Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Difficultés après infections

laborantin

Par laborantin
dans Analyses et éradication malwares

 Partager

Messages recommandés

laborantin Junior Member

laborantin

Posté(e)
Posté(e) (modifié)

Bonjour,

je suis nouveau sur ce forum et merci de m'aider à rétablir mon pc.

Après usage d'une clé USB, La plus part de mes fichiers .exe semble inhibée avec disparition de leurs icônes. Leur exécution s'accumule dans la liste des processus (gestion des taches).

J'ai tenté un scan avec ZHP qui a été impossible.

En mode sans echec j'ai réussi un RSIT dont voici le rapport.

Merci de m'aider à le diagnostiquer

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by dranoel at 2011-07-05 19:19:42

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 28 GB (18%) free of 153 GB

Total RAM: 2038 MB (78% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:20:11, on 05/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\dranoel\Mes documents\Téléchargements\RSIT.exe

C:\Program Files\trend micro\dranoel.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [uSBAntiVirus.exe] C:\Program Files\USBAntiVirus\USBAntiVirus.exe -Hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\dranoel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\dranoel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\dranoel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Recherche AOL Toolbar - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\local\search.html

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lome.dgcc-togo.com

O17 - HKLM\Software\..\Telephony: DomainName = Lome.dgcc-togo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lome.dgcc-togo.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Lome.dgcc-togo.com

O17 - HKLM\System\CS2\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: McAfee Application Installer Cleanup (0135551257510229) (0135551257510229mcinstcleanup) - Unknown owner - C:\DOCUME~1\Frank\LOCALS~1\Temp\013555~1.EXE (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ArcGIS License Manager - Macrovision Corporation - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: Ascidebsprdm - Macrovision Corporation - (no file)

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Hyper File Server : DGCC-LOME - Unknown owner - \\Serveur\d$\Copie de Serveur GRH\Manta.exe (file missing)

O23 - Service: Hyper File Server : Salle-Tirage - PC SOFT - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe

O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe

O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: MantaManager - PC SOFT - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

 

--

End of file - 11925 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

DAPHelper Class - C:\Program Files\DAP\DAPBHO.dll [2011-07-01 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-10-08 114748]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-10-16 1107296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

Download Accelerator Plus Integration - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2011-07-01 141568]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0BF43445-2F28-4351-9252-17FE6E806AA0}

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-10-16 1107296]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

{62999427-33FC-4baf-9C9C-BCE6BD127F08} - DAP Bar - C:\Program Files\DAP\DAPIEBar.dll [2011-07-01 405504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-26 141848]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-26 166424]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-26 137752]

"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]

"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-10-08 127036]

"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-03-20 213936]

"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

"USBAntiVirus.exe"=C:\Program Files\USBAntiVirus\USBAntiVirus.exe [2010-07-25 488448]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-04-07 318488]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-11-04 2087424]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

 

C:\Documents and Settings\dranoel\Menu Démarrer\Programmes\Démarrage

Notification de cadeaux MSN.lnk - C:\Documents and Settings\dranoel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]

C:\WINDOWS\system32\PCANotify.dll [2003-05-29 8704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"=WDShell []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableStatusMessages"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=3

"NoDriveTypeAutoRun"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"

"C:\Program Files\Symantec\pcAnywhere\awhost32.exe"="C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service"

"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

"\\Serveur\C$\BACKUP PREVENTIF\Serveur HF\Centre de Controle HF\CC100HF.exe"="\\Serveur\C$\BACKUP PREVENTIF\Serveur HF\Centre de Controle HF\CC100HF.exe:*:Disabled:CC100HF.exe"

"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

 

======File associations======

 

.scr - open - "C:\WINDOWS\notepad.exe" "%1"

.scr - install -

.scr - config -

.txt - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2011-07-05 19:19:42 ----D---- C:\rsit

2011-07-05 19:19:42 ----D---- C:\Program Files\trend micro

2011-07-05 19:05:35 ----D---- C:\Program Files\ZHPDiag

2011-07-05 17:51:37 ----A---- C:\WINDOWS\system32\tmp.txt

2011-07-05 17:47:36 ----A---- C:\Ad-Report-SCAN[1].txt

2011-07-05 17:37:31 ----RASHD---- C:\Autorun.inf

2011-07-05 17:37:31 ----D---- C:\UsbFix_Upload_Me

2011-07-05 17:27:10 ----A---- C:\WINDOWS\ntbtlog.txt

2011-07-05 17:07:57 ----A---- C:\rapport.txt

2011-07-05 16:49:53 ----D---- C:\UsbFix

2011-07-04 15:47:45 ----D---- C:\Documents and Settings\dranoel\Application Data\Mozilla

2011-07-04 15:47:38 ----D---- C:\Program Files\Mozilla Firefox

2011-07-01 10:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit

2011-07-01 10:46:54 ----D---- C:\Program Files\Fichiers communs\SpeedBit

2011-07-01 10:46:52 ----A---- C:\WINDOWS\system32\EasyHook64.dll

2011-07-01 10:46:52 ----A---- C:\WINDOWS\system32\EasyHook32.dll

2011-07-01 10:13:04 ----D---- C:\Config.Msi

2011-07-01 10:07:00 ----A---- C:\WINDOWS\system32\wbhelp2.dll

2011-07-01 10:06:59 ----D---- C:\Program Files\DAP

2011-06-30 14:25:49 ----A---- C:\WINDOWS\system32\muweb.dll

2011-06-30 14:25:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2011-06-30 14:25:49 ----A---- C:\WINDOWS\system32\mucltui.dll

2011-06-29 14:39:39 ----HD---- C:\WINDOWS\msdownld.tmp

2011-06-29 14:39:24 ----D---- C:\WINDOWS\WBEM

2011-06-29 14:37:49 ----HDC---- C:\WINDOWS\ie8

2011-06-29 12:48:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2011-06-29 12:45:33 ----D---- C:\Documents and Settings\dranoel\Application Data\Macromedia

2011-06-29 08:30:32 ----A---- C:\WINDOWS\system32\DWRCSh32.DLL

2011-06-29 08:28:53 ----D---- C:\Documents and Settings\dranoel\Application Data\DWMRCMSI

2011-06-29 08:26:46 ----D---- C:\Documents and Settings\dranoel\Application Data\DameWare Development

2011-06-29 08:25:31 ----D---- C:\Program Files\DameWare Development

 

======List of files/folders modified in the last 1 months======

 

2011-07-05 19:19:42 ----D---- C:\Program Files

2011-07-05 19:15:59 ----D---- C:\WINDOWS

2011-07-05 19:13:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-07-05 19:06:19 ----D---- C:\WINDOWS\Prefetch

2011-07-05 19:00:15 ----D---- C:\Documents and Settings\dranoel\Application Data\Adobe

2011-07-05 18:59:53 ----D---- C:\WINDOWS\system32

2011-07-05 18:02:35 ----D---- C:\WINDOWS\Temp

2011-07-05 17:36:54 ----SHD---- C:\RECYCLER

2011-07-05 15:16:50 ----D---- C:\WINDOWS\Debug

2011-07-05 15:11:26 ----D---- C:\WINDOWS\system32\CatRoot2

2011-07-05 15:09:57 ----D---- C:\WINDOWS\system32\drivers

2011-07-05 11:02:37 ----SHD---- C:\WINDOWS\CSC

2011-07-04 15:46:19 ----D---- C:\WorhShop

2011-07-04 13:30:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2011-07-01 12:51:03 ----D---- C:\GIS-Data

2011-07-01 12:46:54 ----D---- C:\Documents and Settings\dranoel\Application Data\ESRI

2011-07-01 11:21:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2011-07-01 10:46:54 ----D---- C:\Program Files\Fichiers communs

2011-07-01 10:41:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2011-07-01 10:13:08 ----SHD---- C:\WINDOWS\Installer

2011-07-01 10:13:07 ----D---- C:\Documents and Settings\dranoel\Application Data\SUPERAntiSpyware.com

2011-07-01 10:13:06 ----D---- C:\Program Files\SUPERAntiSpyware

2011-06-30 15:07:16 ----A---- C:\WINDOWS\NeroDigital.ini

2011-06-30 14:50:05 ----HD---- C:\WINDOWS\inf

2011-06-30 14:23:53 ----RSHD---- C:\WINDOWS\system32\dllcache

2011-06-30 08:19:36 ----D---- C:\WINDOWS\system32\fr-fr

2011-06-30 08:19:35 ----D---- C:\WINDOWS\Help

2011-06-30 08:19:35 ----D---- C:\Program Files\Internet Explorer

2011-06-29 14:39:27 ----D---- C:\WINDOWS\system32\config

2011-06-29 14:39:15 ----D---- C:\WINDOWS\Media

2011-06-29 14:37:00 ----SD---- C:\Documents and Settings\dranoel\Application Data\Microsoft

2011-06-29 14:13:18 ----D---- C:\WINDOWS\system32\NtmsData

2011-06-29 12:48:47 ----D---- C:\WINDOWS\SoftwareDistribution

2011-06-29 11:47:57 ----SD---- C:\WINDOWS\Tasks

2011-06-29 11:46:41 ----D---- C:\Program Files\USBAntiVirus

2011-06-20 13:16:51 ----D---- C:\Scans

2011-06-16 09:39:11 ----D---- C:\IDRISI Andes

2011-06-16 09:39:10 ----A---- C:\WINDOWS\system32\svbp449.dll

2011-06-16 09:39:10 ----A---- C:\WINDOWS\system32\prsgrc.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-08-18 89456]

R0 Gernuwa;Gernuwa; C:\WINDOWS\system32\drivers\Gernuwa.sys [2003-04-21 13898]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-05-05 24365]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-04-21 10901]

S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

S1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]

S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]

S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []

S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS []

S2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []

S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-08 26044]

S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-10-08 2496]

S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-08 87004]

S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-08 15068]

S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-08 6364]

S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-08 88476]

S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-08 94460]

S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]

S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

S2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []

S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]

S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]

S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]

S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]

S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]

S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]

S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]

S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]

S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]

S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]

S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-06 4622848]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 PciPPorts;PCI ECP Parallel Port; C:\WINDOWS\system32\DRIVERS\PciPPorts.sys [2008-05-22 82432]

S3 PciSPorts;High-Speed PCI Serial Port; C:\WINDOWS\system32\DRIVERS\PciSPorts.sys [2008-05-22 119808]

S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]

S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]

S2 0135551257510229mcinstcleanup;McAfee Application Installer Cleanup (0135551257510229); C:\DOCUME~1\Frank\LOCALS~1\Temp\013555~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []

S2 ArcGIS License Manager;ArcGIS License Manager; C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [2008-01-11 1372160]

S2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2009-09-15 54784]

S2 Hyper File Server : DGCC-LOME;Hyper File Server : DGCC-LOME; \\Serveur\d$\Copie de Serveur GRH\Manta.exe [2009-04-16 180736]

S2 Hyper File Server : Salle-Tirage;Hyper File Server : Salle-Tirage; C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe [2009-04-16 180736]

S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

S2 Intel Alert Handler;Intel Alert Handler; C:\WINDOWS\system32\ams_ii\hndlrsvc.exe [2005-02-21 38560]

S2 Intel Alert Originator;Intel Alert Originator; C:\WINDOWS\system32\ams_ii\iao.exe [2005-02-21 59032]

S2 Intel File Transfer;Intel File Transfer; C:\WINDOWS\system32\cba\xfr.exe [2005-02-21 42640]

S2 Intel PDS;Intel PDS; C:\WINDOWS\system32\cba\pds.exe [2005-02-21 38544]

S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2008-01-24 73728]

S2 MantaManager;MantaManager; C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe [2009-03-04 229376]

S2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S2 NSCTOP;Service de repérage Symantec System Center; C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE [2005-05-09 911456]

S2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-07 576024]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]

S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-15 68096]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-05-29 106496]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]

 

-----------------EOF-----------------

Modifié par laborantin

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e) (modifié)

Bonjour

 

1-supprime ceci s.t.p

C:\Program Files\USBAntiVirus

 

 

2-Installe Malewarebytes' Antimalware,

 

http://malwarebytes.org/products/malwarebytes_free

 

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

 

3-et ceci.

 

 

Désactive ton anti Virus avant le scan car il bloque sur la désinfection

 

Télécharge USBFix depuis ce lien : <<ICI>>

 

Double cliquez sur "UsbFix.exe" présent sur votre bureau.

L'installation est automatique.

 

Branche tes lecteurs externes

 

Valide Recherche

 

 

Une fois l'analyse terminée, un rapport de scan vous est proposé...

CTRL+A pour tout sélectionner

CTRL+C pour copier

CTRL+V pour coller dans la réponse

Modifié par bernard53
laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

Bonjour

 

1-supprime ceci s.t.p

C:\Program Files\USBAntiVirus

 

 

2-Installe Malewarebytes' Antimalware,

 

Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer

 

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

 

3-et ceci.

 

 

Désactive ton anti Virus avant le scan car il bloque sur la désinfection

 

Télécharge USBFix depuis ce lien : <<ICI>>

 

Double cliquez sur "UsbFix.exe" présent sur votre bureau.

L'installation est automatique.

 

Branche tes lecteurs externes

 

Valide Recherche

 

 

Une fois l'analyse terminée, un rapport de scan vous est proposé...

laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

BONJOUR

Merci Bernard53

J'ai essayé certaines manipulations déjà et je te donne les résultats.

 

1- j'ai utilisé UBFIX hier et ce matin. je n'ai qu'un seul rapport. De nombreuses infections ont été trouvées et

éliminées.

 

2- Je t'envoie le rapport de MBAM.

 

3- j'ai refait un nouveau diagnostique.

 

4- Merci pour tout

 

############################## | UsbFix 7.048 | [suppression]

 

Utilisateur: dranoel (Administrateur) # SALLE-TIRAGE [ ]

Mis à jour le 11/06/2011 par TeamXscript

Lancé à 06:52:38 | 06/07/2011

Site Web: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contact: TeamXscript.ElDesaparecido@gmail.com

 

CPU: Pentium® Dual-Core CPU E5200 @ 2.50GHz

CPU 2: Pentium® Dual-Core CPU E5200 @ 2.50GHz

Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Pare-feu Windows: Activé

Antivirus: Microsoft Security Essentials 3.0.8107.0 [(!) Disabled | Updated]

Antivirus: Microsoft Security Essentials 2.1.6519.0 [(!) Disabled | (!) Outdated]

RAM -> 2038 Mo

C:\ (%systemdrive%) -> Disque fixe # 149 Go (27 Go libre(s) - 18%) [] # NTFS

D:\ -> CD-ROM

 

################## | Éléments infectieux |

 

Supprimé! C:\Recycler\S-1-5-21-2942218171-512202183-669109307-500

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{95f61a21-9355-11df-8899-00237d2d2eca}

 

################## | Listing |

 

[28/01/2011 - 16:05:19 | D ] C:\01

[05/07/2011 - 17:49:59 | N | 1893] C:\Ad-Report-SCAN[1].txt

[22/09/2010 - 10:43:37 | D ] C:\arcgis

[05/07/2011 - 17:37:31 | RASHD ] C:\Autorun.inf

[17/03/2010 - 15:29:13 | D ] C:\BASIC

[08/09/2009 - 16:01:13 | N | 212] C:\BOOT.BAK

[14/05/2010 - 12:04:01 | N | 292] C:\boot.ini

[28/08/2001 - 12:00:00 | N | 4952] C:\Bootfont.bin

[30/08/2010 - 12:04:38 | N | 40] C:\Bureau (1).env

[30/08/2010 - 12:04:19 | N | 40] C:\Bureau.env

[14/05/2010 - 12:03:49 | D ] C:\cmdcons

[13/04/2008 - 11:32:14 | N | 263504] C:\cmldr

[10/08/2010 - 08:45:55 | D ] C:\Compaq

[04/07/2011 - 07:27:55 | D ] C:\Config.Msi

[13/07/2010 - 10:49:21 | D ] C:\Documents and Settings

[18/02/2010 - 10:18:50 | D ] C:\essai

[22/09/2010 - 09:45:20 | D ] C:\flexlm

[15/11/2010 - 11:50:12 | D ] C:\Garmin

[01/07/2011 - 12:51:03 | D ] C:\GIS-Data

[24/05/2011 - 11:33:11 | D ] C:\GPS500

[08/09/2009 - 13:51:32 | D ] C:\hp

[08/09/2009 - 22:35:01 | D ] C:\i386

[08/09/2009 - 16:05:57 | D ] C:\IDE

[16/06/2011 - 09:39:11 | D ] C:\IDRISI Andes

[13/08/2010 - 15:28:02 | N | 54] C:\IDRISI Essai.env

[13/07/2010 - 09:41:53 | D ] C:\IDRISI Macon Data

[13/07/2010 - 09:41:34 | D ] C:\IDRISI Tutorial

[11/03/2010 - 14:09:36 | N | 0] C:\IO.SYS

[24/05/2011 - 07:54:58 | N | 402] C:\LeicaOfficeDatabaseProfile.Ini

[19/04/2011 - 13:23:01 | D ] C:\MBILIA BEL

[31/01/2011 - 10:47:20 | D ] C:\Mes Projets

[11/03/2010 - 14:09:36 | N | 0] C:\MSDOS.SYS

[08/09/2009 - 16:05:11 | RHD ] C:\MSOCache

[20/05/2011 - 09:54:33 | D ] C:\nomenclature.gdb

[13/04/2008 - 09:43:04 | N | 47564] C:\NTDETECT.COM

[13/04/2008 - 11:31:52 | N | 252240] C:\ntldr

[13/08/2010 - 12:57:24 | N | 68] C:\nvo.ini

[05/07/2011 - 19:14:52 | ASH | 2137174016] C:\pagefile.sys

[30/08/2010 - 12:04:25 | N | 58] C:\planche numérisée.env

[06/07/2011 - 06:47:52 | D ] C:\Program Files

[29/03/2010 - 13:03:31 | D ] C:\Python24

[22/09/2010 - 10:29:43 | D ] C:\Python25

[05/07/2011 - 17:58:20 | N | 2228] C:\rapport.txt

[31/05/2010 - 11:40:05 | D ] C:\Recups

[23/06/2010 - 10:49:20 | D ] C:\Recups Claude

[10/02/2011 - 12:22:20 | D ] C:\Recups Mario

[21/05/2010 - 16:12:55 | D ] C:\Recups Steph

[06/07/2011 - 06:52:47 | SHD ] C:\RECYCLER

[05/07/2011 - 19:20:12 | D ] C:\rsit

[20/06/2011 - 13:16:51 | D ] C:\Scans

[17/09/2009 - 10:36:31 | D ] C:\SmartLFCD

[17/09/2009 - 16:04:30 | N | 24324] C:\Stitch 2009-09-16.docx

[17/09/2009 - 16:04:54 | N | 49] C:\Stitchs.txt

[14/12/2009 - 08:00:44 | SHD ] C:\System Volume Information

[08/09/2009 - 16:01:27 | D ] C:\system.sav

[19/08/2010 - 13:12:09 | D ] C:\Temp

[30/08/2010 - 12:05:16 | N | 49] C:\Traceurs.env

[14/09/2010 - 08:30:54 | D ] C:\unzipped

[06/07/2011 - 06:52:47 | D ] C:\UsbFix

[06/07/2011 - 06:52:47 | A | 994] C:\UsbFix.txt

[05/07/2011 - 17:37:31 | D ] C:\UsbFix_Upload_Me

[12/03/2010 - 11:01:44 | D ] C:\WebUpdater

[28/01/2010 - 10:01:06 | D ] C:\WinDev 12

[05/07/2011 - 19:15:59 | D ] C:\WINDOWS

[07/09/2010 - 15:32:51 | D ] C:\WinTOPO

[04/07/2011 - 15:46:19 | D ] C:\WorhShop

[22/09/2010 - 10:43:50 | N | 139] C:\WORK.LOG

[22/09/2010 - 10:39:16 | D ] C:\WorkSpace

[24/01/2011 - 11:16:24 | D ] C:\XMEN Saison III

 

################## | Vaccin |

 

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

 

################## | Upload |

 

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_SALLE-TIRAGE.zip

http://www.teamxscript.org/Upload.php

Merci de votre contribution.

 

################## | E.O.F |

 

 

 

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Version de la base de données: 7028

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

06/07/2011 06:42:56

mbam-log-2011-07-06 (06-42-56).txt

 

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 509787

Temps écoulé: 43 minute(s), 50 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\documents and settings\Frank\Bureau\adobe 600\6PRO\adobe.acrobat.6.0.professional.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\Frank\Bureau\recups pc traceuse\Frank\Bureau\es\6PRO\adobe.acrobat.6.0.professional.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\LEMA\application data\thinstall\microsoft office professional edition 2003\10000001600002i\msiexec.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

c:\Recups\01\LOSTFILE\Tools\Vista\vistaactivationcracksetup.exe (Worm.VB) -> Quarantined and deleted successfully.

c:\Recups\01\LOSTFILE\Tools\Vista2\vistaactivationcracksetup.exe (Worm.VB) -> Quarantined and deleted successfully.

laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

Voici le rapport du diagnostic

 

Rapport de ZHPDiag v1.27.24 par Nicolas Coolman, Update du 05/07/2011

Run by dranoel at 06/07/2011 11:00:30

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox 5.0 v (Defaut)

 

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2038 MB (61% free)

System Restore: Activé (Enable)

System drive C: has 25 GB (16%) free of 149 GB

 

---\\ Logged in mode

Computer Name: SALLE-TIRAGE

User Name: dranoel

All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ %AppData%=C:\Documents and Settings\dranoel\Application Data\

~ %Desktop%=C:\Documents and Settings\dranoel\Bureau\

~ %Favorites%=C:\Documents and Settings\dranoel\Favoris\

~ %LocalAppData%=C:\Documents and Settings\dranoel\Local Settings\Application Data\

~ %StartMenu%=C:\Documents and Settings\dranoel\Menu Démarrer\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 149 Go)

D:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.06/07/2011 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]

[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/07/2011 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.06/07/2011 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.06/07/2011 - 11:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.06/07/2011 - 12:15:54.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/4

~ Mes musiques (My Musics) : 1/2

~ Mes Videos (My Video) : 0/0

~ Mes Favoris (My Favorites) : 2/61

~ Mes Documents (My Documents) : 4/61

~ Mon Bureau (My Desktop) : 3/2737

~ Menu demarrer (Programs) : 6/34

 

 

 

---\\ Processus lancés

[MD5.90DC23D940551DB35367FB1E40575B25] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736]

[MD5.717EBC644D096C77B39B6B6A174D1B49] - (.Macrovision Corporation - Pas de description.) -- C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [1372160]

[MD5.9BDBDA21D3BA8E374FD06A405BE10215] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784]

[MD5.C1236550E7CD79D1C47313BC616498D3] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424]

[MD5.FB1E1DF4F915BE2CC6194E60C8290860] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752]

[MD5.3ABE228565C5E57CA3FB7B51EFFE9A0C] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536]

[MD5.AA9778EF3D1FA1191D247C192005FDC9] - (.Sonic Solutions - Drive Letter Access Component.) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE [127036]

[MD5.BD935D4F16C3B49AD58F6071A0AFFCF4] - (.Macrovision Corporation - Macrovision Software Manager Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [86960]

[MD5.5A7A792D32CC1126F9D80B8D4653C723] - (...) -- C:\Program Files\USBAntiVirus\USBAntiVirus.exe [488448]

[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152]

[MD5.2BAD84B393AF47006D80BA2F03B18029] - (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [213936]

[MD5.05597A464226C8323B7344CAF37D4335] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2289664]

[MD5.78BFE3201ADA2FE02D1E35D2488E5F55] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [217193]

[MD5.2FE253973433442C2CB234FB2BC4BF29] - (.WinZip Computing, Inc. - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK.EXE [106560]

[MD5.6C9CD3ECBA6732661C8BBE37A877A2BD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]

[MD5.4486AD32BB05628967695FCA1BADD46E] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]

[MD5.2426404594FE5DC8D2FFE8684D936B1E] - (.PC SOFT - manta.exe (Moteur HyperFileSQL Client/Serve.) -- C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe [180736]

[MD5.C773D093D5C18765E71C7992AEE051A2] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896]

[MD5.8E8C8A4DD41B0C3CE87636E43BC38441] - (.Intel® Corporation - CBA -- Ping Discovery Service.) -- C:\WINDOWS\system32\cba\pds.exe [38544]

[MD5.D57D1BE0129C1B45653B0FA920BC4B38] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [73728]

[MD5.5657CB7897F36C43B28260BC9F2A6D6F] - (.PC SOFT - MantaManager.exe (Gestion et mise à jour du.) -- C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe [229376]

[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872]

[MD5.9CEABD6C5E75E3B869772EA15439C5C5] - (.Symantec Corporation - NscTop Module.) -- C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE [911456]

[MD5.381110584AEE6D3DDAA76A63ADD64D42] - (...) -- C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE [1757184]

[MD5.C7AEFF5113DFEA823A2F50133249E2B8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files\PDF Complete\pdfsvc.exe [576024]

[MD5.ACCDF944417FCE3B9BDDFC197C704A27] - (.SafeNet, Inc - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400]

[MD5.F49666414BEBC671A7BBAA6E2EA4DCE4] - (.Intel® Corporation - Alert Originator Manager.) -- C:\WINDOWS\system32\ams_ii\iao.exe [59032]

[MD5.F50943444171949433501FCC6DCFD026] - (.Intel® Corporation - CBA -- Message System.) -- C:\WINDOWS\system32\MsgSys.EXE [34456]

[MD5.B3A6841C949106781AB2634B9E5446D9] - (.Intel® Corporation - CBA - Message Resource.) -- C:\WINDOWS\system32\cba\xfr.exe [42640]

[MD5.2256D5D7ADB516964646135EBB33958B] - (.Vodafone - VMCService.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336]

[MD5.072F0ED116282DC7D34EE5EA5FB533B4] - (.Intel® Corporation - AMS2 Handler Manager Service.) -- C:\WINDOWS\system32\ams_ii\hndlrsvc.exe [38560]

[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472]

[MD5.0B48230165E5E02BF7ED9DDD71FE7B28] - (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe [2918576]

[MD5.C90DE0D235CC1A49A063C34B16864CD0] - (.DameWare Development LLC - DameWare NT Utilities Application.) -- C:\Program Files\DameWare Development\DameWare NT Utilities\DNTU.exe [2162736]

[MD5.ADF88D0996A634B5B13EE8FB9595647D] - (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe [153088]

[MD5.AE45DDF08B6949057CDB2D2EAAD3DEC4] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [656896]

[MD5.1E5B9201721D9B687546A982323C030E] - (.Macrovision Corporation - Macrovision Software Manager Agent.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe [992176]

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Documents and Settings\dranoel\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c6rmwor.default\prefs.js

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Bing

R1 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\WINDOWS\system32\ieframe.dll

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

 

 

 

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} . (.Speedbit Ltd. - DAP IE Browser Helper Module.) -- C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 6.0 for Act.) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} . (.Sonic Solutions - Drive Letter Access Component.) -- C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} . (...) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\PROGRA~1\DAP\DAPIEL~1.DLL

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (...) -- (.not file.)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} . (.Pas de propriétaire - DAP IE Bar.) -- C:\Program Files\DAP\DAPIEBar.dll

 

 

 

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [setRefresh] . (.Hewlett-Packard Company - SetRefresh.) -- C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [DLA] . (.Sonic Solutions - Drive Letter Access Component.) -- C:\WINDOWS\System32\DLA\DLACTRLW.exe

O4 - HKLM\..\Run: [iSUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

O4 - HKLM\..\Run: [iSUSScheduler] . (.Macrovision Corporation - Macrovision Software Manager Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

O4 - HKLM\..\Run: [uSBAntiVirus.exe] . (...) -- C:\Program Files\USBAntiVirus\USBAntiVirus.exe

O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] . (.Nero AG - NBH.) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [iSUSPM] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe

O4 - HKLM\..\Run: [MobileConnect] . (.Vodafone - MobileConnect.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk . (.Adobe Systems Inc..) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk . (.WinZip Computing, Inc..) -- C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk . (...) -- C:\Documents and Settings\dranoel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (.not file.)

 

 

 

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Acrobat Distiller 6.0.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\SC_Distiller_PFM.ico (.not file.)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Acrobat 6.0 Professional.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\SC_Acrobat_PFM_1.ico (.not file.)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady CS.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\ImageReady.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop CS.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\Photoshop.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe (.not file.)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\HP Designjet 500-800 series Firmware Update.lnk . (...) -- C:\Program Files\Hewlett-Packard\HP Designjet 500-800 series Firmware Update\FirmwareUpdateTool.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Security Essentials.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Security Client\msseces.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Symantec pcAnywhere.lnk . (.Symantec Corporation.) -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: &Clean Traces . (...) -- C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP . (...) -- C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Recherche AOL Toolbar . (...) -- C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\local\search.html

O8 - Extra context menu item: Download &all with DAP . (...) -- C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline

O9 - Extra button: Console Java (Sun) - {3369AF0D-62E9-4bda-8103-B4C75499B578} . (.AOL - AOL Toolbar.) -- C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\aoltbres.dll

O9 - Extra button: Console Java (Sun) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

 

 

 

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)

O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=desktop

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS1\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS2\Services\Tcpip\..\{21C32CDE-906B-4867-A2D1-8AF5AB4BE61B}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lome.dgcc-togo.com

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

O20 - Winlogon Notify: PCANotify . (.Symantec Corporation - Winlogon Notification package.) -- C:\Windows\System32\PCANotify.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

 

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: McAfee Application Installer Cleanup (0135551257510229) (0135551257510229mcinstcleanup) - Clé orpheline

O23 - Service: ArcGIS License Manager (ArcGIS License Manager) . (.Macrovision Corporation - Pas de description.) - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) . (.Macrovision - Macrovision RTS Service.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe

O23 - Service: Hyper File Server : DGCC-LOME (Hyper File Server : DGCC-LOME) - Clé orpheline

O23 - Service: Hyper File Server : Salle-Tirage (Hyper File Server : Salle-Tirage) . (.PC SOFT - manta.exe (Moteur HyperFileSQL Client/Serve.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe

O23 - Service: InCD Helper (InCDsrv) . (.Nero AG - incdsrv.) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Intel Alert Handler (Intel Alert Handler) . (.Intel® Corporation - AMS2 Handler Manager Service.) - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Alert Originator (Intel Alert Originator) . (.Intel® Corporation - Alert Originator Manager.) - C:\WINDOWS\system32\ams_ii\iao.exe

O23 - Service: Intel File Transfer (Intel File Transfer) . (.Intel® Corporation - CBA - Message Resource.) - C:\WINDOWS\system32\cba\xfr.exe

O23 - Service: Intel PDS (Intel PDS) . (.Intel® Corporation - CBA -- Ping Discovery Service.) - C:\WINDOWS\system32\cba\pds.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: MantaManager (MantaManager) . (.PC SOFT - MantaManager.exe (Gestion et mise à jour du.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe

O23 - Service: Service de repérage Symantec System Center (NSCTOP) . (.Symantec Corporation - NscTop Module.) - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) . (.PDF Complete Inc - Dispatcher.) - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) . (.SafeNet, Inc - Pas de description.) - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) . (.Vodafone - VMCService.) - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: My Current Home Page - file:About:Home

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (awlegacy) . (.Symantec Corporation - pcAnywhere Legacy Driver Module.) - C:\WINDOWS\system32\Drivers\awlegacy.sys

O41 - Driver: (AW_HOST) . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000/XP.) - C:\WINDOWS\System32\drivers\aw_host5.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys

O41 - Driver: (DLACDBHM) . (.Sonic Solutions - Shared Driver Component.) - C:\WINDOWS\System32\Drivers\DLACDBHM.sys

O41 - Driver: (DLARTL_N) . (.Sonic Solutions - Shared Driver Component.) - C:\WINDOWS\System32\Drivers\DLARTL_N.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys

O41 - Driver: (InCDPass) . (.Nero AG - Ahead RW Filter Driver.) - C:\WINDOWS\System32\drivers\InCDPass.sys

O41 - Driver: (incdrm) . (.Nero AG - Nero MRW Filter Driver.) - C:\WINDOWS\System32\drivers\InCDRm.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys

O41 - Driver: (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\WINDOWS\System32\DRIVERS\MpFilter.sys

O41 - Driver: (MpKslc30c0df4) . (.Microsoft Corporation - KSLDriver.) - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78B309F2-D2CB-4CFD-8CA0-0D9D3A57D73C}\MpKslc30c0df4.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys

O41 - Driver: (P3) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\p3.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys

O41 - Driver: (SASDIFSV) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.sys

O41 - Driver: (SASKUTIL) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys

O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}

O42 - Logiciel: AOL Toolbar 5.0 - (.AOL LLC.) [HKLM] -- AOL Toolbar

O42 - Logiciel: Adobe Acrobat 6.0 Professional - (.Adobe Systems.) [HKLM] -- {AC76BA86-1033-0000-7760-000000000001}

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC}

O42 - Logiciel: Adobe Reader 9 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A90000000001}

O42 - Logiciel: ArcGIS ArcInfo Workstation - (.Environmental Systems Research Institute, Inc..) [HKLM] -- {2B0AEAE7-6EF2-4642-8F95-DDBC9B72721D}

O42 - Logiciel: ArcGIS Desktop - (.Environmental Systems Research Institute, Inc..) [HKLM] -- ArcGIS Desktop

O42 - Logiciel: ArcGIS License Manager - (.Pas de propriétaire.) [HKLM] -- ArcGIS License Manager

O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: AutoCAD 2004 - (.Autodesk.) [HKLM] -- {5783F2D7-0201-040C-0002-0060B0CE6BBA}

O42 - Logiciel: Autodesk Express Viewer - (.Autodesk, Inc..) [HKLM] -- Autodesk Express Viewer

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Client Activator 7.1 - English (2) - (.Pas de propriétaire.) [HKLM] -- Rainbow Client Activator 7.1 English

O42 - Logiciel: Client Activator 7.1 - English (All) - (.Pas de propriétaire.) [HKLM] -- Rainbow Client Activator 7.1 English All

O42 - Logiciel: Console de gestion de la stratégie de groupe Microsoft - (.Microsoft Corporation.) [HKLM] -- {8681E826-9DC6-4EAC-84B7-971EA795BD36}

O42 - Logiciel: DameWare NT Utilities - (.DameWare Development.) [HKLM] -- {EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}

O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)

O42 - Logiciel: ECW Compressor 2.2 - (.Pas de propriétaire.) [HKLM] -- ECW Compressor 2.2

O42 - Logiciel: EasyRecovery Professional - (.Ontrack Data International, Inc..) [HKLM] -- InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}

O42 - Logiciel: Garmin MapSource - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {9D0FB354-3D85-483A-A899-99FB3084942D}

O42 - Logiciel: Garmin Trip and Waypoint Manager v5 - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {414A373B-59DF-4102-94CA-9FE9A74CBDDA}

O42 - Logiciel: HP Designjet 500-800 series FUU - (.Hewlett-Packard.) [HKLM] -- {21999F55-6F63-4FAB-9172-423355DC656D}

O42 - Logiciel: HP Help and Support - (.HPQ.) [HKLM] -- {A93C4E94-1005-489D-BEAA-B873C1AA6CFC}

O42 - Logiciel: HP Imaging Device Functions 9.0 - (.HP.) [HKLM] -- HP Imaging Device Functions

O42 - Logiciel: HP OCR Software 9.0 - (.HP.) [HKLM] -- HPOCR

O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {EB21A812-671B-4D08-B974-2A347F0D8F70}

O42 - Logiciel: HP Scanjet G2710 9.0 - (.HP.) [HKLM] -- {F4158BB4-98FA-4ad5-A0FE-3913A0714A44}

O42 - Logiciel: HP Solution Center 9.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools

O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {8C6027FD-53DC-446D-BB75-CACD7028A134}

O42 - Logiciel: High Definition Audio - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2

O42 - Logiciel: Hyper File : Salle-Tirage - (.Pas de propriétaire.) [HKLM] -- HyperFile-Salle-Tirage

O42 - Logiciel: Hyper File Manager - (.Pas de propriétaire.) [HKLM] -- HyperFileManager

O42 - Logiciel: IDRISI 15 The Andes Edition - (.Clark Labs / Clark University.) [HKLM] -- IDRISI 15 The Andes Edition

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- HDMI

O42 - Logiciel: Java 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}

O42 - Logiciel: LEICA Geo Office - Outils - (.Leica Geosystems.) [HKLM] -- {10111CD0-05C5-432D-8620-361AC7686877}

O42 - Logiciel: LightScribe System Software 1.12.29.2 - (.http://www.lightscribe.com.) [HKLM] -- {CF8C077A-B467-4C43-8DB5-3A9B94FF9681}

O42 - Logiciel: LiveReg (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveReg

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: MapImagery - (.Pas de propriétaire.) [HKLM] -- MapImagery

O42 - Logiciel: MapInfo Professional 8.5 - (.MapInfo Corporation.) [HKLM] -- {A5FC1423-8739-45CB-9C46-27BF79A0BD8A}

O42 - Logiciel: MapSource - (.Pas de propriétaire.) [HKLM] -- MapSource

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)

O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}

O42 - Logiciel: Microsoft .NET Framework 2.0 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 2.0

O42 - Logiciel: Microsoft Antimalware - (.Microsoft Corporation.) [HKLM] -- {774088D4-0777-4D78-904D-E435B318F5D2}

O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {0450B7B0-AC71-44A4-AB40-4DD678DF3A8C}

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {77A776C4-D10F-416D-88F0-53F2D9DCD9B3}

O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {859B9BCA-5376-4566-9F88-C6C9DAA7A925}

O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {A49F249F-0C91-497F-86DF-B2585E8E76B7}

O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 2.0 Language Pack - FRA

O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr)

O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM] -- {9B4E6CB9-E54D-47F7-A414-E2D5740E1036}

O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN

O42 - Logiciel: PDF Complete - (.PDF Complete, Inc..) [HKLM] -- PDF Complete

O42 - Logiciel: PL-2303 USB-to-Serial - (.Prolific Technology INC.) [HKLM] -- {ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}

O42 - Logiciel: Pack d’outils d’administration de Windows Server 2003 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {0D184898-C3F8-4268-8FE7-B482B4ADF086}

O42 - Logiciel: Python 2.4.1 - (.Pas de propriétaire.) [HKLM] -- Python 2.4.1

O42 - Logiciel: Python 2.5 numpy-1.0.3 - (.Pas de propriétaire.) [HKLM] -- Python 2.5 numpy-1.0.3

O42 - Logiciel: Python 2.5.1 - (.Pas de propriétaire.) [HKLM] -- Python 2.5.1

O42 - Logiciel: Readiris Pro 9 - (.Pas de propriétaire.) [HKLM] -- {3CA9D105-113C-11D8-AB3E-000102B0F79A}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Roxio Audio Module - (.Roxio.) [HKLM] -- {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

O42 - Logiciel: Roxio Copy Module - (.Roxio.) [HKLM] -- {B12665F4-4E93-4AB4-B7FC-37053B524629}

O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {83FFCFC7-88C6-41c6-8752-958A45325C82}

O42 - Logiciel: Roxio Creator Basic v9 - (.Roxio.) [HKLM] -- {C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {0D397393-9B50-4c52-84D5-77E344289F87}

O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {0394CDC8-FABD-4ed8-B104-03393876DFDF}

O42 - Logiciel: Roxio DLA - (.Roxio.) [HKLM] -- {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

O42 - Logiciel: Roxio Data Module - (.Roxio.) [HKLM] -- {075473F5-846A-448B-BCB3-104AA1760205}

O42 - Logiciel: Roxio Express Labeler - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

O42 - Logiciel: Roxio MyDVD Basic v9 - (.Roxio.) [HKLM] -- {938B1CD7-7C60-491E-AA90-1F1888168240}

O42 - Logiciel: Roxio MyDVD Plus - (.Roxio.) [HKLM] -- {21657574-BD54-48A2-9450-EB03B2C7FC29}

O42 - Logiciel: Roxio Update Manager - (.Roxio.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E}

O42 - Logiciel: SafeCast Shared Components - (.Macrovision.) [HKLM] -- CdaC13Ba

O42 - Logiciel: Sentinel Protection Installer 7.2.2 - (.SafeNet, Inc..) [HKLM] -- {6DC0632A-A838-4B34-AC19-0FA18E1C533C}

O42 - Logiciel: SmartLF - (.Colortrac.) [HKLM] -- {C5BA7C49-95F2-4222-A37C-100E9FA1BE0A}

O42 - Logiciel: SmartLF Gx Utilities - (.Colortrac.) [HKLM] -- {3A50F5FD-7D19-488A-8246-FE6D7BCF44D9}

O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

O42 - Logiciel: Symantec System Center - (.Symantec Corporation.) [HKLM] -- Symantec System Center

O42 - Logiciel: Symantec System Center - (.Symantec Corporation.) [HKLM] -- {A502B8B6-5601-4DE7-B0E4-2A52641DD3C7}

O42 - Logiciel: Symantec pcAnywhere - (.Symantec Corporation.) [HKLM] -- {E05E8183-866A-11D3-97DF-0000F8D8F2E9}

O42 - Logiciel: USB Drive AntiVirus 2.3 - (.USB AntiVirus.) [HKLM] -- USB Drive AntiVirus_is1

O42 - Logiciel: VLC media player 1.0.0 - (.VideoLAN Team.) [HKLM] -- VLC media player

O42 - Logiciel: Vertical Mapper 2.6 - (.Pas de propriétaire.) [HKLM] -- {97042B20-E491-11D3-96D4-00105A111647}

O42 - Logiciel: Vodafone Mobile Connect - (.Vodafone.) [HKLM] -- {8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}

O42 - Logiciel: WinZip - (.WinZip Computing, Inc..) [HKLM] -- WinZip

O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] -- {121634B0-2F4A-11D3-ADA3-00C04F52DD53}

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows Media Format Runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service

O42 - Logiciel: Wintrans 4.52 - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1

O42 - Logiciel: doPDF 6.0 printer - (.Softland.) [HKLM] -- doPDF 6 printer_is1

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AOL]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Applications WinDev]

[HKCU\Software\Autodesk]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Colortrac]

[HKCU\Software\DameWare Development]

[HKCU\Software\ESRI]

[HKCU\Software\Earth Resource Mapping]

[HKCU\Software\Flock]

[HKCU\Software\GID]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\InstallShield]

[HKCU\Software\Intel]

[HKCU\Software\Iris]

[HKCU\Software\JavaSoft]

[HKCU\Software\LEICA Geosystems]

[HKCU\Software\Leadertech]

[HKCU\Software\LightScribe]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MapInfo]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\Nico Mak Computing]

[HKCU\Software\Northwood]

[HKCU\Software\ODBC]

[HKCU\Software\PC SOFT]

[HKCU\Software\PDFComplete]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Softland]

[HKCU\Software\Softsoft Ltd.]

[HKCU\Software\Software FX, Inc.]

[HKCU\Software\Sonic]

[HKCU\Software\SpeedBit]

[HKCU\Software\SystemSafe]

[HKCU\Software\Trolltech]

[HKCU\Software\Usbfix]

[HKCU\Software\Vodafone]

[HKCU\Software\WinRAR]

[HKCU\Software\WinZip Computing]

[HKCU\Software\Wise Solutions]

[HKCU\Software\ahead]

[HKLM\Software\781]

[HKLM\Software\ALWIL Software]

[HKLM\Software\ActiveXperts]

[HKLM\Software\Adobe Systems]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\Aladdin Knowledge Systems]

[HKLM\Software\America Online]

[HKLM\Software\Audible]

[HKLM\Software\Autodesk]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CLSYSTEM]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ConversApi]

[HKLM\Software\Convers]

[HKLM\Software\DameWare Development]

[HKLM\Software\Debug]

[HKLM\Software\ER Mapper]

[HKLM\Software\ESRI]

[HKLM\Software\Earth Resource Mapping]

[HKLM\Software\FLEXlm License Manager]

[HKLM\Software\GID]

[HKLM\Software\GarminUTM]

[HKLM\Software\Garmin]

[HKLM\Software\Gemplus]

[HKLM\Software\HPQ]

[HKLM\Software\HP]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\I.R.I.S.]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\LEICA Geosystems]

[HKLM\Software\Licenses]

[HKLM\Software\Lidan]

[HKLM\Software\LightScribe]

[HKLM\Software\MAXSOFT-OCRON]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MapInfo]

[HKLM\Software\MicroVision]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\Nico Mak Computing]

[HKLM\Software\Northwood]

[HKLM\Software\Ntpad]

[HKLM\Software\ODBC]

[HKLM\Software\Omniquad]

[HKLM\Software\Ontrack]

[HKLM\Software\PDFComplete]

[HKLM\Software\Policies]

[HKLM\Software\Preclick]

[HKLM\Software\Program Groups]

[HKLM\Software\Prolific Technology INC]

[HKLM\Software\Python]

[HKLM\Software\Rainbow Technologies]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Roxio]

[HKLM\Software\SUPERAntiSpyware.com]

[HKLM\Software\Safe Software Inc.]

[HKLM\Software\Safenet Sentinel]

[HKLM\Software\Schlumberger]

[HKLM\Software\Seagate Software]

[HKLM\Software\Secure]

[HKLM\Software\Softland]

[HKLM\Software\Software FX, Inc.]

[HKLM\Software\Sonic]

[HKLM\Software\SpeedBit]

[HKLM\Software\Symantec]

[HKLM\Software\SystemSafe]

[HKLM\Software\TORO]

[HKLM\Software\TrendMicro]

[HKLM\Software\Vantage Software Technologies]

[HKLM\Software\VideoLAN]

[HKLM\Software\Vodafone]

[HKLM\Software\WexTech Systems]

[HKLM\Software\WinLicense]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Wise Solutions]

[HKLM\Software\callas software gmbh]

[HKLM\Software\illiminable]

[HKLM\Software\mozilla.org]

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 29/04/2010 - 11:38:12 - [2105926] ----D- C:\Program Files\ActiveXperts

O43 - CFD: 21/12/2010 - 08:09:16 - [163106006] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 12/01/2010 - 16:18:10 - [682807601] ----D- C:\Program Files\Adobe

O43 - CFD: 15/09/2009 - 11:19:38 - [3997789] ----D- C:\Program Files\AnswerWorks 4.0

O43 - CFD: 08/09/2009 - 16:02:56 - [2722884] ----D- C:\Program Files\AOL

O43 - CFD: 22/09/2010 - 10:47:32 - [3254935112] ----D- C:\Program Files\ArcGIS

O43 - CFD: 15/09/2009 - 11:20:32 - [177057525] ----D- C:\Program Files\AutoCAD 2004

O43 - CFD: 15/09/2009 - 11:19:58 - [6531178] ----D- C:\Program Files\Autodesk

O43 - CFD: 14/09/2009 - 16:38:54 - [22174013] ----D- C:\Program Files\CADASTRO

O43 - CFD: 07/06/2010 - 12:02:42 - [31417094] ----D- C:\Program Files\CADASTRO10

O43 - CFD: 22/09/2010 - 09:46:28 - [2913496] ----D- C:\Program Files\CCleaner

O43 - CFD: 26/10/2009 - 10:26:58 - [1179880] ----D- C:\Program Files\CMAK

O43 - CFD: 14/09/2009 - 16:49:50 - [3656552] ----D- C:\Program Files\Colortrac

O43 - CFD: 08/09/2009 - 13:48:28 - [525824] ----D- C:\Program Files\Compaq

O43 - CFD: 08/09/2009 - 22:34:56 - [0] ----D- C:\Program Files\ComPlus Applications

O43 - CFD: 29/06/2011 - 08:25:32 - [39585031] ----D- C:\Program Files\DameWare Development

O43 - CFD: 04/07/2011 - 07:27:56 - [20676830] ----D- C:\Program Files\DAP

O43 - CFD: 22/10/2010 - 15:02:14 - [4965656] ----D- C:\Program Files\ER Mapper

O43 - CFD: 29/03/2010 - 12:30:00 - [21180281] ----D- C:\Program Files\ESRI

O43 - CFD: 01/07/2011 - 10:46:56 - [902755397] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 13/12/2010 - 12:53:42 - [11396748] ----D- C:\Program Files\GID

O43 - CFD: 26/10/2009 - 10:51:04 - [5135750] ----D- C:\Program Files\GPMC

O43 - CFD: 18/10/2010 - 11:58:24 - [38103752] ----D- C:\Program Files\Hewlett-Packard

O43 - CFD: 12/01/2010 - 15:15:26 - [167609680] ----D- C:\Program Files\HP

O43 - CFD: 08/09/2009 - 13:47:22 - [374073] ----D- C:\Program Files\HPQ

O43 - CFD: 22/10/2010 - 15:00:56 - [34627324] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 30/06/2011 - 08:19:36 - [4689575] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 08/09/2009 - 13:45:38 - [82641639] ----D- C:\Program Files\Java

O43 - CFD: 22/09/2010 - 10:17:52 - [67018013] ----D- C:\Program Files\Leica Geosystems

O43 - CFD: 05/07/2011 - 19:47:06 - [7566967] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 13/12/2010 - 12:53:42 - [464329] ----D- C:\Program Files\MapImagery

O43 - CFD: 22/10/2010 - 14:57:32 - [231648004] ----D- C:\Program Files\MapInfo

O43 - CFD: 28/01/2011 - 12:54:08 - [2151555] ----D- C:\Program Files\Messenger

O43 - CFD: 08/09/2009 - 22:34:56 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 15/09/2009 - 11:19:36 - [569557445] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 09/02/2011 - 12:14:36 - [18110254] ----D- C:\Program Files\Microsoft Security Client

O43 - CFD: 08/09/2009 - 16:08:14 - [14904] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 08/09/2009 - 16:06:00 - [67476831] ----D- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 08/09/2009 - 16:08:38 - [3178824] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 08/09/2009 - 16:07:46 - [8152064] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 28/01/2011 - 12:53:44 - [10374874] ----D- C:\Program Files\Movie Maker

O43 - CFD: 04/07/2011 - 15:47:40 - [34244654] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 08/09/2009 - 16:08:24 - [764] ----D- C:\Program Files\MSBuild

O43 - CFD: 08/09/2009 - 22:34:56 - [19278399] ----D- C:\Program Files\MSN

O43 - CFD: 08/09/2009 - 22:34:56 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 29/10/2009 - 12:50:50 - [252859324] ----D- C:\Program Files\Nero

O43 - CFD: 28/01/2011 - 12:51:30 - [3285523] ----D- C:\Program Files\NetMeeting

O43 - CFD: 19/04/2010 - 08:07:06 - [2840341] ----D- C:\Program Files\Omniquad Instant Remote Control

O43 - CFD: 08/09/2009 - 16:03:18 - [1779] R---D- C:\Program Files\Online Services

O43 - CFD: 17/02/2010 - 13:21:16 - [54398394] ----D- C:\Program Files\Ontrack

O43 - CFD: 28/01/2011 - 12:51:28 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 16/11/2009 - 15:01:38 - [1015470783] ----D- C:\Program Files\PC SOFT

O43 - CFD: 31/12/2010 - 08:30:04 - [31264313] ----D- C:\Program Files\PDF Complete

O43 - CFD: 08/09/2009 - 14:01:12 - [1022] ----D- C:\Program Files\Raccourcis de programmes

O43 - CFD: 29/03/2010 - 13:13:24 - [33327] ----D- C:\Program Files\Rainbow Technologies

O43 - CFD: 03/09/2010 - 16:23:14 - [51335442] ----D- C:\Program Files\Readiris Pro 9

O43 - CFD: 08/09/2009 - 13:46:16 - [42199231] ----D- C:\Program Files\Realtek

O43 - CFD: 08/09/2009 - 16:58:50 - [473717014] ----D- C:\Program Files\Roxio

O43 - CFD: 22/09/2010 - 10:01:34 - [327659] ----D- C:\Program Files\SafeNet Sentinel

O43 - CFD: 22/10/2010 - 14:57:38 - [1959852] ----D- C:\Program Files\Seagate Software

O43 - CFD: 08/09/2009 - 22:34:56 - [929] ----D- C:\Program Files\Services en ligne

O43 - CFD: 30/03/2010 - 13:26:58 - [1293395] ----D- C:\Program Files\Softland

O43 - CFD: 08/09/2009 - 16:12:32 - [13272304] ----D- C:\Program Files\Sonic

O43 - CFD: 01/07/2011 - 10:13:08 - [0] ----D- C:\Program Files\SUPERAntiSpyware

O43 - CFD: 28/01/2011 - 11:02:42 - [119150299] ----D- C:\Program Files\Symantec

O43 - CFD: 19/08/2010 - 13:01:10 - [0] ----D- C:\Program Files\Symantec AntiVirus

O43 - CFD: 29/04/2010 - 11:55:26 - [849] ----D- C:\Program Files\Total Network Monitor

O43 - CFD: 05/07/2011 - 19:20:12 - [789143] ----D- C:\Program Files\trend micro

O43 - CFD: 08/09/2009 - 22:34:56 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 29/06/2011 - 11:46:42 - [2370091] ----D- C:\Program Files\USBAntiVirus

O43 - CFD: 29/10/2009 - 16:13:24 - [75096999] ----D- C:\Program Files\VideoLAN

O43 - CFD: 27/05/2011 - 09:54:20 - [20860889] ----D- C:\Program Files\Vodafone

O43 - CFD: 09/02/2011 - 12:08:26 - [121374] ----D- C:\Program Files\Windows Installer Clean Up

O43 - CFD: 28/01/2011 - 12:54:06 - [4401005] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 28/01/2011 - 12:51:28 - [3938047] ----D- C:\Program Files\Windows NT

O43 - CFD: 08/09/2009 - 22:34:56 - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 18/11/2009 - 10:24:22 - [3111820] ----D- C:\Program Files\WinRAR

O43 - CFD: 07/06/2010 - 14:39:36 - [611684] ----D- C:\Program Files\Wintrans

O43 - CFD: 13/09/2010 - 17:38:16 - [4797080] ----D- C:\Program Files\WinZip

O43 - CFD: 08/09/2009 - 22:34:56 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 06/07/2011 - 11:00:36 - [3928188] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 29/04/2010 - 11:38:14 - [1605632] ----D- C:\Program Files\Fichiers Communs\ActiveXperts

O43 - CFD: 06/09/2010 - 14:10:36 - [102906510] ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD: 15/09/2009 - 12:52:34 - [68096] ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared

O43 - CFD: 29/10/2009 - 12:53:54 - [110841003] ----D- C:\Program Files\Fichiers Communs\Ahead

O43 - CFD: 22/09/2010 - 10:19:16 - [5133227] ----D- C:\Program Files\Fichiers Communs\AnswerWorks 4.0

O43 - CFD: 15/09/2009 - 11:19:38 - [38296042] ----D- C:\Program Files\Fichiers Communs\Autodesk Shared

O43 - CFD: 02/02/2010 - 08:03:10 - [0] ----D- C:\Program Files\Fichiers Communs\CC100Topologic

O43 - CFD: 15/09/2009 - 11:19:38 - [204864] ----D- C:\Program Files\Fichiers Communs\DESIGNER

O43 - CFD: 22/09/2010 - 10:17:08 - [47463566] ----D- C:\Program Files\Fichiers Communs\ESRI

O43 - CFD: 12/01/2010 - 15:12:24 - [12305661] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard

O43 - CFD: 12/01/2010 - 15:15:30 - [2882048] ----D- C:\Program Files\Fichiers Communs\HP

O43 - CFD: 03/09/2010 - 16:22:44 - [17950169] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 08/09/2009 - 13:45:22 - [34657942] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 08/09/2009 - 16:10:44 - [29696965] ----D- C:\Program Files\Fichiers Communs\LightScribe

O43 - CFD: 15/09/2009 - 11:19:56 - [275616] ----D- C:\Program Files\Fichiers Communs\Macrovision Shared

O43 - CFD: 08/09/2010 - 15:12:30 - [263719257] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 08/09/2009 - 22:34:56 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 08/09/2009 - 22:34:56 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 28/01/2010 - 10:05:58 - [47293436] ----D- C:\Program Files\Fichiers Communs\PC SOFT

O43 - CFD: 08/09/2009 - 16:59:14 - [109248534] ----D- C:\Program Files\Fichiers Communs\Roxio Shared

O43 - CFD: 22/09/2010 - 10:01:34 - [1806719] ----D- C:\Program Files\Fichiers Communs\SafeNet Sentinel

O43 - CFD: 08/09/2009 - 22:34:56 - [8106] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 08/09/2009 - 16:59:16 - [20165486] ----D- C:\Program Files\Fichiers Communs\Sonic Shared

O43 - CFD: 08/09/2009 - 22:34:56 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 01/07/2011 - 10:46:56 - [2248320] ----D- C:\Program Files\Fichiers Communs\SpeedBit

O43 - CFD: 08/09/2009 - 16:12:34 - [475136] ----D- C:\Program Files\Fichiers Communs\SureThing Shared

O43 - CFD: 28/01/2011 - 11:02:40 - [7907772] ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD: 28/01/2011 - 12:51:24 - [41168061] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 08/09/2009 - 16:13:10 - [355840] ----D- C:\Program Files\Fichiers Communs\TiVo Shared

O43 - CFD: 05/07/2011 - 19:00:16 - [2517751] ----D- C:\Documents and Settings\dranoel\Application Data\Adobe

O43 - CFD: 11/10/2010 - 08:57:30 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\AdobeUM

O43 - CFD: 19/11/2010 - 11:09:52 - [201758] ----D- C:\Documents and Settings\dranoel\Application Data\Ahead

O43 - CFD: 17/09/2009 - 14:05:24 - [2724591] ----D- C:\Documents and Settings\dranoel\Application Data\Autodesk

O43 - CFD: 17/09/2009 - 10:20:14 - [814] ----D- C:\Documents and Settings\dranoel\Application Data\Colortrac

O43 - CFD: 29/06/2011 - 14:07:40 - [22197] ----D- C:\Documents and Settings\dranoel\Application Data\DameWare Development

O43 - CFD: 21/05/2011 - 12:13:04 - [199] ----D- C:\Documents and Settings\dranoel\Application Data\dvdcss

O43 - CFD: 29/06/2011 - 08:28:54 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\DWMRCMSI

O43 - CFD: 01/07/2011 - 12:46:56 - [1275960] ----D- C:\Documents and Settings\dranoel\Application Data\ESRI

O43 - CFD: 08/09/2010 - 08:33:18 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\Help

O43 - CFD: 08/09/2009 - 22:34:56 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\Identities

O43 - CFD: 21/05/2011 - 14:07:04 - [409] ----D- C:\Documents and Settings\dranoel\Application Data\Leadertech

O43 - CFD: 29/06/2011 - 12:45:34 - [503] ----D- C:\Documents and Settings\dranoel\Application Data\Macromedia

O43 - CFD: 05/07/2011 - 19:47:10 - [739880] ----D- C:\Documents and Settings\dranoel\Application Data\Malwarebytes

O43 - CFD: 22/10/2010 - 14:59:14 - [1784382] ----D- C:\Documents and Settings\dranoel\Application Data\MapInfo

O43 - CFD: 29/06/2011 - 14:37:02 - [3152417] -S--D- C:\Documents and Settings\dranoel\Application Data\Microsoft

O43 - CFD: 04/07/2011 - 15:48:50 - [14324874] ----D- C:\Documents and Settings\dranoel\Application Data\Mozilla

O43 - CFD: 21/05/2011 - 14:07:08 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\Sonic

O43 - CFD: 08/09/2009 - 13:45:18 - [14442496] ----D- C:\Documents and Settings\dranoel\Application Data\Sun

O43 - CFD: 01/07/2011 - 10:13:08 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\SUPERAntiSpyware.com

O43 - CFD: 21/05/2011 - 16:29:54 - [798395] ----D- C:\Documents and Settings\dranoel\Application Data\vlc

O43 - CFD: 30/05/2011 - 13:16:28 - [796506] ----D- C:\Documents and Settings\dranoel\Application Data\Vodafone

O43 - CFD: 08/09/2010 - 08:27:22 - [102134] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Adobe

O43 - CFD: 19/11/2010 - 11:09:52 - [1950601] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Ahead

O43 - CFD: 28/01/2011 - 12:24:06 - [11164] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\AOL

O43 - CFD: 08/09/2009 - 13:41:26 - [4163] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 17/09/2009 - 14:05:12 - [15046932] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Autodesk

O43 - CFD: 08/09/2010 - 08:33:18 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Help

O43 - CFD: 22/10/2010 - 14:59:00 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\MapInfo

O43 - CFD: 30/06/2011 - 08:21:12 - [1528419] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Microsoft

O43 - CFD: 04/07/2011 - 15:47:46 - [25150895] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Mozilla

O43 - CFD: 28/01/2011 - 12:20:48 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\PCHealth

O43 - CFD: 17/09/2009 - 09:22:30 - [3662] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Symantec

O43 - CFD: 08/09/2010 - 08:27:22 - [102134] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Adobe

O43 - CFD: 19/11/2010 - 11:09:52 - [1950601] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Ahead

O43 - CFD: 28/01/2011 - 12:24:06 - [11164] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\AOL

O43 - CFD: 08/09/2009 - 13:41:26 - [4163] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 17/09/2009 - 14:05:12 - [15046932] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Autodesk

O43 - CFD: 08/09/2010 - 08:33:18 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Help

O43 - CFD: 22/10/2010 - 14:59:00 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\MapInfo

O43 - CFD: 30/06/2011 - 08:21:12 - [1528419] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Microsoft

O43 - CFD: 04/07/2011 - 15:47:46 - [25150895] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Mozilla

O43 - CFD: 28/01/2011 - 12:20:48 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\PCHealth

O43 - CFD: 17/09/2009 - 09:22:30 - [3662] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Symantec

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.1CEF1300FEFFFFFF57494E444F577E31] - 06/07/2011 - 10:05:53 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [916963]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/07/2011 - 09:59:53 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.1CEF1300FEFFFFFF0000000038F21300] - 06/07/2011 - 09:59:48 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]

O44 - LFC:[MD5.1CEF1300FEFFFFFF0000000038F21300] - 06/07/2011 - 09:59:46 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 06/07/2011 - 07:37:27 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.94617A1761C9182E7F16CDCFACC2AB8E] - 06/07/2011 - 07:35:13 ---A- . (...) -- C:\rapport.txt [4287]

O44 - LFC:[MD5.0C9835C48E0FD8C6F0841EA8EC7EB7A6] - 06/07/2011 - 07:34:03 ---A- . (...) -- C:\WINDOWS\System32\tmp.reg [4780]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/07/2011 - 07:34:03 ---A- . (...) -- C:\WINDOWS\System32\tmp.txt [0]

O44 - LFC:[MD5.643563AAFF425C097A0C9F1177555D42] - 06/07/2011 - 06:58:47 ---A- . (...) -- C:\UsbFix.txt [4696]

O44 - LFC:[MD5.309C10B8BC83F4D9E21E7D3B8D9BCCAD] - 06/07/2011 - 06:58:43 ---A- . (...) -- C:\UsbFix_Upload_Me_SALLE-TIRAGE.zip [1192572669]

O44 - LFC:[MD5.3E64B6BAEC10DA95422A2863431894E9] - 05/07/2011 - 19:55:16 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [187224]

O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 05/07/2011 - 19:47:04 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [39984]

O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 05/07/2011 - 19:47:01 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712]

O44 - LFC:[MD5.9E786A7A33440CDBFD5872342D53E8F9] - 05/07/2011 - 19:17:04 ---A- . (...) -- C:\WINDOWS\setupapi.log [2176]

O44 - LFC:[MD5.1CEF1300FEFFFFFF0000000038F21300] - 05/07/2011 - 19:13:59 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32500]

O44 - LFC:[MD5.3F5011A09D48AF099B5757E4C145650E] - 05/07/2011 - 18:59:53 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [404640]

O44 - LFC:[MD5.3A9A54E9FF21A4825E9B40A89674F085] - 05/07/2011 - 17:55:05 ---A- . (...) -- C:\WINDOWS\setupact.log [60]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/07/2011 - 17:55:05 ---A- . (...) -- C:\WINDOWS\setuperr.log [0]

O44 - LFC:[MD5.1CEF1300FEFFFFFF5354495F54527E31] - 05/07/2011 - 16:45:09 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/07/2011 - 15:47:46 ---A- . (...) -- C:\WINDOWS\nsreg.dat [0]

O44 - LFC:[MD5.A36AA00529A703505FD1FB38D43D6B48] - 04/07/2011 - 07:28:04 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [1158]

O44 - LFC:[MD5.478063C6D3E9D25ACD3C59782B82E307] - 01/07/2011 - 10:46:52 ---A- . (...) -- C:\WINDOWS\System32\EasyHook32.dll [90784]

O44 - LFC:[MD5.47344CA16097E6ADC726F415582BA92B] - 01/07/2011 - 10:46:52 ---A- . (...) -- C:\WINDOWS\System32\EasyHook64.dll [109216]

O44 - LFC:[MD5.45960B40C1ECB75ED5549A80049879E1] - 01/07/2011 - 10:07:00 ---A- . (.Jin Hui E-mail: jinhui@jcomsoft.com We - Animation GIF Control.) -- C:\WINDOWS\System32\AniGIF.ocx [172032]

O44 - LFC:[MD5.C85123407AC64D05241C0F88D69ECD3E] - 01/07/2011 - 10:07:00 ---A- . (.Stardock.Net, Inc - WindowBlinds : DirectSkin.) -- C:\WINDOWS\System32\wbocx.ocx [479298]

O44 - LFC:[MD5.D68018AEBB6226BCA5103DA8B66A57D6] - 01/07/2011 - 10:07:00 ---A- . (.Stardock.Net, Inc - WindowBlinds Helper DLL.) -- C:\WINDOWS\System32\wbhelp2.dll [50688]

O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 30/06/2011 - 15:07:16 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]

O44 - LFC:[MD5.237B3A66774FEEC922B6F90C2F2FDFB7] - 29/06/2011 - 08:30:32 ---A- . (.DameWare Development LLC - Shell interface for DameWare Mini Remote Co.) -- C:\WINDOWS\System32\DWRCSh32.DLL [68120]

O44 - LFC:[MD5.A69C71169D9CE52884576D08C14929A7] - 16/06/2011 - 09:39:11 ---A- . (...) -- C:\WINDOWS\System32\prsgrc.tgz [115]

O44 - LFC:[MD5.9FE2713973F834D48FB46616B14F2C7A] - 16/06/2011 - 09:39:10 ---A- . (...) -- C:\WINDOWS\System32\prsgrc.dll [101]

O44 - LFC:[MD5.0B50A4DD3E11AC8C2C144BC1C4DA9749] - 16/06/2011 - 09:39:10 ---A- . (...) -- C:\WINDOWS\System32\ssprs.tgz [14]

O44 - LFC:[MD5.7E04D1A195B5CE6867A78CEC16D63732] - 16/06/2011 - 09:39:10 ---A- . (...) -- C:\WINDOWS\System32\svbp449.dll [335]

O44 - LFC:[MD5.70D8147628A149AE2B93A655EC2C8CA2] - 16/06/2011 - 09:39:10 ---A- . (...) -- C:\WINDOWS\System32\svbp449.tgz [349]

 

 

 

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - WDShell

 

 

 

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\mmc.exe" [Enabled] .(.Microsoft Corporation - Microsoft Management Console.) -- C:\WINDOWS\system32\mmc.exe

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" [Enabled] .(...) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (.not file.)

O47 - AAKE:Key Export DP - "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [Disabled] .(.Symantec Corporation - pcAnywhere Host.) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Symantec\pcAnywhere\awrem32.exe" [Disabled] .(.Symantec Corporation - Remote Control Module.) -- C:\Program Files\Symantec\pcAnywhere\awrem32.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "C:\WINDOWS\system32\mmc.exe" [Enabled] .(.Microsoft Corporation - Microsoft Management Console.) -- C:\WINDOWS\system32\mmc.exe

O47 - AAKE:Key Export DP - "\\Serveur\C$\BACKUP PREVENTIF\Serveur HF\Centre de Controle HF\CC100HF.exe" [Disabled] Clé orpheline

O47 - AAKE:Key Export DP - "C:\Program Files\DAP\DAP.exe" [Enabled] .(.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.0F2D66D5F08EBE2F77BB904288DCF6F0] - 06/07/2011 - 22:20:04 ---A- . (.Intel Corporation - Intel® Integrated Controller Hub Audio Driver.) -- C:\WINDOWS\system32\drivers\ac97intc.sys [96256]

O58 - SDL:[MD5.0EA9B1F0C6C90A509C8603775366ADB7] - 06/07/2011 - 00:44:42 ---A- . (.Adaptec, Inc. - Adaptec WinXP Ultra320 Driver.) -- C:\WINDOWS\system32\drivers\adpu320.sys [105472]

O58 - SDL:[MD5.ABFE3AB22767EEB5E7D91B1B3BB2901C] - 06/07/2011 - 14:08:44 ---A- . (.Symantec Corporation - pcAnywhere Legacy Driver Module.) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys [10901]

O58 - SDL:[MD5.852D995A4B283C341A2BAEFAA8067671] - 06/07/2011 - 16:43:34 ---A- . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys [24365]

O58 - SDL:[MD5.F76CB7259AA575CC53F3996BC6B68C18] - 06/07/2011 - 11:19:53 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464]

O58 - SDL:[MD5.BF79E659C506674C0497CC9C61F1A165] - 06/07/2011 - 03:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys [2432]

O58 - SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471] - 06/07/2011 - 03:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys [2560]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 06/07/2011 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 06/07/2011 - 09:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.7581407A6A3C56860AE31E6E423FE824] - 06/07/2011 - 08:35:24 ---A- . (.Sonic Solutions - Shared Driver Component.) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS [5660]

O58 - SDL:[MD5.693DFD92D41A3D270053CD97834E4960] - 06/07/2011 - 08:34:46 ---A- . (.Sonic Solutions - Shared Driver Component.) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS [22684]

O58 - SDL:[MD5.D626B0037E3585C12520F1E5CD67DFDE] - 06/07/2011 - 03:30:00 ---A- . (.Sonic Solutions - Device Driver.) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS [89456]

O58 - SDL:[MD5.2AEEE1600D0F14BA535F90A1F4411B54] - 06/07/2011 - 05:20:00 ---A- . (.Sonic Solutions - Device Driver Manager.) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS [40544]

O58 - SDL:[MD5.1961F8B618E3C20DF54C146B294EFD2A] - 06/07/2011 - 19:12:50 ---A- . (.Intel Corporation - Pilote NDIS 5.) -- C:\WINDOWS\system32\drivers\e100b325.sys [117760]

O58 - SDL:[MD5.53F1160666435151B6FCF89D015FE620] - 06/07/2011 - 19:13:04 R--A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys [101120]

O58 - SDL:[MD5.FD25177CED6751C14DE170D8282CED90] - 06/07/2011 - 13:00:32 ---A- . (.Symantec Corporation - pcAnywhere AWUNREG Driver.) -- C:\WINDOWS\system32\drivers\GERNUWA.sys [13898]

O58 - SDL:[MD5.FD396CA96D4F129BB463ED7DCEF453CA] - 06/07/2011 - 22:18:00 ---A- . (.GARMIN Corp. - Generic WDM Support Driver.) -- C:\WINDOWS\system32\drivers\grmngen.sys [18432]

O58 - SDL:[MD5.D956358054E99E6FFAC69CD87E893A89] - 06/07/2011 - 22:18:00 ---A- . (.GARMIN Corp. - grmnusb.sys.) -- C:\WINDOWS\system32\drivers\grmnusb.sys [8320]

O58 - SDL:[MD5.D95554949082FD29A04D351B58396718] - 06/07/2011 - 10:01:48 ---A- . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\hardlock.sys [693760]

O58 - SDL:[MD5.2DD25F060DC9F79B5CDF33D90ED93669] - 06/07/2011 - 10:05:09 ---A- . (.Aladdin Knowledge Systems - HASP Kernel Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\Haspnt.sys [47616]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 06/07/2011 - 09:36:06 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 06/07/2011 - 15:07:16 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\drivers\Hdaudio.sys [145920]

O58 - SDL:[MD5.06B7EF73BA5F302EECC294CDF7E19702] - 06/07/2011 - 00:29:38 ---A- . (.Intel® Corporation - Miniport Driver for Intel Graphics Driver.) -- C:\WINDOWS\system32\drivers\i81xnt5.sys [161020]

O58 - SDL:[MD5.C4018896856A1A1F1F3A0A6EE7206551] - 06/07/2011 - 08:00:36 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [5851488]

O58 - SDL:[MD5.7BFC3EDA22190C0FE8C2CA19E5379DA5] - 06/07/2011 - 15:55:36 ---A- . (.Nero AG - InCD File System Driver.) -- C:\WINDOWS\system32\drivers\InCDfs.sys [118576]

O58 - SDL:[MD5.FC4DBF18A4EB0D2FE3171471A3D0F9A8] - 06/07/2011 - 15:55:36 ---A- . (.Nero AG - Ahead RW Filter Driver.) -- C:\WINDOWS\system32\drivers\InCDPass.sys [37040]

O58 - SDL:[MD5.F8E7C551DEF07FDC12CA5CC7AE5D975B] - 06/07/2011 - 15:55:36 ---A- . (.Nero AG - InCD File System Recognizer.) -- C:\WINDOWS\system32\drivers\InCDrec.sys [16304]

O58 - SDL:[MD5.31A5A3809249A326EB0EF58D563A9654] - 06/07/2011 - 15:55:36 ---A- . (.Nero AG - Nero MRW Filter Driver.) -- C:\WINDOWS\system32\drivers\InCDRm.sys [38576]

O58 - SDL:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 06/07/2011 - 09:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712]

O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 06/07/2011 - 09:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [39984]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 06/07/2011 - 09:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.3C08693720708E007C2C66BEF6063063] - 06/07/2011 - 10:35:14 R--A- . (.Windows ® Server 2003 DDK provider - Serial Device Driver.) -- C:\WINDOWS\system32\drivers\PciIsaSerial.sys [66048]

O58 - SDL:[MD5.6DE789C487908D8C3781E96D05B7AE0F] - 06/07/2011 - 10:34:10 R--A- . (.Pas de propriétaire - Parallel driver for PCI Parallel Port..) -- C:\WINDOWS\system32\drivers\PciPPorts.sys [82432]

O58 - SDL:[MD5.FE4150C6E6A59861AA552B5AF55CCCBC] - 06/07/2011 - 10:32:14 R--A- . (.Pas de propriétaire - Serial driver for PCI Serial Port..) -- C:\WINDOWS\system32\drivers\PciSPorts.sys [119808]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/07/2011 - 04:49:58 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.FEFFCFDC528764A04C8ED63D5FA6E711] - 06/07/2011 - 03:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys [36528]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 06/07/2011 - 09:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 06/07/2011 - 09:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.89619EF503F949FAE09252A8B883EE11] - 06/07/2011 - 22:10:16 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [105856]

O58 - SDL:[MD5.E5C925B50154D102734AB446ADE781F4] - 06/07/2011 - 17:23:56 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4622848]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 06/07/2011 - 09:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.B3C1B187FEFC941F63CE0DF93D02EB9F] - 06/07/2011 - 07:22:00 ---A- . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) -- C:\WINDOWS\system32\drivers\sentinel.sys [90176]

O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 06/07/2011 - 05:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256]

O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 06/07/2011 - 05:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640]

O58 - SDL:[MD5.B3F8B9EAB2EBE205C0FE053FBA951D8C] - 06/07/2011 - 20:36:04 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS [123200]

O58 - SDL:[MD5.F2B7E8416F508368AC6730E2AE1C614F] - 06/07/2011 - 05:32:06 R--A- . (.LSI Logic - LSI Logic Fusion-MPT MiniPort Driver.) -- C:\WINDOWS\system32\drivers\symmpi.sys [28416]

O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 06/07/2011 - 05:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384]

O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 06/07/2011 - 05:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 06/07/2011 - 09:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 06/07/2011 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.7B5B44EFE5EB9DADFB8EE29700885D23] - 06/07/2011 - 00:29:38 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV01nt.sys [12415]

O58 - SDL:[MD5.EB1F6BAB6C22EDE0BA551B527475F7E9] - 06/07/2011 - 00:29:38 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV02NT.sys [12127]

O58 - SDL:[MD5.03CE989D846C1AA81145CB22FCB86D06] - 06/07/2011 - 00:29:38 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV05NT.sys [11775]

O58 - SDL:[MD5.0308AEF61941E4AF478FA1A0F83812F5] - 06/07/2011 - 00:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV07nt.sys [11807]

O58 - SDL:[MD5.714038A8AA5DE08E12062202CD7EAEB5] - 06/07/2011 - 00:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV08NT.sys [11295]

O58 - SDL:[MD5.7BB3AA595E4507A788DE1CDC63F4C8C4] - 06/07/2011 - 00:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV09NT.sys [11871]

O58 - SDL:[MD5.36E6C405B6143D09687F4056FD9A0D10] - 06/07/2011 - 00:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wADV11nt.sys [11935]

O58 - SDL:[MD5.D83BDD5C059667A2F647A6BE5703A4D2] - 06/07/2011 - 00:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wATV01nt.sys [29311]

O58 - SDL:[MD5.ED968D23354DAA0D7C621580C012A1F6] - 06/07/2011 - 00:29:44 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wATV02NT.sys [19551]

O58 - SDL:[MD5.D738273F218A224C1DDAC04203F27A84] - 06/07/2011 - 00:29:44 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wATV04nt.sys [33599]

O58 - SDL:[MD5.352FA0E98BC461CE1CE5D41F64DB558D] - 06/07/2011 - 00:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wATV06nt.sys [22271]

O58 - SDL:[MD5.791CC45DE6E50445BE72E8AD6401FF45] - 06/07/2011 - 00:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wATV10nt.sys [25471]

O58 - SDL:[MD5.0052D118995CBAB152DAABE6106D1442] - 06/07/2011 - 00:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys [23615]

O58 - SDL:[MD5.525849B4469DE021D5D61B4DB9BE3A9D] - 06/07/2011 - 00:29:48 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys [12063]

O58 - SDL:[MD5.589C2BCDB5BD602BF7B63D210407EF8C] - 06/07/2011 - 00:29:50 ---A- . (.Intel® Corporation - Local Flat Panel Display Minidriver for Intel® Graphics Drive.) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys [19455]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 06/07/2011 - 23:47:06 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 06/07/2011 - 04:31:58 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.DBCD41D42CF6F2C472B03E079057CBD2] - 06/07/2011 - 10:05:09 ---A- . (...) -- C:\WINDOWS\system32\haspdos.sys [383]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 06/07/2011 - 23:47:30 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 06/07/2011 - 04:31:58 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 06/07/2011 - 05:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 06/07/2011 - 23:47:44 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 06/07/2011 - 04:31:48 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 06/07/2011 - 04:31:48 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 06/07/2011 - 04:31:52 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 06/07/2011 - 04:31:46 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 06/07/2011 - 05:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 06/07/2011 - 05:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 06/07/2011 - 05:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 06/07/2011 - 05:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 06/07/2011 - 05:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

O58 - SDL:[MD5.A16FB34E56C781DC56BE7492315655B9] - 06/07/2011 - 16:05:02 ---A- . (.Prolific Technology Inc. - USB-Serial USB Driver.) -- C:\WINDOWS\system32\SER9PL.sys [35892]

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: RSIT - (.random/random.)

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - ??/??/???? - C:\DOCUME~1\Frank\LOCALS~1\Temp\013555~1.exe (.not file.) - McAfee Application Installer Cleanup (0135551257510229) (0135551257510229mcinstcleanup) .(...) - LEGACY_0135551257510229MCINSTCLEANUP

O64 - Services: CurCS - 09/05/2002 - C:\WINDOWS\system32\DRIVERS\adpu320.sys - No object(No service) .(.Adaptec, Inc. - Adaptec WinXP Ultra320 Driver.) - LEGACY_ADPU320

O64 - Services: CurCS - 29/05/2003 - C:\Program Files\Symantec\pcAnywhere\awhost32.exe - pcAnywhere Host Service(awhost32) .(.Symantec Corporation - pcAnywhere Host.) - LEGACY_AWHOST32

O64 - Services: CurCS - 21/04/2003 - C:\WINDOWS\system32\Drivers\awlegacy.sys - awlegacy(awlegacy) .(.Symantec Corporation - pcAnywhere Legacy Driver Module.) - LEGACY_AWLEGACY

O64 - Services: CurCS - 15/09/2009 - C:\WINDOWS\system32\drivers\CDAC11BA.exe - C-DillaCdaC11BA(C-DillaCdaC11BA) .(.Macrovision - Macrovision RTS Service.) - LEGACY_C-DILLACDAC11BA

O64 - Services: CurCS - 15/09/2009 - C:\WINDOWS\system32\drivers\CDAC15BA.sys - CdaC15BA(CdaC15BA) .(.Macrovision Europe Ltd - Macrovision SECURITY Driver.) - LEGACY_CDAC15BA

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLABOIOM.sys - DLABOIOM(DLABOIOM) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLABOIOM

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLADResN.sys - DLADResN(DLADResN) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLADRESN

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLAIFS_M.sys - DLAIFS_M(DLAIFS_M) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLAIFS_M

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLAOPIOM.sys - DLAOPIOM(DLAOPIOM) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLAOPIOM

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLAPoolM.sys - DLAPoolM(DLAPoolM) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLAPOOLM

O64 - Services: CurCS - 17/03/2006 - C:\WINDOWS\System32\Drivers\DLARTL_N.sys - DLARTL_N(DLARTL_N) .(.Sonic Solutions - Shared Driver Component.) - LEGACY_DLARTL_N

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLAUDFAM.sys - DLAUDFAM(DLAUDFAM) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLAUDFAM

O64 - Services: CurCS - 08/10/2006 - C:\WINDOWS\System32\DLA\DLAUDF_M.sys - DLAUDF_M(DLAUDF_M) .(.Sonic Solutions - Drive Letter Access Component.) - LEGACY_DLAUDF_M

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 17/03/2006 - C:\WINDOWS\System32\Drivers\DRVNDDM.sys - DRVNDDM(DRVNDDM) .(.Sonic Solutions - Device Driver Manager.) - LEGACY_DRVNDDM

O64 - Services: CurCS - 22/11/2006 - C:\WINDOWS\system32\drivers\hardlock.sys - Hardlock(Hardlock) .(.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) - LEGACY_HARDLOCK

O64 - Services: CurCS - 28/01/2010 - C:\WINDOWS\system32\drivers\Haspnt.sys - Haspnt(Haspnt) .(.Aladdin Knowledge Systems - HASP Kernel Device Driver for Windows NT.) - LEGACY_HASPNT

O64 - Services: CurCS - 22/10/2004 - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager(IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT

O64 - Services: CurCS - 15/05/2007 - C:\WINDOWS\System32\drivers\InCDFs.sys - InCD File System(InCDfs) .(.Nero AG - InCD File System Driver.) - LEGACY_INCDFS

O64 - Services: CurCS - 15/05/2007 - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe - InCD Helper(InCDsrv) .(.Nero AG - incdsrv.) - LEGACY_INCDSRV

O64 - Services: CurCS - 24/01/2008 - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - LightScribeService Direct Disc Labeling Service(LightScribeService) .(.Hewlett-Packard Company - LightScribe Service.) - LEGACY_LIGHTSCRIBESERVICE

O64 - Services: CurCS - 04/03/2009 - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe - MantaManager(MantaManager) .(.PC SOFT - MantaManager.exe (Gestion et mise à jour du.) - LEGACY_MANTAMANAGER

O64 - Services: CurCS - 29/05/2011 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY

O64 - Services: CurCS - 08/05/2007 - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - NMIndexingService(NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE

O64 - Services: CurCS - 09/05/2005 - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.exe - Service de repérage Symantec System Center(NSCTOP) .(.Symantec Corporation - NscTop Module.) - LEGACY_NSCTOP

O64 - Services: CurCS - 17/02/2010 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.sys - SASDIFSV(SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV

O64 - Services: CurCS - 10/05/2010 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys - SASKUTIL(SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL

O64 - Services: CurCS - 14/03/2006 - C:\WINDOWS\system32\Drivers\SENTINEL.sys - Sentinel(Sentinel) .(.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) - LEGACY_SENTINEL

O64 - Services: CurCS - 14/03/2006 - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe - Sentinel Protection Server(SentinelProtectionServer) .(.SafeNet, Inc - Pas de description.) - LEGACY_SENTINELPROTECTI

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX

O64 - Services: CurCS - 01/04/2005 - C:\Program Files\Symantec\SYMEVENT.sys - SymEvent(SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT

O64 - Services: CurCS - 04/04/2002 - C:\WINDOWS\system32\DRIVERS\symmpi.sys - No object(No service) .(.LSI Logic - LSI Logic Fusion-MPT MiniPort Driver.) - LEGACY_SYMMPI

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3

O64 - Services: CurCS - 04/11/2008 - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe - Vodafone Mobile Connect Service(VMCService) .(.Vodafone - VMCService.) - LEGACY_VMCSERVICE

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Live Search) - Bing

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 8467 - (05/07/2011)

Clés trouvées (Keys found) : 4

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}] =>Toolbar.Agent

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}] =>Toolbar.Agent

[HKLM\Software\Classes\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}] =>Toolbar.Agent

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}] =>Toolbar.Agent

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Auto 30/12/1899 0 | (0135551257510229mcinstcleanup) . (...) - C:\DOCUME~1\Frank\LOCALS~1\Temp\013555~1.exe

SS - | Demand 06/07/2011 68096 | (Adobe LM Service) . (...) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

SR - | Auto 06/07/2011 1372160 | (ArcGIS License Manager) . (.Macrovision Corporation.) - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

SS - | Demand 06/07/2011 106496 | (awhost32) . (.Symantec Corporation.) - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

SR - | Auto 06/07/2011 54784 | (C-DillaCdaC11BA) . (.Macrovision.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe

SS - | Demand 06/07/2011 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SS - | Auto 30/12/1899 0 | (Hyper File Server : DGCC-LOME) . (...) - \Serveur\d$\Copie de Serveur GRH\Manta.exe

SR - | Auto 06/07/2011 180736 | (Hyper File Server : Salle-Tirage) . (.PC SOFT.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe

SS - | Demand 06/07/2011 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

SR - | Auto 06/07/2011 1550896 | C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (InCDsrv) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

SR - | Auto 06/07/2011 38560 | (Intel Alert Handler) . (.Intel® Corporation.) - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

SR - | Auto 06/07/2011 59032 | (Intel Alert Originator) . (.Intel® Corporation.) - C:\WINDOWS\system32\ams_ii\iao.exe

SR - | Auto 06/07/2011 42640 | (Intel File Transfer) . (.Intel® Corporation.) - C:\WINDOWS\system32\cba\xfr.exe

SR - | Auto 06/07/2011 38544 | (Intel PDS) . (.Intel® Corporation.) - C:\WINDOWS\system32\cba\pds.exe

SR - | Auto 06/07/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

SR - | Auto 06/07/2011 229376 | (MantaManager) . (.PC SOFT.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe

SS - | Demand 06/07/2011 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

SS - | Demand 06/07/2011 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

SR - | Auto 06/07/2011 911456 | (NSCTOP) . (.Symantec Corporation.) - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.exe

SS - | Demand 06/07/2011 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

SR - | Auto 06/07/2011 206400 | (SentinelProtectionServer) . (.SafeNet, Inc.) - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

SR - | Auto 06/07/2011 14336 | (VMCService) . (.Vodafone.) - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by dranoel at 06/07/2011 11:04:03

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8A7B3AB8]

3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\00000069[0x8A7B9F18]

5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A7B8940]

kernel: MBR read successfully

user & kernel MBR OK

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by dranoel at 06/07/2011 11:04:05

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

 

 

 

End of the scan (1140 lines in 03mn 35s)(0)

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

Ceci s.t.p

 

 

* Copie le tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} . (.Speedbit Ltd. - DAP IE Browser Helper Module.) -- C:\Program Files\DAP\DAPBHO.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (...) -- (.not file.)

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} . (.Pas de propriétaire - DAP IE Bar.) -- C:\Program Files\DAP\DAPIEBar.dll

O23 - Service: McAfee Application Installer Cleanup (0135551257510229) (0135551257510229mcinstcleanup) - Clé orpheline

O23 - Service: Hyper File Server : DGCC-LOME (Hyper File Server : DGCC-LOME) - Clé orpheline

O64 - Services: CurCS - ??/??/???? - C:\DOCUME~1\Frank\LOCALS~1\Temp\013555~1.exe (.not file.) - McAfee Application Installer Cleanup (0135551257510229) (0135551257510229mcinstcleanup) .(...) - LEGACY_0135551257510229MCINSTCLEANUP

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

[HKLM\Software\Classes\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

 

FirewallRaz

EmptyFlash

Emptytemp

 

 

Puis Lance ZHPFix depuis le raccourci du bureau.

 

Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)

- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes

- Clique sur le bouton « GO » pour lancer le nettoyage,

- Copie/colle la totalité du rapport dans ta prochaine réponse

 

-> laisse travailler l'outil et ne touche à rien ...

 

Une fois terminée, un nouveau rapport s'affiche : copie/colle le contenu de ce dernier dans ta prochaine réponse ...

 

(ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ZHPFixReport.txt)

 

Important : s'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le de suite !

 

Après dis moi comment va ton pc.

laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

Bonjour à tous

Bonjour Bernard53 et merci

J'ai fait le nécessaire et voici le rapport

 

Rapport de ZHPFix 1.12.3336 par Nicolas Coolman, Update du 07/07/2011

Fichier d'export Registre :

Run by dranoel at 08/07/2011 07:41:02

Windows XP Professional Service Pack 3 (Build 2600)

Web site : ZHPFix Fix de rapport

 

========== Clé(s) du Registre ==========

SUPPRIME Key: CLSID BHO: {0000CC75-ACF3-4cac-A0A9-DD3868E06852}

SUPPRIME Key: Service: 0135551257510229mcinstcleanup

SUPPRIME Key: Service: Hyper File Server : DGCC-LOME

SUPPRIME Key: Service Legacy: LEGACY_0135551257510229MCINSTCLEANUP

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

SUPPRIME Key: HKLM\Software\Classes\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

 

========== Valeur(s) du Registre ==========

SUPPRIME Toolbar: {0BF43445-2F28-4351-9252-17FE6E806AA0}

SUPPRIME Toolbar: {62999427-33FC-4baf-9C9C-BCE6BD127F08}

SUPPRIME FirewallRaz (DP) : C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

SUPPRIME FirewallRaz (DP) : \\Serveur\C$\BACKUP PREVENTIF\Serveur HF\Centre de Controle HF\CC100HF.exe

SUPPRIME FirewallRaz (DP) : E:\Softs\Nero\Nero 7\Installation\Setupx.exe

Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

 

========== Elément(s) de donnée du Registre ==========

SUPPRIME Explorer Association Data Application: File extension redirect

SUPPRIME Explorer Association Data Intl: File extension redirect

SUPPRIME Explorer Association Data XMLLookup: File extension redirect

 

========== Dossier(s) ==========

SUPPRIME Flash Cookies: 2

SUPPRIME Temporaires Windows: : 26

 

========== Fichier(s) ==========

SUPPRIME c:\program files\dap\dapbho.dll

SUPPRIME c:\program files\dap\dapiebar.dll

SUPPRIME Flash Cookies: 3

SUPPRIME Temporaires Windows: : 117

 

 

========== Récapitulatif ==========

8 : Clé(s) du Registre

6 : Valeur(s) du Registre

3 : Elément(s) de donnée du Registre

2 : Dossier(s)

4 : Fichier(s)

 

 

========== Chemin du fichier rapport ==========

C:\Program Files\ZHPFix\ZHPFixReport.txt

 

 

 

End of the scan in 00mn 04s

laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

Bernard53, je veux te dire que mon PC est comme une voiture sur autoroute.

Pour accéder à mon poste de travail, c'était toute une bataille.

je viens de constater que ça va. Merci infiniment

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

Bernard53, je veux te dire que mon PC est comme une voiture sur autoroute.

Pour accéder à mon poste de travail, c'était toute une bataille.

je viens de constater que ça va. Merci infiniment

 

:super: Bonne nouvelle.

 

Juste ceci alors.

 

 

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

 

Télécharge << DelFix >> de Xplode pour supprimer les logiciels qui ont servis a cette désinfection.

 

 

* Lance-le.

 

* A l'invite, [suppression] ()

 

* Un rapport va s'ouvrir à la fin, colle le dans la réponse

 

Ensuite pour le désinstaller ; tu relances et tu passes à l'option [Désinstallation]

 

 

Puis:

 

 

Maintenant on va mettre la restauration du système propre.

 

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés

ou touche "Windows+Pause"

Cliquez sur l'onglet Restauration du système

 

Sélectionnez Désactiver la Restauration du système sur tous les lecteurs.

 

Cliquez sur Appliquer puis OUI dans la fenêtre suivante.

 

Attendre quelques instants puis :

 

activer la restauration du système de nouveau. en décochant la case que vous venez de cocher puis valider par Appliquer et OK

 

Maintenant on crée un nouveau point de restauration.

 

Démarrer—Exécuter—ou touche "Windows+R" et tapes:

%SystemRoot%\System32\restore\rstrui.exe

 

Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.

 

Vous pouvez maintenant fermer toutes les fenêtres.

 

 

Zebullon:

http://forum.zebulon.fr/comment-afficher-son-sujet-comme-resolu-t180253.html

 

 

 

Et ceci pour marquer ton post comme résolu

laborantin Junior Member

laborantin

Posté(e)
  • Auteur
Posté(e)

Bonjour Bernard53 et bonjour à tous

Merci à tous et particulièrement à toi Bernard53

 

# DelFix v8.1 - Rapport créé le 12/07/2011 à 06:50

# Mis à jour le 20/06/11 à 19h par Xplode

# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3

# Nom d'utilisateur : dranoel - SALLE-TIRAGE (Administrateur)

# Exécuté depuis : C:\Documents and Settings\dranoel\Mes documents\Téléchargements\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossier(s) ~~~~~~

 

Supprimé : C:\RSIT

Supprimé : C:\USBFix

Supprimé : C:\Program Files\Ad-Remover

Supprimé : C:\Program Files\ZHPDiag

Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\Ad-Report-SCAN[1].txt

Supprimé : C:\PhysicalDisk0_MBR.bin

Supprimé : C:\rapport.txt

Supprimé : C:\UsbFix.txt

Supprimé : C:\UsbFix_Upload_Me_SALLE-TIRAGE.zip

Supprimé : C:\ZHPExportRegistry-08-07-2011-07-41-02.txt

Supprimé : C:\WINDOWS\System32\tmp.reg

Supprimé : C:\WINDOWS\System32\tmp.txt

Supprimé : C:\Documents and Settings\dranoel\Bureau\AD-R.lnk

Supprimé : C:\Documents and Settings\dranoel\Bureau\ZHPDiag2.exe

Supprimé : C:\Documents and Settings\dranoel\Bureau\ZHPFix.exe

Supprimé : C:\Documents and Settings\dranoel\Bureau\ZHPFixReport.txt

Supprimé : C:\Documents and Settings\dranoel\Mes documents\Téléchargements\RSIT.exe

Supprimé : C:\Documents and Settings\dranoel\Mes documents\Téléchargements\SmitfraudFix.exe

Supprimé : C:\Documents and Settings\dranoel\Mes documents\Téléchargements\Zeb-Restore.zip

Supprimé : C:\Documents and Settings\dranoel\Mes documents\Téléchargements\ZHPFix.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\SOFTWARE\Ad-Remover

Clé Supprimée : HKCU\SOFTWARE\USBFix

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP

Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

 

~~~~~~ Autre ~~~~~~

 

-> Prefetch vidé

 

########## EOF - "C:\DelFixSuppr.txt" - [2237 octets] ##########

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...