[Résolu] Security Sphere 2012 / Infection

[Brylama]

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 13/09/2008 - 17:16:24 - [0] ----D- C:\Program Files\ACD Systems

O43 - CFD: 05/01/2011 - 19:00:22 - [57412112] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 10/11/2010 - 18:36:18 - [248248384] ----D- C:\Program Files\Adobe

O43 - CFD: 06/05/2007 - 00:02:32 - [0] ----D- C:\Program Files\Alwil Software

O43 - CFD: 07/08/2011 - 09:39:32 - [2428606] ----D- C:\Program Files\Apple Software Update

O43 - CFD: 26/03/2007 - 14:00:16 - [267140948] ----D- C:\Program Files\ArcSoft

O43 - CFD: 17/09/2009 - 10:04:36 - [187360070] ----D- C:\Program Files\Avira

O43 - CFD: 22/03/2010 - 10:20:20 - [64196459] ----D- C:\Program Files\AVS4YOU

O43 - CFD: 13/10/2011 - 09:41:24 - [613795] ----D- C:\Program Files\Bonjour

O43 - CFD: 10/03/2010 - 15:16:26 - [2913496] ----D- C:\Program Files\CCleaner

O43 - CFD: 11/05/2006 - 10:35:10 - [0] ----D- C:\Program Files\ComPlus Applications

O43 - CFD: 11/05/2006 - 03:33:34 - [7718128] ----D- C:\Program Files\CONEXANT

O43 - CFD: 29/10/2010 - 18:59:58 - [3711368] ----D- C:\Program Files\DIFX

O43 - CFD: 31/12/2010 - 21:58:10 - [147467083] ----D- C:\Program Files\DivX

O43 - CFD: 13/10/2011 - 09:51:58 - [692112653] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 31/12/2010 - 21:53:40 - [458259485] ----D- C:\Program Files\Google

O43 - CFD: 21/08/2008 - 15:02:22 - [61306376] ----D- C:\Program Files\Hewlett-Packard

O43 - CFD: 01/09/2009 - 13:54:02 - [174484009] ----D- C:\Program Files\Hp

O43 - CFD: 26/01/2007 - 11:32:42 - [2790996] ----D- C:\Program Files\HPQ

O43 - CFD: 14/09/2011 - 08:15:56 - [52947259] ----D- C:\Program Files\iMesh Applications

O43 - CFD: 16/02/2008 - 08:56:56 - [9981339] ----D- C:\Program Files\IncrediMail

O43 - CFD: 20/01/2011 - 19:00:26 - [80741439] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 11/05/2006 - 02:45:54 - [41139] ----D- C:\Program Files\Intel

O43 - CFD: 13/10/2011 - 10:03:50 - [5917259] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 13/10/2011 - 09:46:14 - [2018955] ----D- C:\Program Files\iPod

O43 - CFD: 13/10/2011 - 09:47:20 - [186118171] ----D- C:\Program Files\iTunes

O43 - CFD: 14/10/2010 - 16:05:00 - [98446164] ----D- C:\Program Files\Java

O43 - CFD: 03/05/2009 - 11:36:42 - [1797427] ----D- C:\Program Files\K-Lite Codec Pack

O43 - CFD: 21/09/2011 - 17:50:08 - [7041947] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 20/01/2011 - 19:00:16 - [221184] ----D- C:\Program Files\MarkAny

O43 - CFD: 20/01/2011 - 20:04:28 - [221184] ----D- C:\Program Files\MarkAnyContentSAFER

O43 - CFD: 23/04/2009 - 23:38:36 - [2912746] ----D- C:\Program Files\Megaupload

O43 - CFD: 13/08/2008 - 11:22:56 - [2152579] ----D- C:\Program Files\Messenger

O43 - CFD: 24/05/2010 - 17:41:18 - [6451883] ----D- C:\Program Files\Messenger Plus! Live

O43 - CFD: 17/12/2008 - 12:39:04 - [1544075] ----D- C:\Program Files\Microsoft

O43 - CFD: 11/10/2007 - 06:59:24 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2

O43 - CFD: 13/03/2007 - 21:09:26 - [2829368] ----D- C:\Program Files\Microsoft Carioca

O43 - CFD: 11/05/2006 - 10:35:12 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 29/03/2007 - 13:15:06 - [161958263] ----D- C:\Program Files\Microsoft LifeCam

O43 - CFD: 10/11/2010 - 18:08:22 - [137284122] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 13/10/2011 - 10:36:48 - [38412395] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 07/11/2007 - 23:14:10 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 11/05/2006 - 02:55:30 - [149660739] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 11/08/2010 - 10:20:02 - [10387162] ----D- C:\Program Files\Movie Maker

O43 - CFD: 19/10/2007 - 09:48:46 - [3764794] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 17/04/2009 - 20:56:02 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 10/11/2010 - 18:08:12 - [27892223] ----D- C:\Program Files\MSECache

O43 - CFD: 24/05/2010 - 17:39:38 - [19278399] ----D- C:\Program Files\MSN

O43 - CFD: 11/05/2006 - 10:35:12 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 13/03/2007 - 21:05:42 - [0] ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 06/06/2008 - 05:57:38 - [3285523] ----D- C:\Program Files\NetMeeting

O43 - CFD: 11/05/2006 - 03:32:56 - [4809074] ----D- C:\Program Files\NetWaiting

O43 - CFD: 11/05/2006 - 10:35:12 - [1708] ----D- C:\Program Files\Online Services

O43 - CFD: 26/08/2011 - 20:25:48 - [55613560] ----D- C:\Program Files\Orange

O43 - CFD: 02/12/2007 - 20:11:10 - [1705113] ----D- C:\Program Files\Orban

O43 - CFD: 15/12/2010 - 14:42:44 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 13/09/2008 - 17:20:10 - [0] ----D- C:\Program Files\Panasonic

O43 - CFD: 20/01/2011 - 19:00:12 - [9771964] ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD: 16/08/2010 - 09:39:58 - [3688689] ----D- C:\Program Files\PhotoFiltre

O43 - CFD: 15/09/2011 - 10:32:54 - [110202606] ----D- C:\Program Files\QuickTime

O43 - CFD: 17/04/2009 - 20:55:50 - [36400897] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 25/11/2010 - 09:09:54 - [42295319] ----D- C:\Program Files\Safari

O43 - CFD: 20/05/2011 - 15:28:32 - [319156791] ----D- C:\Program Files\Samsung

O43 - CFD: 07/08/2010 - 11:23:52 - [1591088] ----D- C:\Program Files\Secunia

O43 - CFD: 23/02/2007 - 17:37:52 - [21030881] ----D- C:\Program Files\Securitoo

O43 - CFD: 11/05/2006 - 03:09:54 - [91357647] ----D- C:\Program Files\Services en ligne

O43 - CFD: 08/02/2010 - 11:47:54 - [1470464] ----D- C:\Program Files\Skype

O43 - CFD: 11/05/2006 - 10:35:12 - [310182754] ----D- C:\Program Files\Sonic

O43 - CFD: 03/03/2009 - 11:06:30 - [0] ----D- C:\Program Files\SUPERAntiSpyware

O43 - CFD: 11/05/2006 - 02:56:30 - [27010224] ----D- C:\Program Files\Synaptics

O43 - CFD: 11/08/2010 - 23:07:36 - [791060] ----D- C:\Program Files\trend micro

O43 - CFD: 11/05/2006 - 10:35:12 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 22/02/2010 - 11:01:02 - [15324543] ----D- C:\Program Files\Virtools

O43 - CFD: 24/03/2010 - 10:24:20 - [8695808] ----D- C:\Program Files\WalterShop.com

O43 - CFD: 28/08/2011 - 09:24:36 - [17272564] ----D- C:\Program Files\Wanadoo

O43 - CFD: 30/10/2009 - 19:23:36 - [2092544] ----D- C:\Program Files\Windows Journal Viewer

O43 - CFD: 11/07/2011 - 08:55:10 - [42340762] ----D- C:\Program Files\Windows Live

O43 - CFD: 09/07/2010 - 10:21:36 - [245112] ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD: 20/12/2007 - 23:32:52 - [2650] ----D- C:\Program Files\Windows Live Toolbar

O43 - CFD: 14/03/2007 - 21:14:52 - [3588750] ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD: 06/06/2008 - 05:57:34 - [9419393] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 06/06/2008 - 05:57:34 - [3942655] ----D- C:\Program Files\Windows NT

O43 - CFD: 11/05/2006 - 10:35:12 - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 11/05/2006 - 10:35:12 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 23/06/2011 - 08:52:56 - [54091914] ----D- C:\Program Files\Yahoo!

O43 - CFD: 13/10/2011 - 13:42:16 - [5436354] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 27/06/2011 - 13:05:38 - [5514642] ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD: 13/10/2011 - 09:46:12 - [122129455] ----D- C:\Program Files\Fichiers Communs\Apple

O43 - CFD: 22/03/2010 - 10:20:12 - [70272357] ----D- C:\Program Files\Fichiers Communs\AVSMedia

O43 - CFD: 22/02/2007 - 22:12:32 - [86016] ----D- C:\Program Files\Fichiers Communs\Designer

O43 - CFD: 31/12/2010 - 21:58:10 - [29547609] ----D- C:\Program Files\Fichiers Communs\DivX Shared

O43 - CFD: 11/05/2006 - 10:35:10 - [3830214] ----D- C:\Program Files\Fichiers Communs\HP

O43 - CFD: 11/05/2006 - 02:52:56 - [18688675] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 13/10/2011 - 09:51:58 - [1258951] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 11/05/2006 - 03:18:52 - [5644557] ----D- C:\Program Files\Fichiers Communs\LightScribe

O43 - CFD: 10/11/2010 - 18:08:30 - [157925868] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 11/05/2006 - 10:35:10 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 14/12/2007 - 21:44:02 - [0] ----D- C:\Program Files\Fichiers Communs\NSV

O43 - CFD: 11/05/2006 - 10:35:10 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 11/05/2006 - 10:35:10 - [8106] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 11/05/2006 - 10:35:10 - [16542515] ----D- C:\Program Files\Fichiers Communs\Sonic Shared

O43 - CFD: 11/05/2006 - 10:35:10 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 11/05/2006 - 10:35:10 - [475136] ----D- C:\Program Files\Fichiers Communs\SureThing Shared

O43 - CFD: 30/07/2009 - 11:17:30 - [450406] ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD: 06/06/2008 - 05:57:32 - [14742725] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 11/05/2006 - 10:35:10 - [355840] ----D- C:\Program Files\Fichiers Communs\TiVo Shared

O43 - CFD: 17/12/2008 - 12:00:20 - [217516024] ----D- C:\Program Files\Fichiers Communs\Windows Live

O43 - CFD: 07/11/2007 - 23:02:26 - [23052168] -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller

O43 - CFD: 19/09/2007 - 14:18:52 - [11293347] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\ACD Systems

O43 - CFD: 13/09/2008 - 17:16:18 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\ACDInTouch

O43 - CFD: 12/06/2008 - 08:03:00 - [2425882] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Adobe

O43 - CFD: 04/02/2007 - 03:08:16 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\AdobeUM

O43 - CFD: 15/06/2010 - 13:53:30 - [53248] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\AdSigner

O43 - CFD: 23/11/2009 - 12:13:02 - [100734078] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Apple Computer

O43 - CFD: 26/03/2007 - 14:13:56 - [2246] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\ArcSoft

O43 - CFD: 22/03/2010 - 10:21:38 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\AVS4YOU

O43 - CFD: 26/01/2007 - 12:44:16 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\CyberLink

O43 - CFD: 31/12/2010 - 22:02:04 - [148536] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\DivX

O43 - CFD: 25/04/2007 - 19:07:10 - [35687] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Google

O43 - CFD: 24/02/2010 - 11:23:20 - [63] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Help

O43 - CFD: 26/01/2007 - 12:44:14 - [7928] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\HP

O43 - CFD: 29/09/2010 - 08:30:58 - [3878] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\HpUpdate

O43 - CFD: 11/05/2006 - 10:35:10 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Identities

O43 - CFD: 14/09/2011 - 10:49:38 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\imeshbandmltbpi

O43 - CFD: 13/09/2008 - 17:19:48 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\InstallShield

O43 - CFD: 13/10/2007 - 01:29:06 - [539] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Leadertech

O43 - CFD: 22/05/2008 - 23:28:56 - [67672] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\LimeWire

O43 - CFD: 10/03/2007 - 23:31:16 - [10292] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Macromedia

O43 - CFD: 25/02/2009 - 06:49:54 - [441960] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Malwarebytes

O43 - CFD: 11/09/2008 - 14:09:58 - [1102] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Media Player Classic

O43 - CFD: 14/09/2011 - 10:50:06 - [736719] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\mediabarim

O43 - CFD: 23/04/2009 - 23:39:26 - [418102] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Megaupload

O43 - CFD: 23/04/2009 - 22:46:12 - [17937218] -S--D- C:\Documents and Settings\Sylvie Roussin\Application Data\Microsoft

O43 - CFD: 15/07/2011 - 13:52:56 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\ML

O43 - CFD: 25/04/2007 - 19:41:52 - [10274342] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla

O43 - CFD: 24/05/2010 - 17:39:36 - [327] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\MSNInstaller

O43 - CFD: 23/06/2010 - 17:01:00 - [1924484] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Orange

O43 - CFD: 13/09/2008 - 17:20:04 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Panasonic

O43 - CFD: 29/10/2010 - 20:19:08 - [354] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\PC Suite

O43 - CFD: 25/04/2007 - 19:11:46 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\PC Tools

O43 - CFD: 16/08/2010 - 09:57:36 - [1816] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\PhotoFiltre

O43 - CFD: 15/11/2007 - 12:05:50 - [1288565] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Radios Media Player

O43 - CFD: 20/01/2011 - 19:00:44 - [17375686] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Samsung

O43 - CFD: 08/02/2010 - 09:54:40 - [107344] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\skypePM

O43 - CFD: 13/10/2007 - 01:29:28 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Sonic

O43 - CFD: 22/04/2007 - 19:05:18 - [54625852] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Sun

O43 - CFD: 03/03/2009 - 11:06:50 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\SUPERAntiSpyware.com

O43 - CFD: 25/04/2007 - 19:43:50 - [18465] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Talkback

O43 - CFD: 27/05/2008 - 17:12:38 - [45056] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\TaoUSign

O43 - CFD: 26/01/2007 - 19:45:34 - [8704] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Template

O43 - CFD: 07/12/2007 - 11:28:42 - [1668953] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Todae

O43 - CFD: 25/08/2010 - 22:07:34 - [616433] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Uniblue

O43 - CFD: 14/06/2010 - 23:27:20 - [713204] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\uTorrent

O43 - CFD: 07/06/2008 - 09:37:18 - [371392] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\vlc

O43 - CFD: 23/06/2011 - 08:55:26 - [530132] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\Yahoo!

O43 - CFD: 22/02/2010 - 11:03:02 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\3DVIA

O43 - CFD: 06/10/2010 - 21:44:52 - [10791881] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Adobe

O43 - CFD: 15/07/2007 - 20:48:38 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Apple

O43 - CFD: 01/02/2010 - 19:02:28 - [67186072] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Apple Computer

O43 - CFD: 27/11/2010 - 18:27:00 - [33155] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 11/05/2006 - 03:32:52 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\BVRP Software

O43 - CFD: 20/05/2011 - 15:17:38 - [447374916] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Downloaded Installations

O43 - CFD: 31/12/2010 - 21:58:28 - [531725906] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Google

O43 - CFD: 22/02/2007 - 22:14:56 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Help

O43 - CFD: 11/05/2006 - 02:41:44 - [39725472] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\HP

O43 - CFD: 15/02/2007 - 21:27:10 - [668472] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Identities

O43 - CFD: 02/02/2008 - 22:25:12 - [7191035] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\IM

O43 - CFD: 15/09/2011 - 08:21:30 - [113033174] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\iMesh

O43 - CFD: 11/05/2006 - 02:41:50 - [1436] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\IsolatedStorage

O43 - CFD: 28/11/2010 - 01:58:38 - [649908553] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Microsoft

O43 - CFD: 25/04/2007 - 19:41:52 - [102457] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Mozilla

O43 - CFD: 27/08/2011 - 08:10:32 - [49] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Orange

O43 - CFD: 14/09/2011 - 08:13:44 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\PackageAware

O43 - CFD: 26/01/2007 - 12:44:14 - [7585] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\QuickPlay

O43 - CFD: 27/04/2011 - 13:57:36 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Temp

O43 - CFD: 14/03/2007 - 21:13:18 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\WMTools Downloaded Files

O43 - CFD: 23/06/2011 - 08:56:02 - [119858] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Yahoo

O43 - CFD: 23/06/2011 - 08:53:14 - [13916746] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Yahoo!

O43 - CFD: 11/05/2006 - 10:35:10 - [12181504] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}

~ Scan Program Folder in 01mn 33s

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.90BA4D75DE712A6F7B4C1D50CAA3679F] - 13/10/2011 - 12:41:11 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]

O44 - LFC:[MD5.F6E9F0A023B3838378BE6E56E07086C1] - 13/10/2011 - 12:30:48 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [50868]

O44 - LFC:[MD5.15F881A9BBA635501A8CC8856BF009B1] - 13/10/2011 - 12:30:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.D26593F1EDE364D6024E1AC479FB4F8D] - 13/10/2011 - 12:29:36 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1639928]

O44 - LFC:[MD5.EEA11CE21707AC64E4BA144680BEC742] - 13/10/2011 - 12:29:01 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [1158]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/10/2011 - 12:28:48 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.74DA28701F8F94364EAD161D183B7A0B] - 13/10/2011 - 12:28:48 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 13/10/2011 - 12:28:41 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.82068DD7A8F2BE5212CBCC45A2C30537] - 13/10/2011 - 11:53:59 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32328]

O44 - LFC:[MD5.2C536D41DCE213E1D449F18B3D41EA55] - 13/10/2011 - 09:48:45 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [414368]

O44 - LFC:[MD5.9EEC132BBFD85D730A4D776939242C35] - 13/10/2011 - 09:36:50 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [224024]

O44 - LFC:[MD5.B6842ABA543C1C930BCD839213F98726] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\KB2564958.log [10484]

O44 - LFC:[MD5.E8BB5766026F0010C975E0F5F33AC811] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\comsetup.log [8255]

O44 - LFC:[MD5.FDAB3308211D04634935A5FE3AFB2317] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\iis6.log [3965]

O44 - LFC:[MD5.79162CEE4FD754D3A5D7542444FA1772] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\imsins.log [1393]

O44 - LFC:[MD5.FC810B7C779EB9209541FC206D44EF21] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [5003]

O44 - LFC:[MD5.E0AC8707D470B36A7D30C21C2CAF6B0F] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\ocmsn.log [1368]

O44 - LFC:[MD5.AC4032608639DA681F39463674FB7611] - 13/10/2011 - 09:29:20 ---A- . (...) -- C:\WINDOWS\tsoc.log [9437]

O44 - LFC:[MD5.709E140151B4DC0F535492D8B42C9EFE] - 13/10/2011 - 09:29:19 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [24730]

O44 - LFC:[MD5.4107E471D9CA9C782D1C6A6F2D4DB3CE] - 13/10/2011 - 09:29:19 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1236]

O44 - LFC:[MD5.0B1DAAC04D642A2FB1A5D05F955AB815] - 13/10/2011 - 09:29:19 ---A- . (...) -- C:\WINDOWS\ocgen.log [11824]

O44 - LFC:[MD5.4725BD6327BD8C740F515D983F6A7FD0] - 13/10/2011 - 09:29:19 ---A- . (...) -- C:\WINDOWS\setupapi.log [21814]

O44 - LFC:[MD5.429B063822D66B7795952409CE8A58AD] - 13/10/2011 - 09:29:15 ---A- . (...) -- C:\WINDOWS\updspapi.log [4425]

O44 - LFC:[MD5.C7EA049307FB78B2CD25A739D6174725] - 13/10/2011 - 09:27:41 ---A- . (...) -- C:\WINDOWS\system32\perfc00C.dat [109664]

O44 - LFC:[MD5.17B6CEFE713D79FDAB8DE91EC6DF96BF] - 13/10/2011 - 09:27:41 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [508234]

O44 - LFC:[MD5.9E9E728100B5CFE5B408254242152056] - 13/10/2011 - 09:27:41 ---A- . (...) -- C:\WINDOWS\system32\perfh00C.dat [583800]

O44 - LFC:[MD5.D5E98C9BAE8438D8733402C2EC6B7B1A] - 13/10/2011 - 09:27:40 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1265834]

O44 - LFC:[MD5.080D955FC5AE89B5B0E49726702333CE] - 13/10/2011 - 09:27:40 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [92590]

O44 - LFC:[MD5.8EF54293D42369529052B26DB75FBDBF] - 13/10/2011 - 09:13:07 ---A- . (...) -- C:\WINDOWS\system32\MRT.INI [129]

O44 - LFC:[MD5.7850A43142A975C378F92F2ACFC523C2] - 13/10/2011 - 09:06:21 ---A- . (...) -- C:\WINDOWS\KB2567053.log [17212]

O44 - LFC:[MD5.C5389F6764D31A0A62A9EBD5516F57CA] - 13/10/2011 - 09:06:21 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393]

O44 - LFC:[MD5.023A7C80EC6890A535E3BBEE274C7232] - 13/10/2011 - 09:05:22 ---A- . (...) -- C:\WINDOWS\KB2592799.log [11653]

O44 - LFC:[MD5.FACFB1872C9A5131490771F79FE01BA2] - 13/10/2011 - 09:04:23 ---A- . (...) -- C:\WINDOWS\KB2586448-IE8.log [16183]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/10/2011 - 09:04:12 ---A- . (...) -- C:\WINDOWS\setupact.log [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/10/2011 - 09:04:12 ---A- . (...) -- C:\WINDOWS\setuperr.log [0]

O44 - LFC:[MD5.B8A8EA8647B6A2B51A921C45420FE070] - 13/10/2011 - 08:30:28 ---A- . (.Sun Microsystems, Inc. - Java Control Panel.) -- C:\WINDOWS\system32\javacpl.cpl [73728]

O44 - LFC:[MD5.D42FFC8FF809E4F1BADB1F7C05E5F0E3] - 13/10/2011 - 08:30:28 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\deployJava1.dll [472808]

O44 - LFC:[MD5.1A90B36F219FFE260FF6C012D38D1B08] - 13/10/2011 - 08:30:28 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\java.exe [145184]

O44 - LFC:[MD5.36F1BDE30FB27A78A27DC13ADB5BE9EC] - 13/10/2011 - 08:30:28 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\javaw.exe [145184]

O44 - LFC:[MD5.872C7F9E8503EC348D3F179EAEE29768] - 13/10/2011 - 08:30:28 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\system32\javaws.exe [157472]

O44 - LFC:[MD5.CED647CE766386A19A4209C6EE474A1D] - 10/10/2011 - 19:53:55 ---A- . (...) -- C:\rkill.log [392]

O44 - LFC:[MD5.7014AC405A162ECA2B5E50C3B52F5E0C] - 10/10/2011 - 17:54:58 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [203094]

~ Scan Files in 02mn 13s

 

 

 

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" [Disabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeCam.exe" [Disabled] .(.Microsoft Corporation - LifeCam.exe.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Disabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Disabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" [Enabled] .(.PeeringPortal - KTF MUSIC AoD Server.) -- C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" [Enabled] .(.PeeringPortal - KTF MUSIC VoD Server.) -- C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [Enabled] .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O47 - AAKE:Key Export SP - "E:\fscommand\CKSocketServer.exe" [Enabled] .(...) -- E:\fscommand\CKSocketServer.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe" [Enabled] .(.France Telecom SA - Orange Upd@te.) -- C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe

O47 - AAKE:Key Export SP - "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" [Enabled] .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe

O47 - AAKE:Key Export SP - "C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" [Enabled] .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" [Enabled] .(.Apple Inc..) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe

O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

O47 - AAKE:Key Export DP - "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" [Enabled] .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe

~ Scan Keys in 00mn 02s

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)

~ Scan CSB in 00mn 00s

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ Scan IFEO in 00mn 00s

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (...) -- (.not file.)

O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\system32\DivX.dll

O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\system32\DivX.dll

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (...) -- (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\AppleSyncNotifier [Key] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe

O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O53 - SMSR:HKLM\...\startupreg\Cpqset [Key] . (...) -- C:\Program Files\HPQ\Default Settings\cpqset.exe

O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O53 - SMSR:HKLM\...\startupreg\High Definition Audio Property Page Shortcut [Key] . (.Windows ® Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\CHDAudPropShortcut.exe

O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O53 - SMSR:HKLM\...\startupreg\hpWirelessAssistant [Key] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe

O53 - SMSR:HKLM\...\startupreg\LifeCam [Key] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe

O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (...) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\NvCplDaemon [Key] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll

O53 - SMSR:HKLM\...\startupreg\NvMediaCenter [Key] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll

O53 - SMSR:HKLM\...\startupreg\nwiz [Key] . (...) -- C:\WINDOWS\system32\nwiz.exe

O53 - SMSR:HKLM\...\startupreg\orangeinside [Key] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\Sylvie Roussin\Application Data\Orange\OrangeInside\one\OrangeInside.exe

O53 - SMSR:HKLM\...\startupreg\QPService [Key] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files\HP\QuickPlay\QPService.exe

O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe

O53 - SMSR:HKLM\...\startupreg\RecGuard [Key] . (.Pas de propriétaire - Recguard Application.) -- C:\Windows\SMINST\RecGuard.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O53 - SMSR:HKLM\...\startupreg\VX3000 [Key] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\WINDOWS\vVX3000.exe

~ Scan SMSR Keys in 00mn 02s

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "BackupNoCDBurning"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 13/10/2011 - 04:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys [5248]

O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/10/2011 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys [43008]

O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 13/10/2011 - 04:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys [26496]

O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 13/10/2011 - 04:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys [14848]

O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/10/2011 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]

O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 13/10/2011 - 18:17:43 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [56816]

O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/10/2011 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]

O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 13/10/2011 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys [96104]

O58 - SDL:[MD5.7024E11DAB9410B31A37547575249DD7] - 13/10/2011 - 12:03:32 ---A- . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\system32\drivers\btwusb.sys [57096]

O58 - SDL:[MD5.C3E14EABDBBD0E45F1F702DB3807397A] - 13/10/2011 - 09:24:08 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\drivers\Camd905c.sys [24363]

O58 - SDL:[MD5.C526F69809CF33CA214F29243EAD47DC] - 13/10/2011 - 09:23:04 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\drivers\Capt905c.sys [25749]

O58 - SDL:[MD5.BF79E659C506674C0497CC9C61F1A165] - 13/10/2011 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys [2432]

O58 - SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471] - 13/10/2011 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys [2560]

O58 - SDL:[MD5.BB42BB78BBBC1E83292EF26973598DAF] - 13/10/2011 - 12:29:06 ---A- . (.Conexant Systems Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\CHDAud.sys [569856]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 13/10/2011 - 22:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 13/10/2011 - 00:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys [6656]

O58 - SDL:[MD5.4D4D97671C63C3AF869B3518E6054204] - 13/10/2011 - 12:24:10 ---A- . (.Hewlett-Packard Development Company, L.P. - HP Tablet PC Key Button HID Driver.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys [9344]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 13/10/2011 - 22:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 13/10/2011 - 04:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys [179584]

O58 - SDL:[MD5.6CA101F9AA3D845BA31F6E13C01301A8] - 13/10/2011 - 09:31:38 ---A- . (.Intel Corporation - Intel® PRO/100 Adapter NDIS 5.1 driver.) -- C:\WINDOWS\system32\drivers\e100b325.sys [157696]

O58 - SDL:[MD5.B5CB3084046146FD2587D8C9B219FEB4] - 13/10/2011 - 12:23:52 ---A- . (.Hewlett-Packard Development Company, L.P. - QLB PS/2 Keyboard filter driver.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys [7808]

O58 - SDL:[MD5.231F4547AE1E4B3E60ECA66C3A96D218] - 13/10/2011 - 12:24:20 ---A- . (.Hewlett-Packard Development Company, L.P. - QLB USB Keyboard filter driver.) -- C:\WINDOWS\system32\drivers\EabUsb.sys [5760]

O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 13/10/2011 - 14:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/10/2011 - 17:36:05 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 13/10/2011 - 16:07:16 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\drivers\Hdaudio.sys [145920]

O58 - SDL:[MD5.89E256C5F5346BE265D9F86AC8625D4F] - 13/10/2011 - 16:06:16 ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys [201600]

O58 - SDL:[MD5.214BC3AD84907AD6AD655AC5465F449A] - 13/10/2011 - 16:06:10 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys [718464]

O58 - SDL:[MD5.0E44AF3828111D4C3E73C33AC95226D8] - 13/10/2011 - 16:07:00 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys [1035008]

O58 - SDL:[MD5.309C4D86D989FB1FCF64BD30DC81C51B] - 13/10/2011 - 10:07:12 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver.) -- C:\WINDOWS\system32\drivers\iaStor.sys [874240]

O58 - SDL:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 13/10/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22216]

O58 - SDL:[MD5.74F4372AF97A587ECEC527EC34955712] - 13/10/2011 - 11:57:46 ---A- . (.Conexant - Diagnostic Interface x86 Driver.) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys [12672]

O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 13/10/2011 - 04:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys [17280]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 13/10/2011 - 22:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.88D8F8D4C3243E0BB0ED57496868E52E] - 13/10/2011 - 19:26:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.54.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [3658528]

O58 - SDL:[MD5.175CC28DCF819F78CAA3FBD44AD9E52A] - 13/10/2011 - 14:53:26 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys [21632]

O58 - SDL:[MD5.1DF21F001F3A94EBA4A2950C70CC358F] - 13/10/2011 - 15:05:32 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\WINDOWS\system32\drivers\psi_mf.sys [14904]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 13/10/2011 - 22:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 13/10/2011 - 04:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys [40320]

O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 13/10/2011 - 04:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys [45312]

O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 13/10/2011 - 04:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys [49024]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 13/10/2011 - 22:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 13/10/2011 - 22:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.D507C1400284176573224903819FFDA3] - 13/10/2011 - 07:31:34 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8139 NDIS 5.0 Driver.) -- C:\WINDOWS\system32\drivers\RTL8139.sys [20992]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/10/2011 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/10/2011 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys [40960]

O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 13/10/2011 - 05:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys [19072]

O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 13/10/2011 - 10:52:03 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.3F0164FBC0BD1ADBD02DF9759181451A] - 13/10/2011 - 03:25:16 ---A- . (.MCCI - SAMSUNG USB Mobile Device.) -- C:\WINDOWS\system32\drivers\ss_bbus.sys [98432]

O58 - SDL:[MD5.2DD4E8844F8F094659DD695A80FED36E] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_bcm.sys [12416]

O58 - SDL:[MD5.2DD4E8844F8F094659DD695A80FED36E] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_bcmnt.sys [12416]

O58 - SDL:[MD5.B89D62206034E5FE573C80A24DD55675] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - SAMSUNG USB Mobile Modem Filter.) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys [14848]

O58 - SDL:[MD5.1ED0FCEA586FE2A416EE15196E5631DD] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - SAMSUNG USB Mobile Modem.) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys [123648]

O58 - SDL:[MD5.F9F4BC8A7EC80F39DE8323D0D1BC85FE] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - SAMSUNG USB Mobile Device (Windows 2000/XP support functions).) -- C:\WINDOWS\system32\drivers\ss_bwh.sys [12288]

O58 - SDL:[MD5.F9F4BC8A7EC80F39DE8323D0D1BC85FE] - 13/10/2011 - 03:25:16 ---A- . (.MCCI Corporation - SAMSUNG USB Mobile Device (Windows 2000/XP support functions).) -- C:\WINDOWS\system32\drivers\ss_bwhnt.sys [12288]

O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 13/10/2011 - 19:01:12 ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys [5632]

O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 13/10/2011 - 05:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256]

O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 13/10/2011 - 05:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640]

O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 13/10/2011 - 05:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384]

O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 13/10/2011 - 05:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688]

O58 - SDL:[MD5.C9A1785CC0D7A040DD0FDBFEAA8BE135] - 13/10/2011 - 06:31:48 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\WINDOWS\system32\drivers\SynTP.sys [192736]

O58 - SDL:[MD5.9179E07503630D6FB2E4162FF0196191] - 13/10/2011 - 11:30:56 ---A- . (.Texas Instruments - tifm21.sys.) -- C:\WINDOWS\system32\drivers\tifm21.sys [162432]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 13/10/2011 - 22:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 13/10/2011 - 04:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys [36736]

O58 - SDL:[MD5.D4FB6ECC60A428564BA8768B0E23C0FC] - 13/10/2011 - 16:36:58 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [41984]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 13/10/2011 - 22:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.4E7B07653F4F9937CF62AD2869FBA520] - 13/10/2011 - 19:02:54 ---A- . (.Intel® Corporation - Intel® Wireless LAN Driver.) -- C:\WINDOWS\system32\drivers\w39n51.sys [1428480]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.CBE5F69A5E5B918225F420BA748F3742] - 13/10/2011 - 01:32:54 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/10/2011 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

O58 - SDL:[MD5.354585D8E53F2FF9B8AD5E1E2EF68CEF] - 13/10/2011 - 19:44:16 ---A- . (.Matsushita Electric Industrial Co., Ltd. - Phoebe Photo Distribution Manager.) -- C:\WINDOWS\system32\PhDi2.sys [45056]

O58 - SDL:[MD5.A3D1422C24CB7152C53019369FC76DA1] - 13/10/2011 - 09:13:34 ---A- . (.Phoenix Technologies K.K. - USB FDD CLASS DRIVER.) -- C:\WINDOWS\system32\pusbfd1.sys [32356]

~ Scan Drivers in 00mn 03s

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: RSIT - (.random/random.)

O63 - Logiciel: Toolbar SD - (.IDN Team.)

~ Scan ADS in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\aliide.sys - AliIde(AliIde) .(.Acer Laboratories Inc. - ALi mini IDE Driver.) - LEGACY_ALIIDE

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\amdagp.sys - No object(No service) .(.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) - LEGACY_AMDAGP

O64 - Services: CurCS - 18/09/2009 - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur(AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE

O64 - Services: CurCS - 18/09/2009 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard(AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\asc.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) - LEGACY_ASC

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550

O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO

O64 - Services: CurCS - 10/12/2009 - C:\WINDOWS\system32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - 30/03/2009 - C:\WINDOWS\system32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB

O64 - Services: CurCS - ??/??/???? - C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME

O64 - Services: CurCS - 24/08/2001 - C:\WINDOWS\system32\DRIVERS\cmdide.sys - No object(No service) .(.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) - LEGACY_CMDIDE

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - No object(No service) .(.Mylex Corporation - Mylex Disk Array Controller Driver.) - LEGACY_DAC2W2K

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - 05/08/2004 - C:\WINDOWS\system32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 19/09/2005 - C:\WINDOWS\system32\DRIVERS\eabfiltr.sys - eabfiltr(eabfiltr) .(.Hewlett-Packard Development Company, L.P. - QLB PS/2 Keyboard filter driver.) - LEGACY_EABFILTR

O64 - Services: CurCS - 14/06/2010 - C:\WINDOWS\system32\FsUsbExDisk.sys - FsUsbExDisk (FsUsbExDisk) .(...) - LEGACY_FSUSBEXDISK

O64 - Services: CurCS - 29/07/2010 - C:\WINDOWS\system32\FsUsbExService.exe - FsUsbExService(FsUsbExService) .(.Teruten - FsUsbDevice.) - LEGACY_FSUSBEXSERVICE

O64 - Services: CurCS - 09/01/2010 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate)(gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE

O64 - Services: CurCS - 05/05/2009 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater(gusvc) .(.Google - gusvc.) - LEGACY_GUSVC

O64 - Services: CurCS - 15/03/2006 - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - hpqwmiex(hpqwmiex) .(.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - LEGACY_HPQWMIEX

O64 - Services: CurCS - 22/10/2004 - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager(IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT

O64 - Services: CurCS - 13/10/2011 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - 17/02/2006 - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - LightScribeService Direct Disc Labeling Service(LightScribeService) .(.Hewlett-Packard Company - Pas de description.) - LEGACY_LIGHTSCRIBESERVICE

O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (.not file.) - MBAMSwissArmy (MBAMSwissArmy) .(...) - LEGACY_MBAMSWISSARMY

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\mraid35x.sys - No object(No service) .(.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows.) - LEGACY_MRAID35X

O64 - Services: CurCS - 15/04/2006 - C:\WINDOWS\system32\nvsvc32.exe - NVIDIA Display Driver Service(NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 84.54.) - LEGACY_NVSVC

O64 - Services: CurCS - 04/08/2003 - C:\WINDOWS\system32\PCANDIS5.sys - PCANDIS5 NDIS Protocol Driver(PCANDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_PCANDIS5

O64 - Services: CurCS - 07/07/2010 - C:\WINDOWS\system32\DRIVERS\psi_mf.sys - PSI(PSI) .(.Secunia - Secunia PSI Driver.) - LEGACY_PSI

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1080.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1080

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\ql12160.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL12160

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1280.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1280

O64 - Services: CurCS - 07/04/2008 - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - ServiceLayer(ServiceLayer) .(.Nokia. - ServiceLayer Module.) - LEGACY_SERVICELAYER

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\sisagp.sys - No object(No service) .(.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) - LEGACY_SISAGP

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys - No object(No service) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW

O64 - Services: CurCS - 18/09/2009 - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3

O64 - Services: CurCS - 18/08/2001 - C:\WINDOWS\system32\DRIVERS\ultra.sys - No object(No service) .(.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) - LEGACY_ULTRA

O64 - Services: CurCS - 09/11/2008 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - Yahoo! Updater(YahooAUService) .(.Yahoo! Inc. - AutoUpater Service Module.) - LEGACY_YAHOOAUSERVICE

~ Scan Services in 00mn 06s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\PROGRA~1\Mozilla Firefox\firefox.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Orange Web> <>[HKLM\..\Shell\open\Command] (...) -- C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe (.not file.)

O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe

O68 - StartMenuInternet: <WOOBrowser.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe (.not file.)

~ Scan Keys in 00mn 02s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0152036B-ED26-47F6-B47A-D92FD01866D9} - (01net) - 01net informatique high-tech : actu, produits, téléchargement logiciels et jeux

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {118FD3AD-5541-417A-8D45-CB5DBA377D39} - (Wikipedia) - Wikipédia, l'encyclopédie libre

O69 - SBI: SearchScopes [HKCU] {1AE859F0-421C-48D3-9EB6-B90B629ABB9D} - (PriceMinister) - PriceMinister - Achat et vente d'occasion ou neuf - DVD, VHS, Jeux Vidéo, Consoles, PC, CD, Disques, Livres, BD, Vidéos

O69 - SBI: SearchScopes [HKCU] {1DF0D047-7693-4734-8CCB-C4BBD2138B83} - ((www.orange.fr) Orange) - Orange : téléphones, forfaits, Internet, actualité, sport, video

O69 - SBI: SearchScopes [HKCU] {271839F9-1AB6-4D96-A931-2CE5D41152E5} - ((www.google.com) Google) - Google

O69 - SBI: SearchScopes [HKCU] {2B7B7EFC-C234-4532-822B-A8D74D7EF7EB} - (Durable.com) - Durable.com : développement durable, actualités, dossiers et reportages vidéos

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {7D9A5994-9999-4C36-A8EA-5CCE2FC220D3} - (Propositions de recherche Amazon.fr) - Amazon.fr : livres, DVD, jeux vidéo, CD, lecteurs MP3, ordinateurs, appareils photo, logiciels et plus encore !

O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://www.orange.fril%3Dorange

O69 - SBI: SearchScopes [HKCU] {847F9CF7-83A7-44D3-9761-0D53113A53E0} - (Wikipedia (en)) - Wikipedia, the free encyclopedia

O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} [DefaultScope] - (Web Search) - Search

O69 - SBI: SearchScopes [HKCU] {C0BE3184-A99E-43CA-8F01-561103501DED} - (Live Search, le moteur de MSN) - Bing

O69 - SBI: SearchScopes [HKCU] {C89627A4-AD15-4B6E-84F4-9812A8C12F17} - (CDiscount) - http://www.cdiscount.com

O69 - SBI: SearchScopes [HKCU] {CD3F0C37-2E5C-4AD1-82D7-31BD3E206B51} - (Yahoo!) - Yahoo! Search - Recherche Web

O69 - SBI: SearchScopes [HKCU] {D0BE6FBA-DF78-42AF-8438-28D634C87D7F} - (Fnac.com) - http://www3.fnac.com6&y=17

O69 - SBI: SearchScopes [HKCU] {D6E11273-A220-4812-876D-58CC0396BADC} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {D80D294C-8287-4F3E-912A-0ABD2D2713FC} - (Fnac) - http://recherche.fnac.com

O69 - SBI: SearchScopes [HKCU] {E10EB723-6D91-40F1-AD03-A5562D28BA91} - (Wikipédia (fr)) - Wikipédia, l'encyclopédie libre

O69 - SBI: SearchScopes [HKCU] {F6F05760-6E90-49C0-B8A1-39E514BA7478} - (Dailymotion) - Dailymotion – Vidéo, musique et film. Regardez une vidéo maintenant !

~ Scan Keys in 00mn 00s

 

 

 

---\\ Internet Feature Controls (O81)

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [sPRF][05/03/2009] (.Atribune.org - ATF Cleaner.exe.) -- C:\Documents and Settings\Sylvie Roussin\Bureau\ATF-Cleaner.exe [50688]

[MD5.A8BCAFEA12FC31F84B34932D3AFCCB83] [sPRF][10/10/2011] (.Swearware - ComboFix NSIS Installer.) -- C:\Documents and Settings\Sylvie Roussin\Bureau\ComboFix.exe [4247113]

[MD5.645A8F39A10306D50382EB49A6C49AAB] [sPRF][10/10/2011] (...) -- C:\Documents and Settings\Sylvie Roussin\Bureau\rkill.com [1008092]

[MD5.645A8F39A10306D50382EB49A6C49AAB] [sPRF][10/10/2011] (...) -- C:\Documents and Settings\Sylvie Roussin\Bureau\rkill.exe [1008092]

[MD5.D2D7404AB5F8010CDF7C198886ACC183] [sPRF][11/10/2011] (...) -- C:\Documents and Settings\Sylvie Roussin\Bureau\SecurityCheck.exe [869194]

[MD5.13B72ACE44541BF3A6D69619FFEB13D3] [sPRF][13/10/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Documents and Settings\Sylvie Roussin\Bureau\uninstall_flash_player.exe [243872]

[MD5.608AD4EA0BB5090C96BD5EFE18AC0004] [sPRF][13/10/2011] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Sylvie Roussin\Bureau\ZHPDiag2.exe [2563773]

[MD5.2E26C99DD0B0CFA1C33FC8548ECEDB14] [sPRF][31/03/2008] (.Dictao SA - Module de signature AdSignerADP.) -- C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll [392528]

[MD5.792E5CFA374A29BFA21863A82BA4654F] [sPRF][31/03/2008] (.Dictao SA - Module de vérification de signature AdSignerADP.) -- C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll [261456]

[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][26/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]

[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][26/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]

[MD5.A9F8AB66D9D05A13843623EE6B92D259] [sPRF][13/04/2007] (.Microsoft - Uno Messenger.) -- C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll [382344]

[MD5.6F88F1DE97B7BA6E2BE4DC29AEEACF0D] [sPRF][27/07/2004] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [323584]

[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [sPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll [304544]

[MD5.D2FB109C3F0DAAAA4A73E5921656DB3E] [sPRF][20/06/2006] (.Microsoft® Corporation - MSN Photo Upload Tool.) -- C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll [379704]

[MD5.F06A42348DAFD569A82DF4A61F57B8E4] [sPRF][20/06/2006] (.Microsoft® Corporation - MSN Photo Upload Tool.) -- C:\WINDOWS\Downloaded Program Files\PURen-us.dll [117560]

[MD5.732CACA8E848F6E721B093E51FC50B1D] [sPRF][09/01/2007] (.Microsoft® Corporation - Outil MSN Téléchargement de photos.) -- C:\WINDOWS\Downloaded Program Files\PURfr-fr.dll [110592]

~ Scan Files in 00mn 06s

 

---\\ Scan Additionnel (O88)

Database Version : 8707 - (05/10/2011)

Clés trouvées (Keys found) : 23

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 4

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\Classes\AppID\DiscoveryHelper.DLL] =>PUP.BearShare

[HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare

[HKLM\Software\Classes\AppID\iMesh.exe] =>PUP.iMesh

[HKLM\Software\Classes\AppID\IMTrProgress.DLL] =>PUP.BearShare

[HKLM\Software\Classes\AppID\IMWeb.DLL] =>PUP.BearShare

[HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant] =>Toolbar.Ask

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh] =>PUP.iMesh

[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery] =>PUP.iMesh

[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1] =>PUP.iMesh

[HKLM\Software\Classes\iMesh.AudioCD] =>PUP.iMesh

[HKLM\Software\Classes\iMesh.Device] =>PUP.iMesh

[HKLM\Software\Classes\iMesh.file] =>PUP.iMesh

[HKLM\Software\Classes\iMeshIEHelper.DNSGuard] =>PUP.iMesh

[HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1] =>PUP.iMesh

[HKLM\Software\Classes\imweb.imwebcontrol] =>PUP.iMesh

[HKCU\Software\DataMngr] =>Adware.Bandoo

[HKLM\Software\DataMngr] =>Adware.Bandoo

[HKCU\Software\iMesh] =>PUP.iMesh

[HKLM\Software\iMesh] =>PUP.iMesh

[HKLM\Software\iMeshMediabarTB] =>PUP.iMesh

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar] =>Toolbar.Conduit

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh] =>PUP.iMesh

C:\Program Files\iMesh Applications =>PUP.iMesh

C:\Documents and Settings\Sylvie Roussin\Application Data\imeshbandmltbpi =>PUP.iMesh

C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\iMesh =>PUP.iMesh

~ Scan Additionnel in 00mn 29s

 

 

 

---\\ Recherche détournement de DNS routeur (O89)

Serveur : livebox.home

Address: 192.168.1.1

Nom : www.l.google.com

Addresses: 209.85.148.105, 209.85.148.147, 209.85.148.106, 209.85.148.99

209.85.148.103, 209.85.148.104

Aliases: www.google.fr, www.google.com

~ Scan DNS in 00mn 03s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 13/10/2011 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 13/10/2011 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 13/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 13/10/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SS - | Demand 13/10/2011 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SR - | Auto 13/10/2011 238952 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe

SS - | Auto 13/10/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 13/10/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Auto 13/10/2011 183280 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 13/10/2011 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

SS - | Demand 13/10/2011 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

SR - | Demand 13/10/2011 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SR - | Auto 13/10/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SR - | Auto 13/10/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

SR - | Auto 13/10/2011 143427 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe

SS - | Auto 13/10/2011 1055872 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe

SS - | Demand 13/10/2011 430592 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

SR - | Auto 13/10/2011 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

~ Scan Services in 00mn 04s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Sylvie Roussin at 13/10/2011 13:50:21

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865EB4D0]<<

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F6E030]

3 CLASSPNP[0xF75F2FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007e[0x86F62908]

5 ACPI[0xF7468620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86FCB030]

\Driver\iaStor[0x86616C10] -> IRP_MJ_CREATE -> 0x865EB4D0

error: Read Un périphérique attaché au système ne fonctionne pas correctement.

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 06s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Sylvie Roussin at 13/10/2011 13:50:23

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 08s

 

 

 

End of the scan (1538 lines in 07mn 50s)(0)

[Brylama]

Youhou!!

 

j'ai dû changer de navigateur!! du coup j'en ai épuisé trois!!

 

Bref, j'attend les prochaines instructions. Ce que je peux vous dire c'est qu'il est de plus en plus long! Davantage sur IE il me semble. Et je dois le forcer fréquemment pour l'éteindre! ça ne me plait pas ça...

 

Bonne journée

 

Merci pour ce que vous faites

 

Cordialement, Brylama

[lance_yien]

Bonjour,

 

Ton système a besoin d'au moins 15% d'espace libre sur ton disque pour pouvoir faire tourner les programmes confortablement et la tu n'as pas assez d'espace.

 

>>> Aller dans "Ajout/ suppression de programmes" et supprimer tout ce qui ne sert plus ou peu en commençant par IMESH et/ou MediaBar (le 1er étant un programme P2P qui installe, sans rien te demander, le 2ème qui est réputé pour avoir des fonctionnalités spyware et/ou adware.

 

Une petite parenthèse à propos des programmesP2P: Tout ce qui est lié aux applications type P2P/ Torrent est devenu de plus en plus dangereux pour les machines et les documents personnels et/ ou confidentiels qui y sont stockés.

Fini le partage entre des gens honnêtes. Les pirates, aussi, veulent partager avec le maximum d'internautes et mettent à disposition leurs applications partout où ils peuvent sous de faux noms aussi attractifs que possibles.

C'est OK, les programmes P2P ne sont pas tous dangereux en eux-mêmes ce qui signifie qu'il y en a qui le sont mais,

- Qui sait avec certitude lequel est bon et lequel est dangereux?

- Penser au principe même de ce type de réseau qui n'est en rien bénéfique: Vous autoriser tout le monde à utiliser votre bande passante ce qui peut ralentir considérablement votre système et communiquer avec votre machine ce qui peut faciliter la tâche aux intrus pour déposer des bombes à retardement.

- En adhérant à ce type de réseau, non seulement, vous ouvrez délibérément des portes à tout et n'importe quoi mais aussi, vous forcez votre pare-feu et antivirus à les tolérer (c'est compris dans la procédure d'installation). On s'étonne après de ce qui arrive à sa machine ou on accuse son antivirus.

Prendre la sage décision de rester à l'écart de ce type d'applications:

 

 

>>> Utiliser ZHPFix: Sélectionner et copier le texte suivant:

 

[MD5.B57D6F37617366E3806ED90B96C7F4BD] - (.iMesh, Inc - Data Manager.) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1599920] [PID.3500]

O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll

O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} . (.iMesh, Inc - IEHelper.) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll

O4 - HKLM\..\Run: [DATAMNGR] . (.iMesh, Inc - Data Manager.) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.exe

O20 - AppInit_DLLs: . (.iMesh, Inc - Data Manager.) - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll

O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh

O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}

[HKCU\Software\DataMngr]

[HKCU\Software\iMesh]

[HKLM\Software\DataMngr]

[HKLM\Software\iMeshMediabarTb]

O43 - CFD: 14/09/2011 - 08:15:56 - [52947259] ----D- C:\Program Files\iMesh Applications

O43 - CFD: 14/09/2011 - 10:49:38 - [0] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\imeshbandmltbpi

O43 - CFD: 15/09/2011 - 08:21:30 - [113033174] ----D- C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\iMesh

O47 - AAKE:Key Export SP - "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" [Enabled] .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe

O47 - AAKE:Key Export SP - "C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" [Enabled] .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe

O47 - AAKE:Key Export DP - "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" [Enabled] .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

[HKLM\Software\Classes\AppID\iMesh.exe]

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh]

[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery]

[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1]

[HKLM\Software\Classes\iMesh.AudioCD]

[HKLM\Software\Classes\iMesh.Device]

[HKLM\Software\Classes\iMesh.file]

[HKLM\Software\Classes\iMeshIEHelper.DNSGuard]

[HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1]

[HKLM\Software\Classes\imweb.imwebcontrol]

[HKCU\Software\DataMngr]

[HKLM\Software\DataMngr]

[HKCU\Software\iMesh]

[HKLM\Software\iMesh]

[HKLM\Software\iMeshMediabarTB]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh]

C:\Program Files\iMesh Applications

C:\Documents and Settings\Sylvie Roussin\Application Data\imeshbandmltbpi

C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\iMesh

C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla\Firefox\Profiles\ug1bo9ca.default\user.js (.not file.)

O4 - HKLM\..\Run: [NPSStartup] Clé orpheline

O47 - AAKE:Key Export SP - "E:\fscommand\CKSocketServer.exe" [Enabled] .(...) -- E:\fscommand\CKSocketServer.exe (.not file.)

[HKCU\Software\BitTorrent]

[HKCU\Software\Kazaa]

O43 - CFD: 22/05/2008 - 23:28:56 - [67672] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\LimeWire

O43 - CFD: 14/06/2010 - 23:27:20 - [713204] ----D- C:\Documents and Settings\Sylvie Roussin\Application Data\uTorrent

[HKCU\Software\ESET]

[HKLM\Software\Eset]

[HKLM\Software\Panda Software]

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)

[HKLM\Software\Classes\AppID\DiscoveryHelper.DLL]

[HKLM\Software\Classes\AppID\GIFAnimator.DLL]

[HKLM\Software\Classes\AppID\IMTrProgress.DLL]

[HKLM\Software\Classes\AppID\IMWeb.DLL]

[HKLM\Software\Classes\AppID\WMHelper.DLL]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar]

OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe

OPT:O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe

OPT:O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

OPT:O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

OPT:O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

OPT:O4 - HKUS\S-1-5-21-962605445-415171659-4290956130-1006\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

OPT:O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

OPT:O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

OPT:SR - | Auto 13/10/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

 

 

EmptyTemp

EmptyFlash

Lancer ZHPFix (raccourci sur le Bureau ou "Démarrer" => "Tous les programmes" => "ZHP" => "ZHPFix") et cliquer sur le bouton [H].

Vérifier que toutes les lignes copiées (et rien d'autre) apparaissent dans la fenêtre (et disposées exactement de la même façon) et clique sur le bouton [OK] puis sur sur le bouton [Tous].

Fermer toutes les applications et autres fenêtres en cours désactive (y compris Internet) et désactiver tous les programmes de protection (antivirus, pare-feu et antispyware).

Enfin, clique sur le bouton [Nettoyer] et laisser faire. Redémarrer le PC pour finir le nettoyage si demandé.

Copier/ coller le contenu du rapport qui s'ouvre dans la prochaine réponse. Ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ZHPFixReport.txt.

 

>>> Est-ce mieux?

[Brylama]

Bonjour,

 

merci encore pour votre soutien. Quel boulot vous faites!

 

J'ai donc supprimé quelques programmes cependant je pourrai peut-être en enlever d'avantage si je savais à quoi servent:

"Bonjour", "Connection facile à internet", "Mobile Me control panel", "Todae-Live média" et "Windows live folder share"

Sont-ils indispensables?

 

Sinon, je me suis attaquée au nettoyage du rapport mais les lignes copiées n'étaient pas disposées exactement comme dans le rapport; en faite, souvent il y a deux lignes initialement séparées qui sont copiées sur la mm ligne. Du coup, je n'ai pas osé envoyer le travail. Que dois-je faire alors?

 

Bon dimanche,

 

Cordialement, Brylama

[lance_yien]

Bonjour,

 

* "Bonjour" par Apple sinstalle souvent avec iTunes. Sa désinstallation ne crée pas de problèmes sur ton système mais peut géner certaines applications comme iTunes (si tu t'en sers). Il suffit d'essayer.

 

* "Connection facile à internet" => je ne connais pas. Cela peut avoir un rapport avec tes mode de connexions (wifi, 3G...). Fais plus de recherche sur google, chez ton FAI (Fournisseur d'Accès Internet). En tout cas dans le doute, vaut mieux s'abstenir.

 

* "Mobile Me control panel" s'installe, aussi, avec iTunes et permet la gestion à distance PC <=> téléphone. Peut être désinstallé sans risque pour le système.

 

* "Todae-Live média" => voir ici. Peut être désinstallé sans risque pour le système.

 

* "Windows live folder share" => dossier de partage de Windows live. Si tu te sers de ce dernier garde-le.

==

 

Désolé, mais je n'ai pas compris ton problème avec les lignes à supprimer:

- Si tu as utilisé ZHPFix, colle son rapport et je me débrouillerai pour le déchiffrer ou te demander de faire autrement.

- Sinon fais-le sans te soucier de la disposition et je verrai ce qu'on peut faire.

 

Surtout ne pas oublier de me dire s'il y a de l'amélioration dans le comportement de ta machine.

Modifié le 16 octobre 2011 par lance_yien

[Brylama]

Bonjour,

 

encore un petit souci... je ne trouve pas le rapport en question dans "program file"!! il me propose seulement ZHP.chm, ZHPFix.exe, ZHPRootkit.txt et ZHPScan.txt. Bizarre, non?

 

Que dois-je faire alors??

 

Pour ce qui est du fonctionnement, le spages sont encore un peu longues à afficher et au démarrage, les iconnes du bureau s'affichent au bout de bien 2mn! Pendant que je tappe ce texte, j'entend mon ordi qui fait beaucoup de bruit, comme s'il travaillait beaucoup et pourtant la seule page qui soit ouverte c'est celle-ci.

Cependant, il me semble qu'il ne m'affiche plus des pages indésirées; les pages correspondent à celles demandées

 

Cordialement, brylama

[lance_yien]

Bonjour,

 

Aller à "Démarrer" => "Rechercher" et saisir (ou coller) ZHPFixReport.txt puis cliquer sur OK et voir:

- Si trouvé, coller son contenu et enchaîner avec les instructions ci-dessous.

- Sinon, passer aux instructions ci-dessous.

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe. Puis copier/ coller ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

netsvcs

drivers32

%SYSTEMDRIVE%\*.* /90

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /90

%systemroot%\Tasks\*.job

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: "OTL.txt" (qui s'ouvre dans le bloc-note) et "Extras.txt" (qui sera minimisé dans la Barre des tâches).

Ne pas les poster directement ici car souvent trop lourd pour les limites du forum.

Aller sur le site : cjoint.com

Cliquer sur Parcourir, chercher le fichier "OTL.txt" et cliquer dessus. Cliquer sur Créer le lien CJoint.

Dans la page suivante --> , une adresse (http//...) sera créée. Ouvre le Bloc-note et copier /coller cette adresse dedans.

Faire de même pour le fichier "Extras.txt".

Copier/ Coller les 2 adresses dans la prochaine réponse.

Si problème à héberger, coller les rapports directement un seul par message.

[Brylama]

ZHPFixReport.txt:

 

Rapport de ZHPFix 1.12.3363 par Nicolas Coolman, Update du 05/10/2011

Fichier d'export Registre :

Run by Sylvie Roussin at 16/10/2011 15:54:54

Windows XP Home Edition Service Pack 3 (Build 2600)

Web site : ZHPFix Fix de rapport

 

========== Logiciel(s) ==========

ABSENT Software Key: iMesh

ABSENT Software Key: {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}

 

========== Clé(s) du Registre ==========

ABSENT Key: CLSID BHO: {28387537-e3f9-4ed7-860c-11e69af4a8a0}

ABSENT Key: CLSID BHO: {474597C5-AB09-49d6-A4D5-2E8D7341384E}

SUPPRIME Key: HKCU\Software\DataMngr

SUPPRIME Key: HKCU\Software\iMesh

ABSENT Key: HKLM\Software\DataMngr

ABSENT Key: HKLM\Software\iMeshMediabarTb

ABSENT Key: HKLM\Software\Classes\AppID\iMesh.exe

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh

ABSENT Key: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery

ABSENT Key: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1

ABSENT Key: HKLM\Software\Classes\iMesh.AudioCD

ABSENT Key: HKLM\Software\Classes\iMesh.Device

ABSENT Key: HKLM\Software\Classes\iMesh.file

ABSENT Key: HKLM\Software\Classes\iMeshIEHelper.DNSGuard

ABSENT Key: HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1

ABSENT Key: HKLM\Software\Classes\imweb.imwebcontrol

ABSENT Key: HKLM\Software\iMesh

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh

SUPPRIME Key: HKCU\Software\BitTorrent

SUPPRIME Key: HKCU\Software\Kazaa

SUPPRIME Key: HKCU\Software\ESET

SUPPRIME Key: HKLM\Software\Eset

SUPPRIME Key: HKLM\Software\Panda Software

ABSENT Key: HKLM\Software\Classes\AppID\DiscoveryHelper.DLL

ABSENT Key: HKLM\Software\Classes\AppID\GIFAnimator.DLL

ABSENT Key: HKLM\Software\Classes\AppID\IMTrProgress.DLL

ABSENT Key: HKLM\Software\Classes\AppID\IMWeb.DLL

ABSENT Key: HKLM\Software\Classes\AppID\WMHelper.DLL

ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar

ABSENT Key: Service: Bonjour Service

SUPPRIME Key: StartupReg: Adobe Reader Speed Launcher

 

========== Valeur(s) du Registre ==========

ABSENT Toolbar: {28387537-e3f9-4ed7-860c-11e69af4a8a0}

ABSENT RunValue: DATAMNGR

SUPPRIME AAKE KeyValue: C:\Program Files\iMesh Applications\iMesh\iMesh.exe

ABSENT AAKE KeyValue: C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe

SUPPRIME IFC: [FEATURE_BROWSER_EMULATION] svchost.exe

ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe

SUPPRIME RunValue: NPSStartup

SUPPRIME AAKE KeyValue: E:\fscommand\CKSocketServer.exe

SUPPRIME MWPE Value: NoCDBurning

SUPPRIME RunValue: Adobe Reader Speed Launcher

SUPPRIME RunValue: QuickTime Task

SUPPRIME RunValue: iTunesHelper

SUPPRIME RunValue: ctfmon.exe

ABSENT RunValue: ctfmon.exe

 

========== Elément(s) de donnée du Registre ==========

SUPPRIME AppInit: ta Manager.) - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll

SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\Program Files\iMesh Applications

SUPPRIME Folder: C:\Documents and Settings\Sylvie Roussin\Application Data\imeshbandmltbpi

ABSENT C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\iMesh

SUPPRIME Folder: C:\Documents and Settings\Sylvie Roussin\Application Data\LimeWire

SUPPRIME Folder: C:\Documents and Settings\Sylvie Roussin\Application Data\uTorrent

SUPPRIME Temporaires Windows: : 182

SUPPRIME Flash Cookies: 9

 

========== Fichier(s) ==========

ABSENT Folder/File: c:\progra~1\imesha~1\mediabar\datamngr\datamn~1.exe 3500]

ABSENT File: c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll

ABSENT File: c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll

ABSENT File: c:\progra~1\imesha~1\mediabar\datamngr\datamn~1.exe

ABSENT File: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll

ABSENT File: c:\program files\imesh applications\imesh\imesh.exe

ABSENT Folder/File: c:\program files\imesh applications

ABSENT Folder/File: c:\documents and settings\sylvie roussin\application data\imeshbandmltbpi

ABSENT Folder/File: c:\documents and settings\sylvie roussin\local settings\application data\imesh

ABSENT Folder/File: c:\documents and settings\sylvie roussin\application data\mozilla\firefox\profiles\ug1bo9ca.default\user.js (.not file.)

ABSENT File: e:\fscommand\cksocketserver.exe

SUPPRIME Temporaires Windows: : 682

SUPPRIME Flash Cookies: 7

 

 

========== Récapitulatif ==========

31 : Clé(s) du Registre

14 : Valeur(s) du Registre

2 : Elément(s) de donnée du Registre

7 : Dossier(s)

13 : Fichier(s)

2 : Logiciel(s)

 

 

End of clean in 00mn 26s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 16/10/2011 15:54:54 [4761]

[Brylama]

Bonsoir,

 

 

je me suis emmêlée les pinceaux c'est le moins que je puisse dire; je suis désolée. Du coup j'ai voulurecommencer la manipulation à partir de "Cjoint" mais quand je fais le copier-coller dans le rapport, c'est toujours la même adresse qui ressort et en l'occurence, celle du premier essaie!! Je suppose que cela dépasse mes compétences!... alors voici l'adresse en question, mais je ne vous en propose qu'une puisque c'est la même qui s'inscrit pour le deuxième rapport! Lien CJoint.com AJqs37HbcIS

 

Je garde les rapports sous le coude au cas ou...

 

Cordialement, Brylama

[Brylama]

Re bonsoir, voici je pense le lien de "extra.tx: j'ai "gallèré" pour le copier; j'ai une fois de plus changer de navigateur: j'ai la nette impression que c'est de plus en plus compliqué avec IE. C'est possible ça? thttp://cjoint.com/?AJqtTnRyoHh

 

Par ailleurs, je signale qu'une fois de plus mon ordi a "beugué" et j'ai donc dû une fois de plus l'éteindre en le forçant! Et aussi, j'ai une fois de plus une fenêtre qui s'ouvre alors que je veux fermer mon PC, qui s'intitule "Fin du programme-Explorer.exe et qui me dit "ce programme ne répond pas; terminer maintenant ou annuler". Moi je met toujours d'ailleurs "terminer maintenant", c'est ce qu'il faut mettre?

 

 

Cordialement, brylama