Gros problème de virus

Fermé

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014 - 14 févr. 2009 à 11:13
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 12 mai 2009 à 13:58

Bonjour,

J'ai attrappé des méchants virus

je croyais pourtant être protégé ...

Une ame charitable peut elle m'aider

merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:17 , on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.samsung.com/us/support/downloads/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, C:\Documents and Settings\Administrateur\xvhpruq.exe \s,
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] friendly error page -->

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: APSHook.dll ikarmm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

A voir également:

Gros problème de virus
Youtu.be virus - Accueil - Guide virus
Svchost.exe virus - Guide
Virus mcafee - Accueil - Piratage
Faux message virus ordinateur - Accueil - Arnaque
Faux message virus iphone ✓ - Forum Virus

115 réponses

Réponse 41 / 115

neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
14 févr. 2009 à 16:52

salut en ce moment il y a un virus qui désactive des services dont les connexions réseau

j'ai eu 2 PC cette semaine avec le probleme et combofix ne répare pas le problème de connexions

https://docs.microsoft.com/en-us/archive/blogs/

message pour suivre

Réponse 42 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 16:59

re,

y en manque encore un bout .... ^^

Réponse 43 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 17:03

le site de microsoft semble encombré
je n'arrive pas à télécharger le removal kit

neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
14 févr. 2009 à 17:07

le lien

http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

mais je sais pas si c'est le même problème

tu peux toujours faire l'analyse on sait jamais

Réponse 44 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 17:05

re,

> http://www.commentcamarche.net/forum/affich 11040511 gros probleme de virus?page=3#48

^^"

neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010 30
14 févr. 2009 à 17:08

désolé pour l'incruste je te laisse continuer

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > neor Messages postés 1084 Date d'inscription samedi 22 novembre 2008 Statut Membre Dernière intervention 28 janvier 2010
14 févr. 2009 à 17:11

aucun prb ! ... ^^

et merci pour le tuyau ... ;)

jusque que je voudrais la fin du rapport Combo pour continuer ...

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 17:15

faut il relancer combo fix?

le rapport est complet pourtant

nb

bitdefender me dit que j'ai choppé
gen:trojan.heur.464B41

Réponse 46 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 17:18

bon ...

tu vas refaire un scan RSIT et me poster le nouveau "log.txt" obtenu stp ...

Réponse 47 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 17:28

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-14 17:25:01
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 16 GB (12%) free of 142 GB
Total RAM: 2002 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25, on 2009-02-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\CF1661.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
C:\ComboFix\dumphive.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.samsung.com/us/support/downloads/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] friendly error page -->

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Réponse 48 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 17:29

ComboFix 09-02-12.03 - Administrateur 2009-02-14 17:17:59.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2002.1465 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
FW: Total Protection Service *disabled*

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
.

2009-02-14 15:32 . 2009-02-14 15:53 121 --a------ c:\windows\bdagent.INI
2009-02-14 12:32 . 2009-02-14 12:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware2
2009-02-14 11:56 . 2009-02-14 11:58 <REP> d-------- C:\ToolBar SD
2009-02-14 11:30 . 2009-02-14 12:00 <REP> d-------- C:\rsit
2009-02-14 11:05 . 2009-02-14 11:05 <REP> d-------- c:\program files\Trend Micro
2009-02-14 11:00 . 2009-02-14 11:00 24,394 --a------ C:\upload_moi_PHOTOS.tar.gz
2009-02-14 10:26 . 2009-02-14 10:26 560 --ah----- C:\aaw7boot.cmd
2009-02-12 19:07 . 2009-02-12 19:07 183 --a------ c:\windows\dgnsetup.ini
2009-02-11 22:16 . 2009-02-13 17:51 <REP> d-------- c:\program files\a-squared Free
2009-02-11 22:12 . 2009-02-11 22:13 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-11 22:12 . 2009-02-11 22:12 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-02-11 22:12 . 2009-02-11 22:12 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-02-11 20:14 . 2009-02-13 01:36 1,070 --a------ c:\windows\system32\BDUpdateV1.xml
2009-02-11 20:08 . 2009-02-11 20:07 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-11 19:55 . 2009-02-14 09:27 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-02-11 19:54 . 2009-02-11 19:54 <REP> d-------- c:\program files\AxBx
2009-02-11 19:52 . 2009-02-11 19:52 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-11 19:16 . 2009-02-11 19:16 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Windows Search
2009-02-11 07:19 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-11 07:18 . 2009-02-11 07:18 <REP> d-------- c:\program files\Panda Security
2009-02-11 07:12 . 2009-02-11 07:12 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-11 07:12 . 2009-02-11 07:12 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-10 23:12 . 2009-02-10 23:12 <REP> d-------- c:\program files\CleanUp!
2009-02-10 22:29 . 2009-02-14 17:19 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-10 22:22 . 2009-02-10 22:22 <REP> d-------- C:\d35d4aff26875d33999bdcc5
2009-02-10 22:20 . 2009-02-10 23:14 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-02-10 22:13 . 2009-02-10 22:13 <REP> d-------- c:\windows\ie8updates
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- c:\windows\system32\GroupPolicy
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- c:\program files\Windows Desktop Search
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2009-02-10 22:11 . 2009-02-10 22:11 <REP> d-------- c:\program files\Windows Media Connect 2
2009-02-10 22:11 . 2008-03-07 18:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-02-10 22:11 . 2008-03-07 18:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-10 22:11 . 2008-03-07 18:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\windows\system32\LogFiles
2009-02-10 22:09 . 2009-02-10 22:10 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-02-10 22:08 . 2009-01-11 06:00 79,360 --------- c:\windows\system32\dllcache\iecompat.dll
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- c:\program files\BitDefender
2009-02-10 21:25 . 2009-02-10 21:27 <REP> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\BitDefender
2009-02-10 21:24 . 2009-02-10 21:25 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-02-10 13:31 . 2009-02-10 13:31 <REP> d-------- c:\program files\LicenseAgree
2009-02-08 14:29 . 2009-02-09 16:24 754 --a------ c:\windows\WORDPAD.INI
2009-02-08 14:17 . 2009-02-08 14:17 <REP> d-------- c:\program files\7-Zip
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-02-08 14:15 . 2009-02-08 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\DriverCure
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DriverCure
2009-02-08 11:02 . 2009-02-08 11:02 102 --a------ c:\windows\wininit.ini
2009-02-08 10:34 . 2009-02-08 12:17 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-08 10:34 . 2009-02-14 12:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 10:16 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-02-08 10:16 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ c:\windows\system32\118290.54
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ c:\windows\118294.78
2009-02-08 10:16 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-02-08 09:58 . 2009-02-08 09:59 <REP> d-------- c:\windows\BDOSCAN8
2009-02-08 09:49 . 2009-02-08 09:49 <REP> d-------- C:\photo
2009-02-08 09:49 . 2009-02-14 10:37 <REP> d--hs---- c:\documents and settings\Administrateur\IECompatCache
2009-02-08 09:47 . 2009-02-14 10:36 <REP> d--hs---- c:\documents and settings\Administrateur\IETldCache
2009-02-08 09:42 . 2009-02-08 09:43 <REP> d--h-c--- c:\windows\ie8
2009-02-07 16:30 . 2009-02-08 09:37 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-07 16:27 . 2009-02-08 16:56 130 --a------ c:\windows\adobe.bat
2009-02-07 16:27 . 2009-02-08 14:09 6 --a------ c:\windows\_id.dat
2009-02-07 16:26 . 2009-02-07 16:26 39,936 --a------ C:\xxweksc.exe
2009-02-07 16:26 . 2009-02-07 16:26 2 --a------ C:\376140820
2009-01-31 13:51 . 2009-01-31 13:51 835,584 --a------ c:\windows\npdbplug.dll
2009-01-31 13:51 . 2009-01-31 13:51 695,296 --a------ c:\windows\dtaplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 665,600 --a------ c:\windows\dbplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 356,352 --a------ c:\windows\eSellerateEngine.dll
2009-01-31 13:51 . 2009-01-31 13:51 61,440 --a------ c:\windows\dbrmdwb.exe
2009-01-31 13:51 . 2009-01-31 13:51 601 --a------ c:\windows\npdbplug.xpt
2009-01-31 13:49 . 2009-02-11 19:00 <REP> d-------- c:\program files\DeskTopAuthor
2009-01-29 19:03 . 2009-01-29 19:03 <REP> d-------- c:\program files\inKline Global
2009-01-29 18:54 . 2009-02-11 19:52 <REP> d-------- c:\program files\Lavasoft
2009-01-29 18:54 . 2009-02-12 22:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-29 18:52 . 2009-02-12 22:08 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-29 13:12 . 2009-01-29 13:12 54,781,247 --a------ c:\windows\system32\xa425909359.exe
2009-01-29 13:12 . 2009-01-29 13:12 54,781,247 --a------ c:\windows\system32\xa425904984.exe
2009-01-29 10:07 . 2009-02-04 19:53 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- c:\program files\iTunes
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- c:\program files\iPod
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- c:\program files\QuickTime
2009-01-25 17:46 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-24 17:06 . 2009-01-24 17:06 <REP> d-------- c:\program files\Polar
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- c:\program files\Logitech
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- c:\program files\Fichiers communs\Logitech
2009-01-24 16:32 . 2009-01-24 16:32 <REP> d-------- c:\program files\Audacity
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-01-15 02:22 . 2009-01-15 02:22 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-01-15 02:04 . 2009-01-15 02:04 18,944 --------- c:\windows\system32\dllcache\corpol.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 11:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2009-02-12 18:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 19:17 --------- d-----w c:\program files\CCleaner
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 11:36 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-08 11:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-02 18:17 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-02-02 18:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-25 16:48 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-25 16:47 --------- d-----w c:\program files\Bonjour
2008-12-30 18:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\U3
2008-12-30 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-29 11:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-12-29 11:21 --------- d-----w c:\program files\Fichiers communs\Nikon
2008-11-27 18:14 3,532 ----a-w C:\drmHeader.bin
2008-11-11 08:28 4,890,624 ----a-w c:\program files\DSAssistant.exe
2008-11-11 08:24 57,344 ----a-w c:\program files\AddPort.dll
2008-10-19 17:19 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2008-09-22 16:23 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2008-12-16 16:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

2008-04-14 03:34 1054720 2ce18e4e81cbf6fddf746ac76740f229 c:\windows\explorer.exe

2006-03-02 03:00 32256 bd12ed053d37f0537b83afb6c447745c c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 32256 b755c2a79b2fb0e8ee35bcbc52661ed2 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 32256 9f0a4f1d3f0795abe73e77e21f73994a c:\windows\system32\ctfmon.exe

2005-06-11 01:17 74752 1c8f0decc2a2293c7cadb9999af6cbbf c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 74752 a450b7abfa2c2d89bad05d7e4a55b040 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 03:34 74752 e98b2fbfe8db0ccc4ee8cc6d76ac694c c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 74752 1b7086b59872049086ca0af10f0c0af0 c:\windows\system32\spoolsv.exe

2006-03-02 03:00 41984 80d024dc699b057d58556f7cece22e8d c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 43520 3e722d42e7acd8a5aa1ad021f3eed339 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 43520 62684bd3a2acbbd8034dfc4116a262aa c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1850608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicRotation"="c:\program files\MagicRotation\MagicPvt.exe" [2006-03-14 1118208]
"Launch LCDMon"="c:\program files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-02-12 761856]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-12 90112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-11 509784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="friendly error page -->" [X]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1548288]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-08-07 499712]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-09-16 139264]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 140800]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-04-30 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 02:30 74240 c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\badnrema.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yajhooht.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]
--a------ 2008-09-26 01:33 95552 c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2008-04-07 06:10 318488 c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
--a------ 2007-01-09 14:52 145184 c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 434176 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"=c:\windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-11 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-11 28544]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-06-13 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-06-14 13184]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2008-09-16 9728]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-04-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-06-13 5808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2006-03-02 14336]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-03-02 14336]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-07-09 241664]
R2 myAgtSvc;Service de protection contre les virus et les logiciels espions McAfee;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2008-08-05 218432]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-05 576024]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-08-05 2521880]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-08-06 44800]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 139264]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-02-11 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-02-11 29208]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-04-23 224896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-1-42-100031248-100015314-100010447-3772.com d:\
\Shell\Open\command - RECYCLER\S-0-1-42-100031248-100015314-100010447-3772.com d:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{080d01db-8561-11dd-b11d-00215a6c99ac}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{080d01dc-8561-11dd-b11d-00215a6c99ac}]
\Shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58993129-aea8-11dd-b13e-00032f454828}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-02-13 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 20:07]

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 15:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.samsung.com/us/consumer/learningresources/monitor/magetune/pop_intro.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fgibjkml.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 17:21:17
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,65,a2,2a,ec,c7,00,4f,ab,58,03,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,65,a2,2a,ec,c7,00,4f,ab,58,03,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,c6,93,3d,32,d6,87,4b,93,81,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,c6,93,3d,32,d6,87,4b,93,81,06,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\ProgID]
@DACL=(02 0000)
@="HpqToaster.Destroy.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.Destroy"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\ProgID]
@DACL=(02 0000)
@="HpqToaster.ProgressBar.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.ProgressBar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\ProgID]
@DACL=(02 0000)
@="HpqToaster.Toaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.Toaster"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\ProgID]
@DACL=(02 0000)
@="HpqToaster.MultipleIconToaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.MultipleIconToaster"

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\ActionOptions]
@DACL=(02 0000)
"dwPromptButton"=dword:00000007
"szMoveFolder"="Quarantine"
"uSecAction_Program"=dword:00000003
"dwScanAction"=dword:00000002
"uSecAction"=dword:00000003
"uAction"=dword:00000005
"uAction_Program"=dword:00000005

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\AlertOptions]
@DACL=(02 0000)
"bDMIAlert"=dword:00000000
"bDisplayMessage"=dword:00000001
"szSendCc"=""
"szCustomMessage"="McAfee Total Protection Service Email Scanner: Alert!"
"bNetworkAlertPath"=""
"bSendMailToUser"=dword:00000000
"bNetworkAlert"=dword:00000000
"szNetworkAlertPath"=""
"bSoundAlert"=dword:00000001
"szSendSubject"=""
"szSendBody"=""
"szSendTo"=""

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\DetectionOptions]
@DACL=(02 0000)
"dwMacroHeuristicsLevel"=dword:00000001
"bScanInbox"=dword:00000000
"UseAVPServer"=dword:00000001
"bScanCompressed"=dword:00000001
"bScanAllMails"=dword:00000001
"ScanMessageBodies"=dword:00000001
"ApplyNVP"=dword:00000001
"ExtensionMode"=dword:00000001
"ScanMime"=dword:00000001
"dwProgramHeuristicsLevel"=dword:00000001
"szProgExts"=""
"ScanArchives"=dword:00000001
"szIncludeExts"=""

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\GeneralOptions]
@DACL=(02 0000)
"bModified"=dword:00000001

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\ReportOptions]
@DACL=(02 0000)
"LogFileFormat"=dword:00000001
"uMaxLogSizeMB"=dword:00000001
"bLimitSize"=dword:00000001
"bLogToFile"=dword:00000000
"szLogFileName"=expand:""
"dwLogEvent"=dword:000001e0

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_BADNREMA\[u]0/u000\LogConf]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_NDISPROT\[u]0/u000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(412)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(468)
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
c:\windows\system32\scardsvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Administrateur\Bureau\RSIT.exe
.
**************************************************************************
.
Heure de fin: 2009-02-14 17:25:17 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2009-02-14 16:25:13
ComboFix2.txt 2009-02-14 15:10:59

Avant-CF: 17,309,270,016 octets libres
Après-CF: 17,291,075,584 octets libres

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5
465 --- E O F --- 2009-02-12 06:04:23

Réponse 49 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 17:57

bon
j'imagine que tu as autres choses à faire que de réfléchir le week end sur les pb de pc d'un autre
si tu veux qu'on remette cela quand le site de microsoft sera dispo...

en tous cas merci pour tout ce temps consacré

laurent

Réponse 50 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 18:28

bien ....

je te prépare la suite ....

A tout' .... ;)

Réponse 51 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 18:56

la suite :

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] 
"services"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\badnrema.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yajhooht.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

File::
C:\WINDOWS\system32\log.txt 
c:\windows\system32\iedkcs32.dll
C:\upload_moi_PHOTOS.tar.gz 
C:\aaw7boot.cmd 
c:\windows\system32\ProductTweaks.xml 
c:\windows\system32\user_gensett.xml
c:\windows\system32\secupdat.dat 
c:\windows\adobe.bat 
c:\windows\_id.dat 
C:\xxweksc.exe 
C:\376140820 
c:\windows\system32\xa425909359.exe 
c:\windows\system32\xa425904984.exe
c:\windows\system32\msrating.dll.mui 
c:\windows\system32\mshta.exe.mui 
c:\windows\system32\iedkcs32.dll.mui 
c:\windows\system32\ie4uinit.exe.mui 
c:\windows\system32\dllcache\corpol.dll

Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : poste le rapport pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
16 févr. 2009 à 06:56

bonjour

me revoilà

Désolé, mais je n'ai pu télécharger le kit qu'hier soir tard chez un ami ... sur un mac !!!

je l'ai installé mais il n'a rien détecté

par contre avant hier j'ai trouvé ceci
http://www.commentcamarche.net/forum/affich 10770500 virus windows ne trouve pas recycler

et cela m'a résolu mes problèmes d'ouverture de mon disque c et d
mais pas sur le portable encore connecté à internet (celui ci est protégé par antivir, cela l'a peut etre épargné du pire

je vais bosser ce matin

je vais tenter ta manip et te tiens au courant apres midi (il faut bien bosser un peu...)

Réponse 52 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
16 févr. 2009 à 07:21

ComboFix 09-02-12.03 - Administrateur 2009-02-16 7:10:58.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2002.1455 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
FW: Total Protection Service *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\376140820
C:\aaw7boot.cmd
C:\upload_moi_PHOTOS.tar.gz
c:\windows\_id.dat
c:\windows\adobe.bat
c:\windows\system32\dllcache\corpol.dll
c:\windows\system32\ie4uinit.exe.mui
c:\windows\system32\iedkcs32.dll
c:\windows\system32\iedkcs32.dll.mui
C:\WINDOWS\system32\log.txt
c:\windows\system32\mshta.exe.mui
c:\windows\system32\msrating.dll.mui
c:\windows\system32\ProductTweaks.xml
c:\windows\system32\secupdat.dat
c:\windows\system32\user_gensett.xml
c:\windows\system32\xa425904984.exe
c:\windows\system32\xa425909359.exe
C:\xxweksc.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\376140820
C:\aaw7boot.cmd
C:\upload_moi_PHOTOS.tar.gz
c:\windows\_id.dat
c:\windows\adobe.bat
c:\windows\system32\dllcache\corpol.dll
C:\WINDOWS\system32\drivers\bdfm.sys
c:\windows\system32\ie4uinit.exe.mui
c:\windows\system32\iedkcs32.dll
c:\windows\system32\iedkcs32.dll.mui
c:\windows\system32\mshta.exe.mui
c:\windows\system32\msrating.dll.mui
c:\windows\system32\ProductTweaks.xml
c:\windows\system32\secupdat.dat
c:\windows\system32\user_gensett.xml
c:\windows\system32\xa425904984.exe
c:\windows\system32\xa425909359.exe
C:\xxweksc.exe
C:\WINDOWS\system32\log.txt . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDFM
-------\Service_bdfm

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-16 au 2009-02-16 ))))))))))))))))))))))))))))))))))))
.

2009-02-15 18:48 . 2009-02-15 18:48 <REP> d-------- C:\Program Files\Disk Heal
2009-02-14 15:32 . 2009-02-14 15:53 121 --a------ C:\WINDOWS\bdagent.INI
2009-02-14 12:32 . 2009-02-14 12:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware2
2009-02-14 11:56 . 2009-02-14 11:58 <REP> d-------- C:\ToolBar SD
2009-02-14 11:30 . 2009-02-14 12:00 <REP> d-------- C:\rsit
2009-02-14 11:05 . 2009-02-14 11:05 <REP> d-------- C:\Program Files\Trend Micro
2009-02-12 19:07 . 2009-02-12 19:07 183 --a------ C:\WINDOWS\dgnsetup.ini
2009-02-11 22:16 . 2009-02-13 17:51 <REP> d-------- C:\Program Files\a-squared Free
2009-02-11 22:12 . 2009-02-11 22:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-11 22:12 . 2009-02-11 22:12 50,968 --a------ C:\WINDOWS\system32\avgfwdx.dll
2009-02-11 22:12 . 2009-02-11 22:12 29,208 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2009-02-11 20:14 . 2009-02-13 01:36 1,070 --a------ C:\WINDOWS\system32\BDUpdateV1.xml
2009-02-11 20:08 . 2009-02-11 20:07 64,160 --a------ C:\WINDOWS\system32\drivers\Lbd.sys
2009-02-11 19:55 . 2009-02-14 09:27 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-02-11 19:54 . 2009-02-11 19:54 <REP> d-------- C:\Program Files\AxBx
2009-02-11 19:52 . 2009-02-11 19:52 <REP> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-11 19:16 . 2009-02-11 19:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Search
2009-02-11 07:19 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2009-02-11 07:18 . 2009-02-11 07:18 <REP> d-------- C:\Program Files\Panda Security
2009-02-10 23:12 . 2009-02-10 23:12 <REP> d-------- C:\Program Files\CleanUp!
2009-02-10 22:29 . 2009-02-16 07:13 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2009-02-10 22:22 . 2009-02-10 22:22 <REP> d-------- C:\d35d4aff26875d33999bdcc5
2009-02-10 22:20 . 2009-02-10 23:14 <REP> d--hs---- C:\Documents and Settings\LocalService\IETldCache
2009-02-10 22:13 . 2009-02-10 22:13 <REP> d-------- C:\WINDOWS\ie8updates
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\Program Files\Windows Desktop Search
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2009-02-10 22:11 . 2009-02-10 22:11 <REP> d-------- C:\Program Files\Windows Media Connect 2
2009-02-10 22:11 . 2008-03-07 18:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2009-02-10 22:11 . 2008-03-07 18:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2009-02-10 22:11 . 2008-03-07 18:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
2009-02-10 22:09 . 2009-02-10 22:10 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2009-02-10 22:08 . 2009-01-11 06:00 79,360 --------- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- C:\Program Files\BitDefender
2009-02-10 21:25 . 2009-02-10 21:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitDefender
2009-02-10 21:24 . 2009-02-10 21:25 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2009-02-10 13:31 . 2009-02-10 13:31 <REP> d-------- C:\Program Files\LicenseAgree
2009-02-08 14:29 . 2009-02-09 16:24 754 --a------ C:\WINDOWS\WORDPAD.INI
2009-02-08 14:17 . 2009-02-08 14:17 <REP> d-------- C:\Program Files\7-Zip
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-02-08 14:15 . 2009-02-08 14:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DriverCure
2009-02-08 11:02 . 2009-02-08 11:02 102 --a------ C:\WINDOWS\wininit.ini
2009-02-08 10:34 . 2009-02-08 12:17 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2009-02-08 10:34 . 2009-02-14 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 10:16 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2009-02-08 10:16 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ C:\WINDOWS\system32\118290.54
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ C:\WINDOWS\118294.78
2009-02-08 10:16 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2009-02-08 09:58 . 2009-02-08 09:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2009-02-08 09:49 . 2009-02-08 09:49 <REP> d-------- C:\photo
2009-02-08 09:49 . 2009-02-14 10:37 <REP> d--hs---- C:\Documents and Settings\Administrateur\IECompatCache
2009-02-08 09:47 . 2009-02-14 10:36 <REP> d--hs---- C:\Documents and Settings\Administrateur\IETldCache
2009-02-08 09:42 . 2009-02-08 09:43 <REP> d--h-c--- C:\WINDOWS\ie8
2009-01-31 13:51 . 2009-01-31 13:51 835,584 --a------ C:\WINDOWS\npdbplug.dll
2009-01-31 13:51 . 2009-01-31 13:51 695,296 --a------ C:\WINDOWS\dtaplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 665,600 --a------ C:\WINDOWS\dbplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2009-01-31 13:51 . 2009-01-31 13:51 61,440 --a------ C:\WINDOWS\dbrmdwb.exe
2009-01-31 13:51 . 2009-01-31 13:51 601 --a------ C:\WINDOWS\npdbplug.xpt
2009-01-31 13:49 . 2009-02-11 19:00 <REP> d-------- C:\Program Files\DeskTopAuthor
2009-01-29 19:03 . 2009-01-29 19:03 <REP> d-------- C:\Program Files\inKline Global
2009-01-29 18:54 . 2009-02-11 19:52 <REP> d-------- C:\Program Files\Lavasoft
2009-01-29 18:54 . 2009-02-12 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-29 18:52 . 2009-02-12 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-29 10:07 . 2009-02-04 19:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Program Files\iTunes
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Program Files\iPod
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- C:\Program Files\QuickTime
2009-01-25 17:46 . 2008-11-07 14:23 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2009-01-24 17:06 . 2009-01-24 17:06 <REP> d-------- C:\Program Files\Polar
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- C:\Program Files\Logitech
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2009-01-24 16:32 . 2009-01-24 16:32 <REP> d-------- C:\Program Files\Audacity
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 11:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-02-12 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-11 19:17 --------- d-----w C:\Program Files\CCleaner
2009-02-11 09:19 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-02-08 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-02-08 11:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 18:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2009-02-02 18:15 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-25 16:48 --------- d-----w C:\Program Files\Fichiers communs\Apple
2009-01-25 16:47 --------- d-----w C:\Program Files\Bonjour
2008-12-30 18:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-12-30 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-12-29 11:21 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
2008-12-29 11:21 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-11-27 18:14 3,532 ----a-w C:\drmHeader.bin
2008-11-11 08:28 4,890,624 ----a-w C:\Program Files\DSAssistant.exe
2008-11-11 08:24 57,344 ----a-w C:\Program Files\AddPort.dll
2008-10-19 17:19 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-09-22 16:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
2008-12-16 16:52 61,440 ----a-w C:\Program Files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

2006-03-02 03:00 41984 80d024dc699b057d58556f7cece22e8d C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 43520 3e722d42e7acd8a5aa1ad021f3eed339 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 43520 62684bd3a2acbbd8034dfc4116a262aa C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 15:14:42 1548288]
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-08-07 15:49:12 499712]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-09-16 18:21:18 139264]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 140800]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-30 11:10:00 394856]

[COLOR=RED] Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec. /COLOR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown/COLOR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contenu du dossier 'Tâches planifiées'

2009-02-15 C:\WINDOWS\Tasks\Ad-Aware Update (Daily).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 20:07]

2009-01-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-16 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-09-17 15:35]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 07:14:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\a2free]
"ImagePath"="\"C:\Program Files\a-squared Free\a2service.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ac97intc]
"ImagePath"="system32\drivers\ac97intc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Connect Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\NSDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Registry Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTRD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu160m.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AEAudio]
"ImagePath"="system32\drivers\AEAudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78u2]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78u2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Apple Mobile Device]
"ImagePath"="\"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Arrakis3]
"ImagePath"="\"C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASBroker]
"ServiceDll"="C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASChannel]
"ServiceDll"="C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atchksrv]
"ImagePath"="C:\Program Files\Intel\AMT\atchksrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\avg8emc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Avgfwdx]
"ImagePath"="system32\DRIVERS\avgfwdx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwdx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AvgRkx86]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Bdfndisf]
"ImagePath"="system32\DRIVERS\bdfndisf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
"ImagePath"="system32\drivers\bdfsfltr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdftdif]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BDSelfPr]
"ImagePath"="\??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BDVEDISK]
"ImagePath"="\??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Bonjour Service]
"ImagePath"="\"C:\Program Files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CognizanceCredMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dpti2o]
"ImagePath"="\SystemRoot\system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\e1express]
"ImagePath"="system32\DRIVERS\e1e5132.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FLEXnet Licensing Service]
"ImagePath"="\"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HECI]
"ImagePath"="system32\DRIVERS\HECI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HpFkCryptService]
"ImagePath"="\"C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpqwmiex]
"ImagePath"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i81x]
"ImagePath"="system32\DRIVERS\i81xnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP0]
"ImagePath"="system32\DRIVERS\wADV01nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP1]
"ImagePath"="system32\DRIVERS\wADV02NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP2]
"ImagePath"="system32\DRIVERS\wADV05NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP3]
"ImagePath"="system32\DRIVERS\wSiINTxx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP4]
"ImagePath"="system32\DRIVERS\wVchNTxx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP5]
"ImagePath"="system32\DRIVERS\wADV07nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP6]
"ImagePath"="system32\DRIVERS\wADV08nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP7]
"ImagePath"="system32\DRIVERS\wADV09nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV0]
"ImagePath"="system32\DRIVERS\wATV01nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV1]
"ImagePath"="system32\DRIVERS\wATV02NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV3]
"ImagePath"="system32\DRIVERS\wATV04nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV4]
"ImagePath"="system32\DRIVERS\wCh7xxNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV5]
"ImagePath"="system32\DRIVERS\wATV10nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV6]
"ImagePath"="system32\DRIVERS\wATV06nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ialm]
"ImagePath"="system32\DRIVERS\igxpmp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iaStor]
"ImagePath"="System32\DRIVERS\iaStor.sys\00aStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXSpMgtSrv]
"ImagePath"="C:\WINDOWS\system32\ifxspmgt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXTCS]
"ImagePath"="C:\WINDOWS\system32\ifxtcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXTPM]
"ImagePath"="system32\DRIVERS\IFXTPM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntelIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iPod Service]
"ImagePath"="\"C:\Program Files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Lavasoft Ad-Aware Service]
"ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Lbd]
"ImagePath"="system32\DRIVERS\Lbd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LIVESRV]
"ImagePath"="\"C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LMS]
"ImagePath"="C:\Program Files\Intel\AMT\LMS.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\magicpvt]
"ImagePath"="system32\drivers\magicpvt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MagicTune]
"ImagePath"="system32\drivers\MTiCtwl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\McAfee HackerWatch Service]
"ImagePath"="\"C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeAVFK]
"ImagePath"="system32\drivers\MfeAVFK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeBOPK]
"ImagePath"="system32\drivers\MfeBOPK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mfehidk]
"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeRKDK]
"ImagePath"="system32\drivers\MfeRKDK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mfetdik]
"ImagePath"="system32\drivers\mfetdik.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MPFP]
"ImagePath"="System32\Drivers\Mpfp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MpfService]
"ImagePath"="\"C:\Program Files\McAfee\MPF\MPFSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSQL$MSSMLBIZ]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe\" -sMSSMLBIZ"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSQLServerADHelper]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\myAgtSvc]
"ImagePath"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NMSAccess]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\P3]
"ImagePath"="system32\DRIVERS\p3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pavboot]
"ImagePath"="system32\drivers\pavboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCA]
"ImagePath"="C:\WINDOWS\SMINST\PCAngel.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCAMPR5]
"ImagePath"="\??\C:\WINDOWS\system32\PCAMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCANDIS5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PersonalSecureDrive]
"ImagePath"="\SystemRoot\System32\drivers\psd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PersonalSecureDriveService]
"ImagePath"="C:\WINDOWS\system32\IfxPsdSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Profos]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RsvLock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RTL8187B]
"ImagePath"="system32\DRIVERS\wg111v3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SafeBoot]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASDIFSV]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASENUM]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASKUTIL]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbAlg]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbFsLock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbHpNp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\scan]
"ServiceDll"="C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiAccess]
"ImagePath"="C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SQLBrowser]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SQLWriter]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\srservice]
"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SwPrv]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{C0498390-AFC8-4C46-8C98-ABFB2624336E}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc810]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc8xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Symmpi]
"ImagePath"="\SystemRoot\system32\DRIVERS\symmpi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_hi]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_u3]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\tmcomm]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\tmcomm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TPkd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Trufos]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UGatherer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UNS]
"ImagePath"="C:\Program Files\Intel\AMT\UNS.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSSERV]
"ImagePath"="\"C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

Réponse 53 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
16 févr. 2009 à 09:13

Salut,

on continue .... dans l'ordre :

1- Refais un coup de CCleaner (registre compris).

===================

2- Télécharge RavAntivirus d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

! Déconnecte toi et ferme toutes tes applications en cours !

!!IMPORTANT : Si tu as une clé USB, disque dur externe, etc, branche-les à ton PC (sans les ouvrir) avant de lancer ce FIX !!

---> Fais un clique droit sur le fichier .ZIP : "Extraire tout" --> sur le Bureau

Puis doucle-clique sur RAV.exe afin de lancer l'outil.

Une fois RAV ANTIVIRUS lancé, laisse le faire : il scanne automatiquement tout les lecteurs (disques dur et amovibles)

* Si il détecte une infection : un rapport s'établira --> sauvegarde le ...
* Sinon le soft affichera (rapidement) ceci : "Votre Ordinateur est sain" --> dans ce cas , tu peux fermer le prg ...

Enfin ,tu retires tes disques amovibles et redémarre PC .

Puis poste le rapport si il y a infection ...

========================

3- ! Désactive ton anti-virus !

Puis télécharge Flash_Disinfector de sUBs ici :

https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Enregistre le sur ton bureau.

!! Déconnecte toi, ferme toutes tes applications le temps de la manipe !!

Double clique sur Flash_Disinfector.exe pour le lancer ...

Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
->connecte toutes tes clés USB et périphériques USB externes susceptibles d'avoir été infectés .

Puis clique sur Ok .

Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: " Done!! "

Appuie sur "Ok" pour finir le procédé et pour faire réapparaitre le bureau ...

Une fois ceci fait , supprime Flash_Disinfector ( clique droit / supprimer ) et réactive ton anti-virus ...

==========================

3- dis moi ce que cela a donné , si il y a du mieux et poste moi un nouveau rapport RSIT ( log.txt ) pour analyse et attends la suite ....

Réponse 54 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
16 févr. 2009 à 15:44

malheureusement
toujours pas d'internet

et quand je veux crééer un compte utilisateur il me met

windows ne trouve pas

c windows systeme 32 rundll32.exe

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-16 15:40:58
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 16 GB (11%) free of 142 GB
Total RAM: 2002 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41, on 2009-02-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.samsung.com/us/support/downloads/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Réponse 55 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
16 févr. 2009 à 15:55

bon ...

fais ceci stp :

Télécharger haxfix sur le bureau :
http://users.telenet.be/marcvn/tools/haxfix.exe

! Se déconnecter d'internet et fermer toutes applications en cours !

A- Installation :
* Double clique sur haxfix.exe pour installer l'outil .
(Ne pas modifier les paramètre d'installe ! C:\program Files\haxfix)
* Coche "Create a desktop icon" .
* Clique "Next" .
* Quand l'installation est terminée, s'assurer que "Launch HaxFix" est coché .
* Puis clique "Finish" .

B- Utilisation :
Après l'installe , Une "fenêtre DOS" à fond rouge s'ouvre avec les options suivantes:
1. Make logfile (créer un rapport)
2. Run auto fix (lancer la réparation en mode automatique)
3. Run manual fix (lancer la réparation en mode manuel)
E. Exit Haxfix (quitter Haxfix)

* Selectionne l'option " Make logfile " : tape 1 puis tape [Entrée] .
> Haxfix va analyser le système . Ne rien faire et laisser travailler l'outil ...

Quand il a fini, un rapport s'ouvrira: haxlog.txt
(le rapport sera en outre sauvegardé ici > C:\haxlog.txt)

Colle ce rapport dans ta prochiane réponse pour analyse ...

Réponse 56 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
16 févr. 2009 à 20:01

salut

me re voilà

HAXFIX logfile - by Marckie

version 5.063
2009-02-16 18:23:29.89
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
no matching services found

checking for matching safeboot services
no matching safeboot services found

--- Checking for Goldun - Spybanker ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for random used files and services
-- these files are not necessarily malicious
-- scanning all folders
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHS\RegAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHS\TokenAuth.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\RasAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\RegAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\TokenAuth.dll
C:\Documents and Settings\Administrateur\Bureau\PIXELPOST\language\lang-japanese.php
C:\PHOTOS\photo apple\106CANON\Thumbs.db
C:\PHOTOS\photo apple\107CANON\Thumbs.db
C:\PHOTOS\photo apple\2007_07_11\Thumbs.db
C:\PHOTOS\photo apple\2007_07_16\Thumbs.db
C:\PHOTOS\photo apple\2007_10_28\Thumbs.db
C:\PHOTOS\photo apple\2007_10_31\Thumbs.db
C:\Program Files\Adobe\Adobe Bridge CS3\db_support\data\mysql\time_zone_leap_second.frm
C:\Program Files\BitDefender\BitDefender 2009\FRA\general.ui
C:\Program Files\BitDefender\BitDefender 2009\FRA\reg_sup.ui
C:\Program Files\BitDefender\BitDefender 2009\FRA\Vulnerability.ui
C:\Program Files\BitDefender\BitDefender 2009\Skin\Default\priv_add.bmp
C:\Program Files\DeskTopAuthor\DeskTopAuthor\templates\sport_rugby\sport_rugby_body_1.dmt
C:\Program Files\DeskTopAuthor\DeskTopAuthor\templates\travel_suitcase\travel_suitcase_inside1_frame1.jpg
C:\Program Files\Fichiers communs\Adobe\Help\ar_AE\Bridge\2.0\index_11.html
C:\Program Files\Fichiers communs\Adobe\Help\en_US\Bridge\2.0\WSCA40FBEF-A625-4422-B04C-FACFEBF417B9.html
C:\Program Files\Fichiers communs\Adobe\Help\es_ES\Bridge\2.0\WS909C93A9-6AE2-4ce4-BCC5-15CF3FB9B3C3.html
C:\Program Files\Fichiers communs\Adobe\Help\fi_FI\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-736e.html
C:\Program Files\Fichiers communs\Adobe\Help\nb_NO\Bridge\2.0\WS909C93A9-6AE2-4ce4-BCC5-15CF3FB9B3C3.html
C:\Program Files\Fichiers communs\Adobe\Help\uk_UA\Bridge\2.0\WSC89F165A-E723-4ce9-96C5-B69BCEF96828.html
C:\Program Files\Fichiers communs\Adobe\Help\zh_TW\DeviceCentral\1.0\index_13.html
C:\Program Files\Fichiers communs\Nikon\Utilities\Capture NX\ExtensionSetup\Capture NX\Help\EN\html\images\all\13_2a.jpg
C:\Program Files\Hewlett-Packard\Drive Encryption\Graphics\Shared\Thumbs.db
C:\Program Files\Hewlett-Packard\Drive Encryption\Languages\000a\Token_01008003.rtf
C:\Program Files\Hewlett-Packard\IAM\Bin\CHS\RegAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHS\TokenAuth.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\RasAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\RegAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\TokenAuth.dll
C:\Program Files\InterVideo\WinDVD\Html\FRC\InterVideo.html
C:\Program Files\Nikon\Nikon Transfer\NktPMConverterLang.dll
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
C:\WINDOWS\$NtServicePackUninstall$\asferror.dll
C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
C:\WINDOWS\Fonts\ega40857.fon
C:\WINDOWS\Fonts\modern.fon
C:\WINDOWS\ie8\icardie.dll.mui
C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.inf
C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6614.CHM
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_compiler.resources.dll
C:\WINDOWS\ServicePackFiles\i386\ident2.htm
C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
C:\WINDOWS\ServicePackFiles\i386\mscortim.dll
C:\WINDOWS\ServicePackFiles\i386\tty.dll
C:\WINDOWS\system32\oobe\setup\ident2.htm
no matching random used services found

checking for browser helper objects
no known browser helper objects found

checking for appinit files
no files found

checking for possible infected files
please submit these file here: https://www.bleepingcomputer.com/submit-malware.php?channel=11
no files found

checking for Active Setup Installed Components
no known Active Setup Installed Components found

checking iexplore.exe
iexplore.exe is not infected

--- Checking for other Goldun, Spybanker and Haxdoor files ---
C:\WINDOWS\system32\bdod.bin

--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 19:51:01
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\gaopdxowkatvat.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules]
"gaopdxserv"="\\?\globalroot\systemroot\system32\drivers\gaopdxowkatvat.sys"
"gaopdxl"="\\?\globalroot\systemroot\system32\gaopdxyktfnsoq.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001a7
"TracesSuccessful"=dword:0000019f
"LastTraceFailure"=dword:00000020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

--- Analysing Catchme logfile ---

no matching regkeys found

Finished!

Réponse 57 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
16 févr. 2009 à 20:17

tient tient ....

intéressant .... fais ce qui suit dans l'ordre :

1- ! Se déconnecter d'internet et fermer toutes applications en cours !

* Relance haxfix :
Ouvre le dossier C:\Program Files\haxfix et double-cliquer sur "fix.bat"
(ou double-clique sur l'icone du bureau "fix.bat" )

> Selectionne "Run auto fix" : tapes cette fois sur 2 puis sur [Entrée] .

L'outil se lance ...

si une infection est trouvée, Vous aurez un message demandant de fermer toutes les autres fenêtres ouvertes.

* A se momment là, tape sur de nouveau sur [Entrée] .
* Le PC sera re-démarré , laisse faire ...
* En fin de re-démarrage un rapport s'ouvrira .
(le rapport sera en outre sauvegardé ici > C:\haxlog.txt)

> Poste le contenu de ce rapport pour analyse ...

2- Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tape ou fais un copier coller de : gaopdxserv

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...

Puis recommence avec :
gaopdx

> postes moi les 2 rapports obtenus ....

Réponse 58 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
17 févr. 2009 à 07:20

HAXFIX logfile - by Marckie

version 5.063
2009-02-16 20:33:33.53

--- Auto Haxdoorfix ---

Haxdoorfix Part 1

no infections found

Haxdoorfix Part 2

searching for notifykeys
no notifykeys found

searching for services
no services found

searching for safeboot services
no safeboot services found

--- Goldun- and SpyBankerfix ---

searching for other goldun- spybanker- and haxdoorfiles:
C:\WINDOWS\system32\bdod.bin

checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys
no SSODLkeys found

searching for browser helper objects
no known browser helper objects found

searching for appinit files

checking for Active Setup Installed Components
no known Active Setup Installed Components found

searching for notifykeys
no notify keys found

searching for services
no services found

--- Registrysettings ---

not necessary

.....rebooting the computer.....

--- searching for ssodlkeys ---

not necessary

--- searching for notifykeys ---

not necessary

--- searching for services ---

not necessary

--- searching for safeboot services ---

not necessary

--- searching for browser helper objects ---

--- searching for active setup installed components ---

no known Active Setup Installed Components found

--- searching for files ---

C:\WINDOWS\system32\bdod.bin found
deleting C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\bdod.bin has been deleted

--- searching for other files in the system32 folder ---

--- searching for other files in windows folder ---

no other files found in the windows folder

--- searching for a3d files ---

no a3d files found

--- checking registry settings ---

not necessary

--- Catchme logfile ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 20:35:27
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\gaopdxowkatvat.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules]
"gaopdxserv"="\\?\globalroot\systemroot\system32\drivers\gaopdxowkatvat.sys"
"gaopdxl"="\\?\globalroot\systemroot\system32\gaopdxyktfnsoq.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

--- checking for random used files and services ---
- these files and service are not necessarily malicious
- these files and services will not be deleted by HaxFix
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHS\RegAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHS\TokenAuth.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\RasAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\RegAdmin.dll
C:\compaq\ProtectTools\Credential_Manager\Program Files\Hewlett-Packard\IAM\Bin\CHT\TokenAuth.dll
C:\Documents and Settings\Administrateur\Bureau\PIXELPOST\language\lang-japanese.php
C:\PHOTOS\photo apple\106CANON\Thumbs.db
C:\PHOTOS\photo apple\107CANON\Thumbs.db
C:\PHOTOS\photo apple\2007_07_11\Thumbs.db
C:\PHOTOS\photo apple\2007_07_16\Thumbs.db
C:\PHOTOS\photo apple\2007_10_28\Thumbs.db
C:\PHOTOS\photo apple\2007_10_31\Thumbs.db
C:\Program Files\Adobe\Adobe Bridge CS3\db_support\data\mysql\time_zone_leap_second.frm
C:\Program Files\BitDefender\BitDefender 2009\FRA\general.ui
C:\Program Files\BitDefender\BitDefender 2009\FRA\reg_sup.ui
C:\Program Files\BitDefender\BitDefender 2009\FRA\Vulnerability.ui
C:\Program Files\BitDefender\BitDefender 2009\Skin\Default\priv_add.bmp
C:\Program Files\DeskTopAuthor\DeskTopAuthor\templates\sport_rugby\sport_rugby_body_1.dmt
C:\Program Files\Fichiers communs\Adobe\Help\ar_AE\Bridge\2.0\index_11.html
C:\Program Files\Fichiers communs\Adobe\Help\en_US\Bridge\2.0\WSCA40FBEF-A625-4422-B04C-FACFEBF417B9.html
C:\Program Files\Fichiers communs\Adobe\Help\es_ES\Bridge\2.0\WS909C93A9-6AE2-4ce4-BCC5-15CF3FB9B3C3.html
C:\Program Files\Fichiers communs\Adobe\Help\nb_NO\Bridge\2.0\WS909C93A9-6AE2-4ce4-BCC5-15CF3FB9B3C3.html
C:\Program Files\Fichiers communs\Adobe\Help\uk_UA\Bridge\2.0\WSC89F165A-E723-4ce9-96C5-B69BCEF96828.html
C:\Program Files\Fichiers communs\Adobe\Help\zh_TW\DeviceCentral\1.0\index_13.html
C:\Program Files\Fichiers communs\Nikon\Utilities\Capture NX\ExtensionSetup\Capture NX\Help\EN\html\images\all\13_2a.jpg
C:\Program Files\Hewlett-Packard\Drive Encryption\Graphics\Shared\Thumbs.db
C:\Program Files\Hewlett-Packard\Drive Encryption\Languages\000a\Token_01008003.rtf
C:\Program Files\Hewlett-Packard\IAM\Bin\CHS\RegAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHS\TokenAuth.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\RasAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\RegAdmin.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\CHT\TokenAuth.dll
C:\Program Files\InterVideo\WinDVD\Html\FRC\InterVideo.html
C:\Program Files\Nikon\Nikon Transfer\NktPMConverterLang.dll
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
C:\WINDOWS\$NtServicePackUninstall$\asferror.dll
C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
C:\WINDOWS\Fonts\ega40857.fon
C:\WINDOWS\Fonts\modern.fon
C:\WINDOWS\ie8\icardie.dll.mui
C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.inf
C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6614.CHM
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_compiler.resources.dll
C:\WINDOWS\ServicePackFiles\i386\ident2.htm
C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
C:\WINDOWS\ServicePackFiles\i386\mscortim.dll
C:\WINDOWS\ServicePackFiles\i386\tty.dll
C:\WINDOWS\system32\oobe\setup\ident2.htm
no matching services found

Finished

2009-02-17 ---- 7:17:40.76

----------------------------------
§§§§§§ [gaopdx] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

idem pour gaopdxserv
merci (ce fut long)

Réponse 59 / 115

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
17 févr. 2009 à 09:52

Salut,

bizard que OAD ne trouve rien ...

fais ceci stp :

1- Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double clique sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copie ce qui se trouve en citation ci-dessous,

:Processes
explorer.exe

:Services
gaopdxserv.sys

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys] 

:Commands
[purity]
[emptytemp]
[Reboot]

et colle le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

==========================

2- Télécharge ZHPDiag de Nicolas Coolman sur ton bureau :

-> http://www.premiumorange.com/zeb-help-process/download/ZHPDiag.zip
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

!! déconnecte toi et ferme toutes tes applications en cours !!

* Clique droit sur le .zip que tu viens de télécharger et choisis " extraire tout " sur ton bureau ...

* Double-clique sur "ZHPDiag.exe" pour lancer l'outil :

> Clique sur le bouton " Tous " ( important ).

> puis clique sur le bouton de "la loupe" pour lancer le scan .

Laisses travailler l'outil ...

> Une fois terminé , le rapport s'affiche : clique sur bouton "appareil photo" pour sauvegarder le rapport obtenu ...

Enregistres bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).

Puis ferme le programme ...

Enfin , fais un copier/coller du contenu du rapport sauvegardé dans ta prochaine réponse pour analyse ...

Réponse 60 / 115

lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
17 févr. 2009 à 21:33

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service gaopdxserv.sys .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\atchksrv.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_211602

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\atchksrv.log scheduled to be moved on reboot.

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 2009-02-17 21:25:11
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18372
MFIE: Mozilla Firefox (3.0.6)

---\\ Processus lancés
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\system32\SearchIndexer.exe

---\\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
O3 - Toolbar: IEToolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data="67108863"
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data="255"
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Paramètres par défaut des options Internet Explorer (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=https://www8.hp.com/fr/fr/home.html

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: C:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: OnStartup - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: a-squared Free Service (a2free) - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex (hpqwmiex) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee HackerWatch Service (McAfee HackerWatch Service) - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart
O23 - Service: PC Angel (PCA) - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: ScsiAccess (ScsiAccess) - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Enregistreur VSS SQL Server (SQLWriter) - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service
O23 - Service: Windows Search (WSearch) - C:\WINDOWS\system32\SearchIndexer.exe /Embedding

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Lecteur Windows Media - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.8 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Mise à jour de sécurité pour Windows XP (KB923789) - {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: (no name) - {D27CDB6E-AE6D-11cf-96B8-444553540000} - (not file)
O40 - ASIC: IE7 Uninstall Stub - {DB6CFC41-0456-E760-3B69-1510F175D0F0} - (not file)
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: RootsUpdate - {EF289A85-8E57-408d-BE47-73B55609861A} - (not file)
O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Service d'installation du pilote audio Intel(r) 82801 (WDM) (ac97intc) - C:\WINDOWS\system32\drivers\ac97intc.sys
O41 - Driver: Ad-Watch Connect Kernel Filter (Ad-Watch Connect Filter) - C:\WINDOWS\system32\drivers\NSDriver.sys
O41 - Driver: AW Real-Time Scanner (Ad-Watch Real-Time Scanner) - C:\WINDOWS\system32\drivers\AWRTPD.sys
O41 - Driver: Ad-Watch Registry Kernel Filter (Ad-Watch Registry Filter) - C:\WINDOWS\system32\drivers\AWRTRD.sys
O41 - Driver: ADI UAA Function Driver for High Definition Audio Service (ADIHdAudAddService) - C:\WINDOWS\system32\drivers\ADIHdAud.sys
O41 - Driver: adpu320 (adpu320) - C:\WINDOWS\system32\DRIVERS\adpu320.sys
O41 - Driver: AE Audio Service (AEAudio) - C:\WINDOWS\system32\drivers\AEAudio.sys
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: AEGIS Protocol (IEEE 802.1x) v3.4.5.0 (AegisP) - C:\WINDOWS\system32\DRIVERS\AegisP.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: (no object) (Avgfwdx) - C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
O41 - Driver: AVG network filter service (Avgfwfd) - C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: bdfsfltr (bdfsfltr) - C:\WINDOWS\system32\drivers\bdfsfltr.sys
O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
O41 - Driver: BDVEDISK (BDVEDISK) - C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Pilote de carte Intel (R) PRO (E100B) - C:\WINDOWS\system32\DRIVERS\e100b325.sys
O41 - Driver: Intel(R) PRO/1000 PCI Express Network Connection Driver (e1express) - C:\WINDOWS\system32\DRIVERS\e1e5132.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: GEAR ASPI Filter Driver (GEARAspiWDM) - C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Intel(R) Management Engine Interface (HECI) - C:\WINDOWS\system32\DRIVERS\HECI.sys
O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (no object) (i81x) - C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
O41 - Driver: (no object) (iAimFP0) - C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
O41 - Driver: (no object) (iAimFP1) - C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
O41 - Driver: (no object) (iAimFP2) - C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
O41 - Driver: (no object) (iAimFP3) - C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
O41 - Driver: (no object) (iAimFP4) - C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
O41 - Driver: (no object) (iAimFP5) - C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
O41 - Driver: (no object) (iAimFP6) - C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
O41 - Driver: (no object) (iAimFP7) - C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
O41 - Driver: (no object) (iAimTV0) - C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
O41 - Driver: (no object) (iAimTV1) - C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
O41 - Driver: (no object) (iAimTV3) - C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
O41 - Driver: (no object) (iAimTV4) - C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
O41 - Driver: (no object) (iAimTV5) - C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
O41 - Driver: (no object) (iAimTV6) - C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
O41 - Driver: Intel RAID Controller (iaStor) - C:\WINDOWS\System32\DRIVERS\iaStor.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Lbd (Lbd) - C:\WINDOWS\system32\DRIVERS\Lbd.sys
O41 - Driver: MagicTune (MagicTune) - C:\WINDOWS\system32\drivers\MTiCtwl.sys
O41 - Driver: McAfee Inc. MfeAVFK (MfeAVFK) - C:\WINDOWS\system32\drivers\MfeAVFK.sys
O41 - Driver: McAfee Inc. MfeBOPK (MfeBOPK) - C:\WINDOWS\system32\drivers\MfeBOPK.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) - C:\WINDOWS\system32\drivers\mfehidk.sys
O41 - Driver: McAfee Inc. MfeRKDK (MfeRKDK) - C:\WINDOWS\system32\drivers\MfeRKDK.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) - C:\WINDOWS\system32\drivers\mfetdik.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: MPFP (MPFP) - C:\WINDOWS\System32\Drivers\Mpfp.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Pilote processeur Intel Pentium III (P3) - C:\WINDOWS\system32\DRIVERS\p3.sys
O41 - Driver: (no object) (pavboot) - C:\WINDOWS\system32\drivers\pavboot.sys
O41 - Driver: PCAMPR5 NDIS Protocol Driver (PCAMPR5) - C:\WINDOWS\system32\PCAMPR5.SYS
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver (RTL8187B) - C:\WINDOWS\system32\DRIVERS\wg111v3.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Serenum Filter Driver (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Symmpi (Symmpi) - C:\WINDOWS\system32\DRIVERS\symmpi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: tmcomm (tmcomm) - C:\WINDOWS\system32\drivers\tmcomm.sys
O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
O41 - Driver: Apple Mobile USB Driver (USBAAPL) - C:\WINDOWS\System32\Drivers\usbaapl.sys
O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Interface de gestion Microsoft Windows pour ACPI (WmiAcpi) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
O41 - Driver: MBAMSwissArmy (MBAMSwissArmy) - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O41 - Driver: PCANDIS5 NDIS Protocol Driver (PCANDIS5) - C:\WINDOWS\system32\PCANDIS5.SYS

---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 4.62
O42 - Logiciel: a-squared Free 4.0
O42 - Logiciel: Panda ActiveScan 2.0
O42 - Logiciel: Ad-Aware
O42 - Logiciel: Adobe Photoshop CS3
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Capture NX
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: CleanUp!
O42 - Logiciel: Click! by nik 1.0d
O42 - Logiciel: Disk Heal
O42 - Logiciel: DxO Optics Pro v3.5 Application
O42 - Logiciel: DxO Optics Pro v4.0
O42 - Logiciel: EVEREST Corporate Edition v4.60
O42 - Logiciel: Glary Utilities 2.7.268
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: Interface Intel® Management Engine
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Internet Explorer 8 Release Candidate 1
O42 - Logiciel: NETGEAR WG111v3 wireless USB 2.0 adapter
O42 - Logiciel: IsoBuster 2.4
O42 - Logiciel: High Definition Audio - KB888111
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Windows Search 4.0
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Service de protection par firewall McAfee
O42 - Logiciel: Technologie d’administration active Intel®
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
O42 - Logiciel: Microsoft SQL Server 2005
O42 - Logiciel: Mozilla Firefox (3.0.6)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Multi Virus Cleaner 2008
O42 - Logiciel: Nikon FotoShare
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: PDF Complete
O42 - Logiciel: Photodex Presenter
O42 - Logiciel: Picasa 2
O42 - Logiciel: ProShow Producer
O42 - Logiciel: Revo Uninstaller 1.75
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Adobe Help Viewer CS3
O42 - Logiciel: Adobe Bridge Start Meeting
O42 - Logiciel: Windows Installer Clean Up
O42 - Logiciel: Adobe WinSoft Linguistics Plugin
O42 - Logiciel: QuickTime
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: File Uploader
O42 - Logiciel: Adobe Stock Photos CS3
O42 - Logiciel: Drive Encryption for HP ProtectTools
O42 - Logiciel: HP ProtectTools Security Manager
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1
O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
O42 - Logiciel: HP Backup and Recovery Manager
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
O42 - Logiciel: Adobe Linguistics CS3
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Gestionnaire de contacts professionnels pour Outlook 2007
O42 - Logiciel: Adobe Fonts All
O42 - Logiciel: BIOS Configuration for HP ProtectTools
O42 - Logiciel: Adobe Asset Services CS3
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Adobe Color EU Recommended Settings
O42 - Logiciel: Microsoft SQL Server VSS Writer
O42 - Logiciel: Polar WebLink 2.4.9
O42 - Logiciel: Intel(R) PRO Network Connections 12.1.14.1
O42 - Logiciel: DivX Codec
O42 - Logiciel: Adobe XMP Panels CS3
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Picture Control Utility
O42 - Logiciel: Bonjour
O42 - Logiciel: DivX Player
O42 - Logiciel: Adobe Device Central CS3
O42 - Logiciel: Adobe Type Support
O42 - Logiciel: Adobe Anchor Service CS3
O42 - Logiciel: InterVideo WinDVD
O42 - Logiciel: Adobe Setup
O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: Microsoft SQL Server Native Client
O42 - Logiciel: Adobe Bridge CS3
O42 - Logiciel: Logitech Z-series Software 1.04
O42 - Logiciel: Adobe CMaps
O42 - Logiciel: Adobe Color - Photoshop Specific
O42 - Logiciel: Adobe Photoshop Lightroom 2.2
O42 - Logiciel: ArcSoft Panorama Maker 3
O42 - Logiciel: HP Help and Support
O42 - Logiciel: PDF Settings
O42 - Logiciel: DivX Converter
O42 - Logiciel: Adobe Camera Raw 4.0
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: MagicRotation
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Adobe Default Language CS3
O42 - Logiciel: PC Booster
O42 - Logiciel: Credential Manager for HP ProtectTools
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Adobe ExtendScript Toolkit 2
O42 - Logiciel: Synology Assistant
O42 - Logiciel: WinZip 11.1
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Adobe Version Cue CS3 Client
O42 - Logiciel: Adobe PDF Library Files
O42 - Logiciel: Nikon Message Center
O42 - Logiciel: Adobe Color Common Settings
O42 - Logiciel: Adobe Color JA Extra Settings
O42 - Logiciel: Adobe Update Manager CS3
O42 - Logiciel: Nikon Transfer
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: ViewNX
O42 - Logiciel: SoundMAX
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729)
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01
O42 - Logiciel: Embedded Security for HP ProtectTools
O42 - Logiciel: iTunes
O42 - Logiciel: BitDefender Total Security 2009
O42 - Logiciel: Adobe Color NA Extra Settings
O42 - Logiciel: PictureProject

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Macrovision Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\McAfee
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\muvee Technologies
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Nikon
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\PACE Anti-Piracy
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Wise Installation Wizard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\postureAgent

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\118290.54 -->2009-02-08
O44 - LFC:Last File Created - C:\WINDOWS\System32\1d48b0c5-.txt -->2009-02-07
O44 - LFC:Last File Created - C:\WINDOWS\System32\admparse.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll.mui -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->2009-02-10
O44 - LFC:Last File Created - C:\WINDOWS\System32\AUTOEXEC.NT -->2008-11-20
O44 - LFC:Last File Created - C:\WINDOWS\System32\avgfwdx.dll -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\BDUpdateV1.xml -->2009-02-13
O44 - LFC:Last File Created - C:\WINDOWS\System32\Config.MPF -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\corpol.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\d3d9caps.dat -->2009-02-04
O44 - LFC:Last File Created - C:\WINDOWS\System32\driver.dat -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtmsft.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtrans.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\icardie.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ie4uinit.exe -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakeng.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieaksie.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakui.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dat -->2008-12-14
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll.mui -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\iepeers.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\iernonce.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\iertutil.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\iesetup.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieudinit.exe -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieui.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieuinit.inf -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\imgutil.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\inetcpl.cpl -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\inseng.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\jscript.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\jsproxy.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\licmgr10.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\log.txt -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\magicpvt.dat -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeeds.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedsbs.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedssync.exe -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshta.exe -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.tlb -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmled.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmler.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\msls31.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\msrating.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\mstime.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->2009-02-10
O44 - LFC:Last File Created - C:\WINDOWS\System32\occache.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->2009-02-12
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->2009-02-12
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->2009-02-12
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->2009-02-12
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->2009-02-12
O44 - LFC:Last File Created - C:\WINDOWS\System32\pngfilt.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\ProductTweaks.xml -->2009-02-16
O44 - LFC:Last File Created - C:\WINDOWS\System32\QuickTime.qts -->2009-01-05
O44 - LFC:Last File Created - C:\WINDOWS\System32\QuickTimeVR.qtx -->2009-01-05
O44 - LFC:Last File Created - C:\WINDOWS\System32\spupdwxp.log -->2009-01-04
O44 - LFC:Last File Created - C:\WINDOWS\System32\swunilog.ini -->2008-11-21
O44 - LFC:Last File Created - C:\WINDOWS\System32\tdc.ocx -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->2008-12-30
O44 - LFC:Last File Created - C:\WINDOWS\System32\unWdWu.exe -->2008-11-21
O44 - LFC:Last File Created - C:\WINDOWS\System32\unwlsdrv.exe -->2008-11-21
O44 - LFC:Last File Created - C:\WINDOWS\System32\url.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\user_gensett.xml -->2009-02-16
O44 - LFC:Last File Created - C:\WINDOWS\System32\vbscript.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\webcheck.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\WinFXDocObj.exe -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->2009-01-15
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->2009-02-17
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\AegisP.sys -->2008-11-24
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgfwdx.sys -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\bdfsfltr.sys -->2008-12-10
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\Lbd.sys -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2009-02-11
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\srv.sys -->2008-12-11

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWSERVICE.EXE-3B93EBA3.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWTRAY.EXE-1858AE3F.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-102E374C.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASGHOST.EXE-3844295B.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HAXFIX.EXE-0602BD7F.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IESHOW.EXE-0AED1730.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INITIALIZE.EXE-110970DF.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-15823303.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LCDCLOCK.EXE-15E3B197.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LCDMON.EXE-1C4A0D54.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MAGICPVT.EXE-0204C2FC.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MD5FILE.EXE-2A1CA08F.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MYAGTSVC.EXE-2F1FF92E.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MYUSRSRV4.9.2.217.EXE-31B8719D.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NKBMONITOR.EXE-2197887E.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NKMONITOR.EXE-2F5083F8.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD2.EXE-28683216.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OAD.EXE-0AE0420B.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OTMOVEIT3.EXE-188EE606.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PTSERVS.EXE-3983B556.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->2009-02-14
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SCARDSVR.EXE-12E160E4.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-148579FB.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-0C3FA3AC.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-07994D9B.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-0845FB9F.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-1D502E3C.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNSECAPP.EXE-1A95A33B.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VFIND.EXE-331E0603.pf -->2009-02-16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSSEARCH.EXE-20C0F767.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WORDPAD.EXE-02314C89.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WZQKPICK.EXE-350A392A.pf -->2009-02-17
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZHPDIAG.EXE-2C6371E9.pf -->2009-02-17

---\\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
O47 - AAKE:Key Export - "C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
O47 - AAKE:Key Export - "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
O47 - AAKE:Key Export - "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
O47 - AAKE:Key Export - "\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - SbHpNp

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\badnrema.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\yajhooht.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\badnrema.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\yajhooht.sys

---\\ Image File Execution Options (IEFO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:

Discussions similaires

Softonic,est-ce un virus ?

Est ce que le site tlauncher est dangereux ?

4 virus en raison d’un porno ????

problême Opéra est ce un virus??

Désinstaller Softonic