Sujet Précédent Sujet Suivant

Ordinateur infecté

Fermé
kawther84 Messages postés 321 Date d'inscription vendredi 8 décembre 2006 Statut Membre Dernière intervention 24 mars 2022 - 21 avril 2011 à 12:01
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 21 avril 2011 à 13:23
Bonjour,
mon ordinateur est atteint par des virus, j'ai fait un rapport ZHPdiag:
Rapport de ZHPDiag v1.27.1867 par Nicolas Coolman, Update du 10/04/2011
Run by Administration at 13/04/2011 08:06:10
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 141 GB (94%) free of 149 GB

---\\ Logged in mode
Computer Name: PROF
User Name: Administration
All Users Names: SUPPORT_388945a0, HelpAssistant, Administration, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Administration\Application Data
%LocalAppData%=C:\Documents and Settings\Administration\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Administration\Menu Démarrer

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 141 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.A91B0454DF71BDF4906EAB2D098A30EC] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/06/2010 13:25:24.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 11:15:54.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]



---\\ Running Processes
[MD5.EF2C4971B8047A93F9E2A4DB0C8528F6] - (.Symantec Corporation - Symantec Settings Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [169320]
[MD5.F62B08F9BD842511792E284C972C7404] - (.Symantec Corporation - Symantec Event Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [191848]
[MD5.E9FA8AFBE203AB0CB58B27E34FA416B0] - (...) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DZEMO.exe [430275]
[MD5.8A09AB7A1FD856ACC469BD0CD4E98351] - (.Symantec Corporation - SPBBC Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [1181016]
[MD5.1C1A3FFD1CB5FC4FD1BE8DADC0E16D0C] - (...) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [73728]
[MD5.78D5B0BF7C2737E861E3B521A2C63810] - (.NetSupport Ltd - NetSupport Client Application.) -- C:\PROGRA~1\NETSUP~1\client32.exe [16447]
[MD5.D31CAD0A43B46CC1362F891E2130D91E] - (.Symantec Corporation - Virus Definition Daemon.) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe [31160]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [322120]
[MD5.856E5A3FC889A4E9B07AF4509269370E] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1956792]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544]
[MD5.8EAF53527D3E8439DD82B1CA43443936] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [134656]
[MD5.8EA6E15586B1063AB1190B082DB0995D] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912]
[MD5.187B4E045DDB3B3FAD5C714A65420C1D] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135680]
[MD5.69B16C7B7746BA5C642FC05B3561FC73] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672]
[MD5.56B9FDDB02F46B33BCA915B61FEB3507] - (.Zbshareware Lab - Antivirus software.) -- C:\Program Files\USB Disk Security\USBGuard.exe [798720]
[MD5.65BE6B668D3AA19D3F397749F6A692BD] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [53096]
[MD5.8887CB85D3D70ED24E6D0E36469B88C9] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\PROGRA~1\SYMANT~1\VPTray.exe [125368]
[MD5.496DB4918FA5F915885D7B599409D463] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712]
[MD5.B404AE1CB4BD09E722A90165A357A11A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [19573352]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016]
[MD5.B8DA797CEA896C42F5BAD9E08E21AF9F] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [1052672]
[MD5.2B7885EA0F34BA522FEFF97738126A84] - (.Unknown owner - SDII MFC Application.) -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [335872]
[MD5.3CAADCE41AF3CAFC00EB8414A864720D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642560]



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R0 - HKUS\S-1-5-21-839522115-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R1 - HKUS\S-1-5-21-839522115-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)) -- C:\WINDOWS\system32\ieframe.dll



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DZEMO.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL



---\\ ---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [USB Antivirus] . (.Zbshareware Lab - Antivirus software.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [vptray] . (.Symantec Corporation - Symantec AntiVirus.) -- C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Yahoo Messenger] Orphean Key
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-839522115-527237240-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-839522115-527237240-1801674531-1003\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk . (.SEIKO EPSON CORPORATION.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microtek Scanner Finder.lnk . (...) -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe



---\\ ---\\ Other User Links (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Administration\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Administration\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Administration\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Administration\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: S&end to OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{414AC9C6-939D-4258-A2BF-1D6C664F4D68}: NameServer = 193.95.66.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{414AC9C6-939D-4258-A2BF-1D6C664F4D68}: NameServer = 193.95.66.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{414AC9C6-939D-4258-A2BF-1D6C664F4D68}: NameServer = 193.95.66.11



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: NavLogon . (.Symantec Corporation - Symantec AntiVirus Logon Notification.) -- C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (ccEvtMgr) . (.Symantec Corporation - Symantec Event Manager Service.) - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: (ccSetMgr) . (.Symantec Corporation - Symantec Settings Manager Service.) - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: (Client32) . (.NetSupport Ltd - NetSupport Client Application.) - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: (DefWatch) . (.Symantec Corporation - Virus Definition Daemon.) - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (EpsonBidirectionalService) . (...) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: (LiveUpdate) . (.Symantec Corporation - LiveUpdate Engine COM Module.) - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: (mchInjDrv) - Orphean Key
O23 - Service: (SavRoam) . (.symantec - SAVRoam.) - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: (SNDSrvc) . (.Symantec Corporation - Network Driver Service.) - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: (SPBBCSvc) . (.Symantec Corporation - SPBBC Service.) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe



---\\ Drivers launched at startup (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (SAVRT) . (.Symantec Corporation - AutoProtect.) - C:\Program Files\Symantec AntiVirus\savrt.sys
O41 - Driver: (SAVRTPEL) . (.Symantec Corporation - SAVRTPEL.) - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\WINDOWS\system32\Drivers\SYMTDI.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys



---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A90000000001}
O42 - Logiciel: EPLN3000 Paper Jam Guide - (.Unknown owner.) [HKLM] -- EPLN3000 Paper Jam Guide
O42 - Logiciel: EPLN3000 Reference Guide - (.Unknown owner.) [HKLM] -- EPLN3000 Reference Guide
O42 - Logiciel: EPSON Printer Software - (.Unknown owner.) [HKLM] -- EPSON Printer and Utilities
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: LiveUpdate 3.2 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate
O42 - Logiciel: Macromedia Extension Manager - (.Macromedia, Inc..) [HKLM] -- {5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
O42 - Logiciel: Macromedia Flash 8 - (.Macromedia.) [HKLM] -- {2BD5C305-1B27-4D41-B690-7A61172D2FEB}
O42 - Logiciel: Macromedia Flash 8 Video Encoder - (.Macromedia.) [HKLM] -- {8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM] -- {885A63EA-382B-4DD4-A755-14809B8557D6}
O42 - Logiciel: Macromedia Flash Player 8 Plugin - (.Macromedia.) [HKLM] -- {91057632-CA70-413C-B628-2D3CDBBB906B}
O42 - Logiciel: Microsoft Office Access MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Access Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0117-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE
O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Groove MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Groove Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0114-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0115-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Nero Suite - (.Unknown owner.) [HKLM] -- NeroMultiInstaller!UninstallKey
O42 - Logiciel: NetSupport School - (.NetSupport Ltd.) [HKLM] -- NetSupport School
O42 - Logiciel: PhotoFiltre - (.Unknown owner.) [HKLM] -- PhotoFiltre
O42 - Logiciel: PrimoPDF - (.Unknown owner.) [HKLM] -- {0100A64F-7650-4580-9717-12F26CFF23CB}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: ScanWizard 5 - (.Unknown owner.) [HKLM] -- {B08D262E-D902-11D5-9C28-0080C85A0C2D}
O42 - Logiciel: SuperCopier2 - (.Unknown owner.) [HKLM] -- SuperCopier2
O42 - Logiciel: Symantec AntiVirus - (.Symantec Corporation.) [HKLM] -- {AD8A1013-4E46-4E02-85C2-3168C3328432}
O42 - Logiciel: USB Disk Security 5.1.0.8 - (.zbshareware, Inc..) [HKLM] -- USB Disk Security_is1
O42 - Logiciel: VideoLAN VLC media player 0.8.5 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Classes]
[HKCU\Software\EPSON]
[HKCU\Software\Intel]
[HKCU\Software\Macromedia]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\PC Wizard]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\SEIKO EPSON]
[HKCU\Software\SFX TEAM]
[HKCU\Software\ScanWizard 5]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\java32]
[HKLM\Software\1e3d]
[HKLM\Software\781]
[HKLM\Software\AFPL Ghostscript]
[HKLM\Software\ActivePDF]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\EPSON]
[HKLM\Software\Gemplus]
[HKLM\Software\Intel]
[HKLM\Software\Kodak]
[HKLM\Software\Macromedia]
[HKLM\Software\Microtek]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Productive Computer Insight]
[HKLM\Software\Program Groups]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Symantec]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\java32]
[HKLM\Software\zbshareware]



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 19/09/2010 - 22:34:34 - [13945656] ----D- C:\Program Files\ActivePDF
O43 - CFD: 19/09/2010 - 22:35:22 - [236460886] ----D- C:\Program Files\Adobe
O43 - CFD: 25/10/2010 - 12:10:00 - [98605186] ----D- C:\Program Files\Ahead
O43 - CFD: 20/09/2010 - 04:04:22 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 11/11/2010 - 14:32:28 - [8911702] ----D- C:\Program Files\EPSON
O43 - CFD: 08/02/2011 - 13:56:10 - [645708483] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 14/02/2011 - 13:16:24 - [11111219] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 26/09/2010 - 10:02:06 - [60443] ----D- C:\Program Files\Intel
O43 - CFD: 20/09/2010 - 08:52:04 - [4383336] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 13/04/2008 - 18:34:04 - [231014] --H-D- C:\Program Files\java
O43 - CFD: 13/10/2010 - 09:38:34 - [193345211] ----D- C:\Program Files\Macromedia
O43 - CFD: 19/09/2010 - 23:49:38 - [2152579] ----D- C:\Program Files\Messenger
O43 - CFD: 20/09/2010 - 04:06:58 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 08/02/2011 - 13:56:18 - [648592700] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 19/09/2010 - 22:44:32 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 08/02/2011 - 13:56:28 - [3178824] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 14/02/2011 - 13:16:24 - [20026014] ----D- C:\Program Files\Microtek
O43 - CFD: 19/09/2010 - 23:35:02 - [10374874] ----D- C:\Program Files\Movie Maker
O43 - CFD: 08/02/2011 - 13:56:24 - [764] ----D- C:\Program Files\MSBuild
O43 - CFD: 19/09/2010 - 22:34:46 - [29794014] ----D- C:\Program Files\MSECache
O43 - CFD: 20/09/2010 - 04:03:36 - [19278399] ----D- C:\Program Files\MSN
O43 - CFD: 20/09/2010 - 04:04:04 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 20/09/2010 - 04:05:28 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 14/03/2011 - 10:14:26 - [40657618] ----D- C:\Program Files\NetSupport School
O43 - CFD: 20/09/2010 - 04:04:12 - [1804] ----D- C:\Program Files\Online Services
O43 - CFD: 20/09/2010 - 04:05:26 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 13/11/2010 - 11:47:26 - [3686291] ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 09/02/2011 - 08:45:28 - [3895554] ----D- C:\Program Files\PhotoFiltre 6.4.0 English
O43 - CFD: 19/09/2010 - 22:43:12 - [71386735] ----D- C:\Program Files\Realtek
O43 - CFD: 20/09/2010 - 04:05:52 - [1025] ----D- C:\Program Files\Services en ligne
O43 - CFD: 19/09/2010 - 22:34:20 - [1233769] ----D- C:\Program Files\SuperCopier2
O43 - CFD: 19/09/2010 - 22:37:06 - [16463185] ----D- C:\Program Files\Symantec
O43 - CFD: 13/04/2011 - 08:01:48 - [9740619] ----D- C:\Program Files\Symantec AntiVirus
O43 - CFD: 20/09/2010 - 04:45:26 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 03/02/2010 - 23:39:50 - [2828295] ----D- C:\Program Files\USB Disk Security
O43 - CFD: 19/09/2010 - 22:34:08 - [26936399] ----D- C:\Program Files\VideoLAN
O43 - CFD: 20/09/2010 - 04:06:48 - [3239277] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 20/09/2010 - 04:03:56 - [3940095] ----D- C:\Program Files\Windows NT
O43 - CFD: 20/09/2010 - 04:05:56 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 19/09/2010 - 22:34:00 - [2734556] ----D- C:\Program Files\WinRAR
O43 - CFD: 20/09/2010 - 04:06:58 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 13/04/2011 - 08:06:14 - [4716683] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 19/09/2010 - 22:35:32 - [4594718] ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 25/10/2010 - 12:09:42 - [24136127] ----D- C:\Program Files\Fichiers Communs\Ahead
O43 - CFD: 08/02/2011 - 13:56:10 - [92976] ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD: 11/11/2010 - 14:00:36 - [2351974] ----D- C:\Program Files\Fichiers Communs\EPSON
O43 - CFD: 14/02/2011 - 13:16:14 - [7532310] ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 13/10/2010 - 09:38:18 - [393340] ----D- C:\Program Files\Fichiers Communs\Macromedia
O43 - CFD: 08/02/2011 - 13:56:24 - [174281089] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 20/09/2010 - 04:05:24 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 25/10/2010 - 12:12:06 - [2229483] ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD: 20/09/2010 - 04:46:46 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 20/09/2010 - 04:05:28 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 20/09/2010 - 04:46:42 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 19/09/2010 - 22:37:22 - [384925247] ----D- C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD: 08/02/2011 - 13:53:48 - [41091724] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 07/10/2010 - 10:37:56 - [170017] ----D- C:\Documents and Settings\Administration\Application Data\Adobe
O43 - CFD: 18/11/2010 - 13:04:00 - [0] ----D- C:\Documents and Settings\Administration\Application Data\Help
O43 - CFD: 20/09/2010 - 04:45:26 - [0] ----D- C:\Documents and Settings\Administration\Application Data\Identities
O43 - CFD: 13/04/2008 - 18:34:04 - [231014] --H-D- C:\Documents and Settings\Administration\Application Data\java
O43 - CFD: 13/10/2010 - 09:40:10 - [1046] ----D- C:\Documents and Settings\Administration\Application Data\Macromedia
O43 - CFD: 12/03/2011 - 09:26:20 - [1513794] -S--D- C:\Documents and Settings\Administration\Application Data\Microsoft
O43 - CFD: 09/02/2011 - 08:45:28 - [730] ----D- C:\Documents and Settings\Administration\Application Data\PhotoFiltre
O43 - CFD: 14/03/2011 - 09:39:12 - [3604480] ----D- C:\Documents and Settings\Administration\Application Data\U3
O43 - CFD: 19/09/2010 - 22:34:24 - [340589] ----D- C:\Documents and Settings\Administration\Application Data\vlc
O43 - CFD: 28/10/2010 - 08:43:40 - [35724] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Adobe
O43 - CFD: 01/11/2010 - 13:43:52 - [1950597] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Ahead
O43 - CFD: 18/11/2010 - 13:04:00 - [0] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Help
O43 - CFD: 13/10/2010 - 09:40:06 - [5662467] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Macromedia
O43 - CFD: 12/03/2011 - 09:26:18 - [2841879] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Microsoft
O43 - CFD: 04/10/2010 - 14:47:46 - [0] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Microsoft Help
O43 - CFD: 19/09/2010 - 22:37:24 - [529845] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\Symantec
O43 - CFD: 04/01/2011 - 10:06:54 - [0] ----D- C:\Documents and Settings\Administration\Local Settings\Application Data\WMTools Downloaded Files



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.64EF1200F915817C00DCFD7F38F01200] - 13/04/2011 - 08:06:12 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1998449]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/04/2011 - 08:01:35 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.64EF1200F915817C00DCFD7F38F01200] - 13/04/2011 - 08:01:31 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.64EF1200F915817C00DCFD7F38F01200] - 13/04/2011 - 08:01:28 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 13/04/2011 - 08:01:22 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.F69052CE4D1205A32903FF8EDE9CF9B3] - 13/04/2011 - 08:01:14 ---A- . (...) -- C:\WINDOWS\System32\pcisys.ntk [8]
O44 - LFC:[MD5.64EF1200F915817C00DCFD7F38F01200] - 12/04/2011 - 16:51:44 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32538]
O44 - LFC:[MD5.4E3022FE9619EB1F3CC9BEC645EC79E4] - 12/04/2011 - 16:50:34 ---A- . (...) -- C:\WINDOWS\System32\pcimsg.err [707073]
O44 - LFC:[MD5.B18C8E4F9F4105506B5C8F790E2C3D50] - 12/04/2011 - 13:03:46 ---A- . (...) -- C:\WINDOWS\setupact.log [179561]
O44 - LFC:[MD5.D6FA53F05D42FF73E5D0369BC097831C] - 12/04/2011 - 13:03:46 ---A- . (...) -- C:\WINDOWS\setupapi.log [873775]
O44 - LFC:[MD5.A63DA2301E777EB767AE0BEC786EB423] - 11/04/2011 - 13:17:07 ---A- . (...) -- C:\WINDOWS\win.ini [634]
O44 - LFC:[MD5.FED6198F19C2DFF501E4D0C1BA304007] - 11/04/2011 - 08:07:24 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.B26A04D3EF8EF2DDEC1180F1F2EFCB40] - 19/03/2011 - 10:21:11 ---A- . (...) -- C:\WINDOWS\Ulead32.INI [35]



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Program Files\Microsoft Office\Office12\GROOVE.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NetSupport School\client32.exe" [Enabled] .(.NetSupport Ltd - NetSupport Client Application.) -- C:\Program Files\NetSupport School\client32.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NetSupport School\PCINSSUI.EXE" [Enabled] .(.NetSupport Ltd - NetSupport School Tutor.) -- C:\Program Files\NetSupport School\PCINSSUI.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NetSupport School\pcinsscd.exe" [Enabled] .(.NetSupport Ltd - NetSupport School Tutor.) -- C:\Program Files\NetSupport School\pcinsscd.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{10868ca6-1981-11e0-a3e4-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- F:\dwh.exe (.not file.)
O51 - MPSK:{15d204d8-6116-11e0-a43c-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- C:\WINDOWS\system32\.\RECYCLER\SEtUp.exe (.not file.)
O51 - MPSK:{15d204da-6116-11e0-a43c-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- F:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{21cb7160-1b0a-11e0-a3e8-002719cf86b6}\AutoRun\command. (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\Wscript.exe
O51 - MPSK:{2c11015a-602f-11e0-a439-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- F:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{44b56788-4952-11e0-a420-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- G:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{5edd9558-2d30-11e0-a3f1-002719cf86b6}\AutoRun\command. (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\Wscript.exe
O51 - MPSK:{7a6441ba-520a-11e0-a432-002719cf86b6}\AutoRun\command. (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\Wscript.exe
O51 - MPSK:{8a663944-4f9c-11e0-a42d-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- C:\WINDOWS\system32\moz.vbs" (.not file.)
O51 - MPSK:{8a663946-4f9c-11e0-a42d-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- F:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{a0b8483e-4e09-11e0-a427-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{a0b8483f-4e09-11e0-a427-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- H:\RECYCLER\S-51-9-25-3434476501-1644491933-601013362-1214\BSzBT.exe (.not file.)
O51 - MPSK:{a746d79c-60f1-11e0-a43b-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- C:\WINDOWS\system32\.\RECYCLER\SEtUp.exe (.not file.)
O51 - MPSK:{bdca44d2-4e1e-11e0-a428-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- C:\WINDOWS\system32\.\RECYCLER\SEtUp.exe (.not file.)
O51 - MPSK:{bdca44d4-4e1e-11e0-a428-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- G:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{c25af2cc-d7a6-11df-a399-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- F:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{ecb2f945-5064-11e0-a42e-002719cf86b6}\AutoRun\command. (.Unknown owner - No comment.) -- G:\veselka\pandurkovic.exe (.not file.)
O51 - MPSK:{f00c4730-4e33-11e0-a429-002719cf86b6}\AutoRun\command. (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\Wscript.exe



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Unknown owner - No comment.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableTaskMgr"=0



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=149
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=149



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] - 18/11/2009 - 07:16:00 ---A- . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\system32\drivers\Ambfilt.sys [1691480]
O58 - SDL:[MD5.275521A350A6F770FEA954D5B8B2D35B] - 27/03/2007 - 06:27:02 R--A- . (.Atheros Communications, Inc. - Driver for Atheros AR5001 Wireless Network Adapter.) -- C:\WINDOWS\system32\drivers\ar5211.sys [543712]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 03/10/2001 - 13:16:40 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 03/10/2001 - 13:16:40 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
O58 - SDL:[MD5.20F85FB40D2D6AAAE92CFAB5D98E89E1] - 30/06/2006 - 16:06:28 ---A- . (.NetSupport Ltd - PCI GDIHOOK5 Miniport Driver.) -- C:\WINDOWS\system32\drivers\gdihook5.sys [24633]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 08:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.C5DB546F9028CD00E64335091860D8F3] - 13/01/2010 - 12:18:36 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [1730272]
O58 - SDL:[MD5.C7D9F9717916B34C1B00DD4834AF485C] - 18/11/2009 - 07:17:00 ---A- . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\system32\drivers\Monfilt.sys [1395800]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 03/10/2001 - 13:16:40 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
O58 - SDL:[MD5.788F97DFC016DED8FE910E1F34E6462C] - 14/09/1998 - 08:41:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\Onsio.sys [285216]
O58 - SDL:[MD5.6F573DA0AB7E93704FD23956898AEA53] - 14/02/1997 - 13:10:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\Onsreged.sys [7680]
O58 - SDL:[MD5.328FA94459E3EC23BA45506421A3D5BE] - 30/06/2006 - 16:06:28 ---A- . (.NetSupport Ltd - PCISYS Driver.) -- C:\WINDOWS\system32\drivers\pcisys.sys [32823]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 03/10/2001 - 13:17:20 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 03/10/2001 - 13:16:40 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 03/10/2001 - 13:16:40 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
O58 - SDL:[MD5.C6D34A1874CD2B212DC3E788091C64B4] - 06/07/2010 - 10:13:10 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [234392]
O58 - SDL:[MD5.5707CEC38DB61B96079E6A14B4702446] - 03/09/2010 - 16:20:18 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [6139496]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 08:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.405EFA5A9748155AF1F90AA1A26B6503] - 01/08/1998 - 12:00:00 ---A- . (.OnSpec Electronic, Inc. - OnSpec SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\Smplscsi.sys [60928]
O58 - SDL:[MD5.A2ADED37CEE0DBE61EB63B9A71717B96] - 20/08/2008 - 15:49:38 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\WINDOWS\system32\drivers\symdns.sys [12680]
O58 - SDL:[MD5.C5EAFB6A8C73FB26B73EE613C1A5AEF6] - 19/09/2010 - 22:37:04 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS [123952]
O58 - SDL:[MD5.E831A68AAAB821800EA60271472701C6] - 20/08/2008 - 15:49:42 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\WINDOWS\system32\drivers\symfw.sys [99208]
O58 - SDL:[MD5.49A3583F21F6E76AE31DA745FAB77563] - 20/08/2008 - 15:49:52 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\WINDOWS\system32\drivers\symids.sys [31624]
O58 - SDL:[MD5.2B7224F4AD9C9B8C6025AF8934130652] - 20/08/2008 - 15:49:46 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\WINDOWS\system32\drivers\symndis.sys [28040]
O58 - SDL:[MD5.5F9055055DC4900F74FB690B61448BE4] - 20/08/2008 - 15:49:56 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\WINDOWS\system32\drivers\symredrv.sys [23944]
O58 - SDL:[MD5.5561A9D2D1B6529A95CBBFFAED7791C1] - 20/08/2008 - 15:50:02 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\WINDOWS\system32\drivers\symtdi.sys [188808]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 03/10/2001 - 13:16:40 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 03/10/2001 - 13:16:40 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 03/10/2001 - 13:16:18 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 03/10/2001 - 13:16:24 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 03/10/2001 - 13:16:46 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 03/10/2001 - 13:16:52 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/04/2008 - 08:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 03/10/2001 - 13:17:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 03/10/2001 - 13:17:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 03/10/2001 - 13:17:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 03/10/2001 - 13:17:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 03/10/2001 - 13:17:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 13/04/2008 - 08:49:52 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/04/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/04/2008 - 08:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/04/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/04/2008 - 08:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe - Symantec Event Manager (ccEvtMgr) .(.Symantec Corporation - Symantec Event Manager Service.) - LEGACY_CCEVTMGR
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe - Symantec Settings Manager (ccSetMgr) .(.Symantec Corporation - Symantec Settings Manager Service.) - LEGACY_CCSETMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS
O64 - Services: CurCS - C:\PROGRA~1\NETSUP~1\client32.exe - Client32 (Client32) .(.NetSupport Ltd - NetSupport Client Application.) - LEGACY_CLIENT32
O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP
O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - C:\Program Files\Symantec AntiVirus\DefWatch.exe - Symantec AntiVirus Definition Watcher (DefWatch) .(.Symantec Corporation - Virus Definition Daemon.) - LEGACY_DEFWATCH
O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys - Symantec Eraser Control driver (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL
O64 - Services: CurCS - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe - EpsonBidirectionalService (EpsonBidirectionalService) .(...) - LEGACY_EPSONBIDIRECTIONALSERVICE
O64 - Services: CurCS - (.not file.) - EraserUtilDrv10821 (EraserUtilDrv10821) .(...) - LEGACY_ERASERUTILDRV10821
O64 - Services: CurCS - (.not file.) - EraserUtilDrv11010 (EraserUtilDrv11010) .(...) - LEGACY_ERASERUTILDRV11010
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - EraserUtilRebootDrv (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD
O64 - Services: CurCS - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe - LiveUpdate (LiveUpdate) .(.Symantec Corporation - LiveUpdate Engine COM Module.) - LEGACY_LIVEUPDATE
O64 - Services: CurCS - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp (.not file.) - mchInjDrv (mchInjDrv) .(...) - LEGACY_MCHINJDRV
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP
O64 - Services: CurCS - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100919.003\naveng.sys - NAVENG (NAVENG) .(.Symantec Corporation - AV Engine.) - LEGACY_NAVENG
O64 - Services: CurCS - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100919.003\navex15.sys - NAVEX15 (NAVEX15) .(.Symantec Corporation - AV Engine.) - LEGACY_NAVEX15
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PCISYS.sys - (.not file.) - PCISys (PCISys) .(...) - LEGACY_PCISYS
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP
O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS
O64 - Services: CurCS - C:\Program Files\Symantec AntiVirus\savrt.sys - SAVRT (SAVRT) .(.Symantec Corporation - AutoProtect.) - LEGACY_SAVRT
O64 - Services: CurCS - C:\Program File
A voir également:

5 réponses

Réponse 1 / 5
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 327
Modifié par Smart91 le 21/04/2011 à 12:06
Bonjour,

ZHPDiag n'est pas à jour.
Relance ZHPDiag clique sur la flèche verte pour faire la mise à jour, refais un scan et poste le rapport via le site http:\\cijoint.fr

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 2 / 5
kawther84 Messages postés 321 Date d'inscription vendredi 8 décembre 2006 Statut Membre Dernière intervention 24 mars 2022 1
21 avril 2011 à 12:07
le problème c'est que l'ordinateur n'est plus connecté à Internet.
0
Réponse 3 / 5
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 327
Modifié par Smart91 le 21/04/2011 à 13:04
On va faire autrement.

Je suppose que tu as un PC sain qui a une connexion Internet puisque tu réponds sur le forum.

On va utiliser ce PC sain pour envoyer les rapports. Mais tout d'abord on va
vacciner ton PC et la clé USB que tu vas utiliser pour le transfert.

Sur le PC sain fais ceci:

- Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore la et désactive l'antivirus temporairement.
- Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
- Double clique sur le raccourci UsbFix présent sur ton bureau .
- Clique sur "Vacciner"
- Ensuite poste le rapport UsbFix.txt qui apparaîtra

Ensuite branche la clé USB sur le PC infecté zt copie le rappoert ZHPDioag qui se trouve ici ==> C:\Program Files\ZHPDiag\ZHPDiag.txt
Tu branches ensuite cette clé sur le PC sain et tu postes le rapport via cijoint.frc

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
kawther84 Messages postés 321 Date d'inscription vendredi 8 décembre 2006 Statut Membre Dernière intervention 24 mars 2022 1
21 avril 2011 à 13:17
quand j'ai cliqué sur vacciner, je n'est pas eu de rapport. il a eu création de fichiers autorun sur C:/ et E:/
0
Réponse 4 / 5
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 327
21 avril 2011 à 13:10
Laisse de côté pour le moment ce que je viens de dire tu vas faire ceci

- Ferme toutes tes applications en cours
- Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)
Si tu ne l'as pas, télécharge le depuis ce lien: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
Copie/colle les lignes en gras suivantes :

----------------------------------------------------------
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
----------------------------------------------------------
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour le lancer le nettoyage
- Copie/colle la totalité du rapport dans ta prochaine réponse

Ensuit dis moi si tu peux te connecter à Internet

Smart
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 327
Modifié par Smart91 le 21/04/2011 à 13:24
quand j'ai cliqué sur vacciner, je n'est pas eu de rapport. il a eu création de fichiers autorun sur C:/ et E:/

C'est bon

Mais entre temps j'ai mis une autre procédure pour avoir accés à Internet, fais celle-ci en priorité
Désolé pour le contre-temps

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0

Discussions similaires

j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses
Comment taper l'arobase sur un pc hp ?
kadem -
Tatopoulosse -

5 réponses