\WINDOWS\Installer

2010-01-10 10:36:50 ----D---- C:\Config.Msi

2010-01-10 10:33:22 ----D---- C:\WINDOWS\system32\inetsrv

2010-01-10 10:13:38 ----D---- C:\Program Files\Mozilla Firefox

2010-01-10 10:09:52 ----SD---- C:\WINDOWS\Tasks

2010-01-10 10:08:20 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-10 10:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-09 21:30:09 ----RASH---- C:\boot.ini

2010-01-09 21:30:09 ----A---- C:\WINDOWS\win.ini

2010-01-09 21:30:09 ----A---- C:\WINDOWS\system.ini

2010-01-09 21:30:06 ----D---- C:\WINDOWS\pss

2010-01-09 21:27:32 ----D---- C:\WINDOWS\system32

2010-01-09 18:52:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-09 18:52:01 ----D---- C:\WINDOWS\system32\drivers

2010-01-09 18:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2010-01-09 18:23:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype

2010-01-09 18:19:32 ----D---- C:\WINDOWS

2010-01-09 18:18:29 ----D---- C:\WINDOWS\Help

2010-01-09 18:18:26 ----D---- C:\WINDOWS\nview

2010-01-09 18:18:24 ----D---- C:\WINDOWS\AppPatch

2010-01-09 18:13:20 ----D---- C:\Program Files\ma-config.com

2010-01-09 18:13:18 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2010-01-09 18:09:11 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-09 18:08:53 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-01-09 17:43:09 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-09 17:06:04 ----HD---- C:\WINDOWS\inf

2010-01-09 17:03:17 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-09 16:45:08 ----D---- C:\Program Files\Lavalys

2010-01-09 16:27:41 ----RD---- C:\Program Files

2010-01-09 15:53:30 ----D---- C:\WINDOWS\Registration

2010-01-09 14:45:38 ----D---- C:\WINDOWS\Minidump

2010-01-08 16:29:44 ----D---- C:\WINDOWS\Debug

2010-01-06 10:01:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-01-06 09:58:20 ----D---- C:\Program Files\SpywareBlaster

2010-01-04 11:36:13 ----D---- C:\TEMP

2010-01-03 19:07:37 ----D---- C:\Program Files\CamStudio

2010-01-01 17:08:59 ----D---- C:\Program Files\DAEMON Tools Lite

2009-12-27 16:16:52 ----D---- C:\Program Files\Diablo II

2009-12-27 12:03:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Software Informer

2009-12-27 11:59:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc

2009-12-27 11:57:14 ----D---- C:\Program Files\Notepad++

2009-12-27 09:53:47 ----D---- C:\Program Files\IZArc

2009-12-20 12:45:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2009-12-12 08:59:18 ----D---- C:\Program Files\WinRAR

2009-12-11 23:21:34 ----A---- C:\WINDOWS\imsins.BAK

2009-12-11 23:21:12 ----D---- C:\Program Files\Internet Explorer

2009-12-11 23:20:59 ----D---- C:\WINDOWS\ie8updates

2009-12-11 23:20:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-12-11 23:19:19 ----RSD---- C:\WINDOWS\assembly

2009-12-11 09:19:36 ----D---- C:\Program Files\Spybot - Search & Destroy

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]

R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys []

S2 Nbf;Protocole NetBEUI; C:\WINDOWS\system32\DRIVERS\nbf.sys []

S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []

S3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-27 19968]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 634880]

S3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 267136]

S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-27 57856]

S4 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2001-11-22 57344]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-15 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]

R2 msvsmon80;Débogueur distant Visual Studio 2005; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

S2 SlimFTPd;SlimFTPd; G:\slimftpd\SlimFTPd.exe -service []

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2007-08-21 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-05 3375952]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

 

-----------------EOF-----------------

 

[fredorp59]

Et, voici aussi le truc info :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2010-01-10 13:57:00

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 10 GB (25%) free of 39 GB

Total RAM: 1279 MB (41% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:57:19, on 10/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1263055377234

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190657965562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214512375078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SlimFTPd - Unknown owner - G:\slimftpd\SlimFTPd.exe (file missing)

 

--

End of file - 11954 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{E3D8020F-936A-4463-8BEC-A14BC7DDF9A3}.job

C:\WINDOWS\tasks\Wise Registry Cleaner 4.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - E:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-15 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-15 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Locked

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2006-10-09 176128]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]

"PtiuPbmd"=ulutil2.dll,SetWriteBack []

"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-12-14 524288]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"fsm"= []

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-15 149280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]

C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=91000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"E:\JEUX\CONSOLES\emulateurs\super nintendo\zsnesw142\zsnesw.exe"="E:\JEUX\CONSOLES\emulateurs\super nintendo\zsnesw142\zsnesw.exe:*:Enabled:zsnesw"

"E:\Programmes\Starcraft\StarCraft.exe"="E:\Programmes\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"

"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Disabled:AADeployClient"

"C:\Program Files\win'design\win'design 6.5\PROGRAMMES\Admin.exe"="C:\Program Files\win'design\win'design 6.5\PROGRAMMES\Admin.exe:*:Disabled:Administration"

"E:\jeux\TmNationsForever\TmForever.exe"="E:\jeux\TmNationsForever\TmForever.exe:*:Enabled:TmForever"

"E:\jeux\TrackMania Nations ESWC\TmNationsESWC.exe"="E:\jeux\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"

"E:\Program Files\UnrealTournament\System\UnrealTournament.exe"="E:\Program Files\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

"E:\Program Files\Cossacks\crack.exe"="E:\Program Files\Cossacks\crack.exe:*:Enabled:dmcr"

"E:\PROGRAMMES\Croteam\serious sam second encounter\serious sam - second contact\Bin\SeriousSam.exe"="E:\PROGRAMMES\Croteam\serious sam second encounter\serious sam - second contact\Bin\SeriousSam.exe:*:Enabled:SeriousSam"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Documents and Settings\fredo.FRED\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\fredo.FRED\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Disabled:Skype "

"E:\jeux\CONSOLES\emulateurs\game boy\vbalink 1.73\VisualBoyAdvance.exe"="E:\jeux\CONSOLES\emulateurs\game boy\vbalink 1.73\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"

"E:\Program Files\Cossacks\dmcr.exe"="E:\Program Files\Cossacks\dmcr.exe:*:Disabled:dmcr"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

======List of files/folders created in the last 1 months======

 

2010-01-10 13:57:00 ----D---- C:\rsit

2010-01-09 18:09:34 ----D---- C:\WINDOWS\NV6120512.TMP

2010-01-09 17:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-01-09 16:27:41 ----D---- C:\Program Files\CPUID

2010-01-04 16:47:32 ----D---- C:\Program Files\LogMeIn Hamachi

2009-12-29 17:29:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\VBA-M

2009-12-11 23:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-11 23:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-11 23:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

 

======List of files/folders modified in the last 1 months======

 

2010-01-10 13:57:06 ----D---- C:\Program Files\trend micro

2010-01-10 13:57:00 ----D---- C:\WINDOWS\Prefetch

2010-01-10 13:56:56 ----D---- C:\WINDOWS\Temp

2010-01-10 10:36:50 ----SHD---- C:\WINDOWS\Installer

2010-01-10 10:36:50 ----D---- C:\Config.Msi

2010-01-10 10:33:22 ----D---- C:\WINDOWS\system32\inetsrv

2010-01-10 10:13:38 ----D---- C:\Program Files\Mozilla Firefox

2010-01-10 10:09:52 ----SD---- C:\WINDOWS\Tasks

2010-01-10 10:08:20 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-10 10:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-09 21:30:09 ----RASH---- C:\boot.ini

2010-01-09 21:30:09 ----A---- C:\WINDOWS\win.ini

2010-01-09 21:30:09 ----A---- C:\WINDOWS\system.ini

2010-01-09 21:30:06 ----D---- C:\WINDOWS\pss

2010-01-09 21:27:32 ----D---- C:\WINDOWS\system32

2010-01-09 18:52:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-09 18:52:01 ----D---- C:\WINDOWS\system32\drivers

2010-01-09 18:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2010-01-09 18:23:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype

2010-01-09 18:19:32 ----D---- C:\WINDOWS

2010-01-09 18:18:29 ----D---- C:\WINDOWS\Help

2010-01-09 18:18:26 ----D---- C:\WINDOWS\nview

2010-01-09 18:18:24 ----D---- C:\WINDOWS\AppPatch

2010-01-09 18:13:20 ----D---- C:\Program Files\ma-config.com

2010-01-09 18:13:18 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2010-01-09 18:09:11 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-09 18:08:53 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-01-09 17:43:09 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-09 17:06:04 ----HD---- C:\WINDOWS\inf

2010-01-09 17:03:17 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-09 16:45:08 ----D---- C:\Program Files\Lavalys

2010-01-09 16:27:41 ----RD---- C:\Program Files

2010-01-09 15:53:30 ----D---- C:\WINDOWS\Registration

2010-01-09 14:45:38 ----D---- C:\WINDOWS\Minidump

2010-01-08 16:29:44 ----D---- C:\WINDOWS\Debug

2010-01-06 10:01:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-01-06 09:58:20 ----D---- C:\Program Files\SpywareBlaster

2010-01-04 11:36:13 ----D---- C:\TEMP

2010-01-03 19:07:37 ----D---- C:\Program Files\CamStudio

2010-01-01 17:08:59 ----D---- C:\Program Files\DAEMON Tools Lite

2009-12-27 16:16:52 ----D---- C:\Program Files\Diablo II

2009-12-27 12:03:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Software Informer

2009-12-27 11:59:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc

2009-12-27 11:57:14 ----D---- C:\Program Files\Notepad++

2009-12-27 09:53:47 ----D---- C:\Program Files\IZArc

2009-12-20 12:45:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2009-12-12 08:59:18 ----D---- C:\Program Files\WinRAR

2009-12-11 23:21:34 ----A---- C:\WINDOWS\imsins.BAK

2009-12-11 23:21:12 ----D---- C:\Program Files\Internet Explorer

2009-12-11 23:20:59 ----D---- C:\WINDOWS\ie8updates

2009-12-11 23:20:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-12-11 23:19:19 ----RSD---- C:\WINDOWS\assembly

2009-12-11 09:19:36 ----D---- C:\Program Files\Spybot - Search & Destroy

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]

R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys []

S2 Nbf;Protocole NetBEUI; C:\WINDOWS\system32\DRIVERS\nbf.sys []

S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []

S3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-27 19968]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 634880]

S3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 267136]

S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-27 57856]

S4 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2001-11-22 57344]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-15 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]

R2 msvsmon80;Débogueur distant Visual Studio 2005; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

S2 SlimFTPd;SlimFTPd; G:\slimftpd\SlimFTPd.exe -service []

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2007-08-21 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-05 3375952]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

 

-----------------EOF-----------------

 

 

 

a+,

garrapotaloto.

[Thanos]

salut

est ce que tu as essayé de modifier la page d'accueil de Firefox depuis les options ?

 

FoxScan est un outil développé par Loup blanc pour l'affichage et l'analyse des paramètres du navigateur Mozilla FireFox afin d'y détecter des éléments anormaux voire infectieux.

 

• Télécharge FoxScan dans le répertoire de ton choix, par exemple dans celui dans lequel tu ranges les outils à conserver : Mes Documents\Mes Téléchargements.
  
• Ouvre le répertoire dans lequel tu as téléchargé et double clique sur FoxScan.exe
  
• Une fenêtre de commande s'ouvre et affiche quelques informations générales.
  
• Laisse faire l'outil jusqu'à affichage de "Recherches terminées.
  Appuyer sur une touche pour continuer...". Appuie par exemple sur [Entrée].
  
• Le programme ouvre alors son rapport dans une fenêtre du Bloc-notes.
  Ce rapport est aussi rangé dans le même répertoire que FoxScan.bat sous le nom de Rapport-FS.txt.
  
• Poste ce rapport sur le forum (effectue un copier-coller) pour le soumettre à l'analyse du Conseiller en sécurité que te l'a demandé.
  
• Ferme le Bloc-notes et attends les instructions du Conseiller.
  

Note: FoxScan étant un outil d'affichage, il n'est pas dangereux et peut être conservé sur le disque. Néanmoins, il est conseillé de télécharger la version la plus récente avant utilisation car des améliorations ont pu y être apportées.

[fredorp59]

Bonjour, voici le rapport de FoxScan :

 

FoxScan Version 1.1.1

Par Loup blanc - Zebulon.fr

Scan lancé le 11/01/2010 à 11:13

 

Microsoft Windows XP Professionnel Service Pack 3 [version 5.1.2600]

 

Mozilla Firefox version : 3.5.7 (fr)

Dossier d'installation : C:\Program Files\Mozilla Firefox

 

 

================================================================================

=

---------- Compte utilisateur : Administrateur [session en cours]

================================================================================

=

 

 

Profil : default

Dossier du profil : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\

Pages de démarrage prefs.js : "http://www.daemon-search.com/startpage|http://www.google.fr/"

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : default =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : default =======

 

La notification d'installation des modules complémentaires est activée

 

Nom : Default

Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\

Etat : actif

 

Nom : Java Console

Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\

Etat : actif

 

 

Nom : Adblock Plus

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\

Etat : actif

 

Nom : ChatZilla fr-FR

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{125aa783-ef4f-4515-a804-aa67116fdb43}\

Etat : Inactif

 

Nom : Master Password Timeout

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{96118df2-0d02-4dbc-9ad5-98995dc7d977}\

Etat : actif

 

Nom : Microsoft .NET Framework Assistant

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\

Etat : actif

 

Nom : WOT

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\

Etat : actif

 

Nom : Secure Login

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\secureLogin@blueimp.net\

Etat : actif

 

Nom : FlashGot

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\

Etat : actif

 

 

Nom : Dr.Web anti-virus link checker

Dossier : C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}\

Etat : actif

 

 

Nom : Java Quick Starter

Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\

Etat : actif

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : default =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine : "Live Search"

keyword.URL : "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

C:\Documents and Settings\Administrateur\Application Data\mozilla\firefox\Profiles\kic6f27h.default\searchplugins\live-search.xml

Template : http://search.live.com/results.aspx?q

 

 

 

 

 

================================================================================

=

---------- Compte utilisateur : fredo.FRED

================================================================================

=

 

 

Profil : FRED\Application Data\mozilla\firefox\Profiles\mphk8dq5

Dossier du profil : C:\Documents and Settings\fredo.FRED\Application Data\mozilla\firefox\Profiles\mphk8dq5\

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : FRED\Application Data\mozilla\firefox\Profiles\mphk8dq5 =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : FRED\Application Data\mozilla\firefox\Profiles\mphk8dq5 =======

 

La notification d'installation des modules complémentaires est activée

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : FRED\Application Data\mozilla\firefox\Profiles\mphk8dq5 =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

 

 

 

================================================================================

=

---------- Section commune

================================================================================

=

 

//////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\

 

browserdirprovider.dll

brwsrcmp.dll

 

 

------------------------------------------------------

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

Template : http://www.amazon.fr/exec/obidos/external-search/

 

 

C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

Template : http://www.cnrtl.fr/lexicographie/{searchTerms}

 

 

C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

Template : http://www.crawler.com/search/dispatcher.aspx?tp

 

 

C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4

 

 

C:\Program Files\Mozilla Firefox\searchplugins\google.xml

Template : http://www.google.com/search

 

 

C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

Template : http://fr.wikipedia.org/wiki/Special:Recherche

 

 

C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

Template : http://fr.search.yahoo.com/search

 

 

 

------------------------------------------------------

 

//////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\

 

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer]

"Description"="Adobe® Flash® Player 10"

"Vendor"="Adobe Systems Incorporated"

"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"="DivX Plus Web Player"

"Vendor"="DivX,Inc."

"Path"="C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Player Plugin,version=1.0.0]

"Description"="DivX® Player Plugin for VOD Content"

"Vendor"="DivX,Inc."

"Path"="C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection]

"Description"="Détection de sa configuration"

"Vendor"="CybelSoft"

"Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"="Ag Player Plugin"

"Vendor"="Microsoft"

"Path"="C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/OfficeLive,version=1.3]

"Description"="Office Live Update v1.3"

"Vendor"="Microsoft"

"Path"="C:\Program Files\Microsoft\Office Live\npOLW.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/OfficeLive,version=1.4]

"Description"="Office Live Update v1.4"

"Vendor"="Microsoft"

"Path"="C:\Program Files\Microsoft\Office Live\npOLW.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=14.0.8081.0709]

"Description"="WLPG Install MIME type"

"Vendor"="Microsoft"

"Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5]

"Description"="Windows Presentation Foundation plug-in for Mozilla browsers"

"Vendor"="Microsoft Corp."

"Path"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]

"Description"="Yahoo! activeX Plug-in Bridge"

"Vendor"="Yahoo"

"Path"="C:\Program Files\Yahoo!\Common\npyaxmpb.dll"

 

 

------------------------------------------------------

 

//////////// Recherche additionnelles... \\\\\\\\\\\\\

 

==== Extension supplémentaire ====

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

 

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.7\extensions]

 

 

=========================== Fin du rapport ===========================

[Thanos]

salut

 

Tu n'as pas répondu à ma question garrapotaloto: on voit bien "daemon search" dans le rapport, mais as tu tenté de modifier la page depuis les options de FireFox comme ceci ? (à droite du champs "Page d'accueil") >>