Bonjour

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

Ewido
http://www.ewido.net/en/download/
Tu l'installes.
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).
Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Lance le nettoyage avec CCleaner.

4 Lance Ewido.
Clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan.
A la fin du scan, choisis l'option " Apply All Actions " en bas. Puis, Yes pour mettre en quarantaine.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.

5 Redémarre normalement et poste le rapport d'Ewido avec le nouveau log HijackThis

Voila enfin le log tant attendu, je ment suit sorti, mais je ne sait pas comment.

Logfile of HijackThis v1.99.1
Scan saved at 23:40:55, on 12/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x [...] vebvS6D0M=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Splidsceinri - Unknown owner - (no file)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


Et voila celui D'ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:14:21 12/07/2006

+ Scan result:



C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2709368698-4016005554-2756799154-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2709368698-4016005554-2756799154-1005\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2709368698-4016005554-2756799154-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Merci encore et j'attend de vos nouvelle avec impatience a plus.

:-P

Voila Voila, les rapports sont servit bien chaud.

Rapport fait à 0:12:58,39 le 13/07/2006

Le volume dans le lecteur D s'appelle VAIO
Le num‚ro de s‚rie du volume est 2CAF-8D61

R‚pertoire de D:\Anti Virus

Le volume dans le lecteur D s'appelle VAIO
Le num‚ro de s‚rie du volume est 2CAF-8D61

R‚pertoire de D:\Contenu

Le volume dans le lecteur D s'appelle VAIO
Le num‚ro de s‚rie du volume est 2CAF-8D61

R‚pertoire de D:\VAIO Entertainment

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur D s'appelle VAIO
Le num‚ro de s‚rie du volume est 2CAF-8D61

R‚pertoire de D:\

01/07/2006 15:35 <REP> Anti Virus
24/02/2005 13:31 <REP> RECYCLER
23/02/2005 20:45 <REP> Contenu
23/02/2005 19:03 <REP> VAIO Entertainment
23/02/2005 18:58 <REP> System Volume Information
0 fichier(s) 0 octets
5 R‚p(s) 42ÿ351ÿ833ÿ088 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************

Et la suite...

SmitFraudFix v2.70

Rapport fait à 0:21:17,14, 13/07/2006
Executé à partir de C:\Documents and Settings\vallas philippe\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\vallas philippe\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VALLAS~1\Favoris

C:\DOCUME~1\VALLAS~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://images.google.fr/images?q=tbn:nlTeV_Vbq9kJ:funweb.epfl.ch/site2004/helene2/snowboard%2520cascades%25202.jpg"
"SubscribedURL"="http://images.google.fr/images?q=tbn:nlTeV_Vbq9kJ:funweb.epfl.ch/site2004/helene2/snowboard%2520cascades%25202.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a plus tard et encore merci

Bonjour, voila les nouveaux rapports.

Logfile of HijackThis v1.99.1
Scan saved at 22:50:25, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Splidsceinri - Unknown owner - (no file)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

La suite,

SmitFraudFix v2.70

Rapport fait à 22:46:58,37, 13/07/2006
Executé à partir de C:\Documents and Settings\vallas philippe\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ot.ico supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

merci... :-P

Ok, sur mon PC il y a ewido anti spyware et kaspersky les deux peuvent t'il ralentir la machine car sa rame a mort.

Sinon au niveau de l'affichage et internet sa fonctionne pour le moment.

Tient un truc étrange alors que je tape mon texte et que je fait pré visualiser le mot Internet et en surbrillance et lorsque que je présente le curseur déçu il affiche une pub HP pour l'achat de matériel informatique sur un petit carré.

Il mais énormément de temps a s'allumer. Je comprend pas pourquoi. Avant il allais plus vite.


Que faire.

Je ne trouve pas de dossier symantec shared mais uniquement symantec a l'endroit specifier par contre le temps que je tape ce texte une page system doctor 2006 vient de s'ouvrir tu pense quond vat en sortir un jour.

Le dossier symantec contient plein de chose.
Alors je jette l'ensemble ou je garde.
Merci

Hey, Easycleaner n'arrive pas a supprimer les fichiers inutile, un totale de 4065F tous sous Kaspersky. Sa fait planter le programme qui ne repond plus. Et j'ai bien desactiver les antivirus.

Par contre dans C: Program files : il y a un dossier win anti virus pro, je ne devrait pas le jeter par hasard.

Bonjour

Regarde dans Ajout/Suppression de programme si tu as

win anti virus pro
starware

Désinstalle les.

Supprime les deux dossiers

C:\Program Files\win anti virus pro
C:\Program Files\starware

Ensuite

Télécharge Silent Runners
http://www.silentrunners.org/Silent%20Runners.zip

Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.

Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci

C'est bizarre avec mon autre portable j'instale sillent runner pas de probleme je retrouve bien la rapport.

J'installe Ccleaner il fonctionne a merveille.
Je me demande quand meme si mon autre portable ne devrais pas etre formater.

Bonsoir

Rien dans HijackThis, SmitfraudFix et Lopxp.

Silent Runners liste certains fichiers.
Fais le scan et poste le rapport.

A la place de Slent Runners, fais ceci.

Télécharge WinPFind
http://www.bleepingcomputer.com/fi [...] nPFind.zip
dezippe le et lance winpfind.exe
clic sur Start Scan et soit patient ca peut durer une demi heure
Poste le rapport

Bonjour je te post ce nouveaux rapport, mais avec l'ensemble des options cochées sur Winpfind.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 12/07/2006 23:17:00 218112 C:\Program Files\HijackThis.exe

Checking %WinDir% folder...
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
UPX! 01/07/2006 15:14:38 176709 C:\WINDOWS\tsc.exe
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
UPX! 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll
aspack 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 05/08/2004 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 07/07/2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/08/2004 14:00:00 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 05/08/2004 14:00:00 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 13/07/2006 00:20:14 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 13/07/2006 00:20:14 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 13/07/2006 00:20:14 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 05/08/2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
15/07/2006 17:01:20 S 2048 C:\WINDOWS\bootstat.dat
25/06/2006 10:41:10 H 12908 C:\WINDOWS\Help\SBSI\Training\LSINGLE.GID
01/07/2006 15:01:10 HS 595105 C:\WINDOWS\system32\gjjlm.bak1
14/07/2006 20:30:26 HS 663027 C:\WINDOWS\system32\gjjlm.bak2
01/07/2006 16:01:46 HS 596256 C:\WINDOWS\system32\gjjlm.ini
14/07/2006 23:53:32 HS 596418 C:\WINDOWS\system32\gjjlm.ini2
01/07/2006 15:58:36 HS 596205 C:\WINDOWS\system32\gjjlm.tmp
24/06/2006 22:00:26 HS 5632 C:\WINDOWS\system32\Thumbs.db
22/06/2006 13:18:14 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
19/05/2006 17:53:42 S 16203 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat
29/05/2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 09:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
01/06/2006 22:28:42 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
15/07/2006 21:14:10 H 1024 C:\WINDOWS\system32\config\default.LOG
15/07/2006 17:01:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
16/07/2006 00:01:46 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16/07/2006 02:39:52 H 1024 C:\WINDOWS\system32\config\software.LOG
16/07/2006 02:32:22 H 1024 C:\WINDOWS\system32\config\system.LOG
16/07/2006 01:48:26 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
16/07/2006 02:27:18 HS 8479776 C:\WINDOWS\system32\drivers\fidbox.dat
15/07/2006 00:17:58 HS 115280 C:\WINDOWS\system32\drivers\fidbox.idx
16/07/2006 02:32:10 HS 177184 C:\WINDOWS\system32\drivers\fidbox2.dat
15/07/2006 00:17:58 HS 18536 C:\WINDOWS\system32\drivers\fidbox2.idx
29/06/2006 23:52:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\154b23d8-37b1-410a-bcab-af3a8eab5fbd
29/06/2006 23:52:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
21/05/2006 21:47:50 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\90277b72-01ab-4027-86b9-592a27d4b577
21/05/2006 21:47:50 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
16/07/2006 01:48:16 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
15/07/2006 17:01:32 H 6 C:\WINDOWS\Tasks\SA.DAT
14/07/2006 20:08:14 HS 113 C:\WINDOWS\Temp\Historique\History.IE5\desktop.ini
14/07/2006 20:08:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
14/07/2006 20:08:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5SH3O1AY\desktop.ini
14/07/2006 20:08:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\P0EG0AUJ\desktop.ini
14/07/2006 20:08:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PYVX5AUP\desktop.ini
14/07/2006 20:08:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RBJ6OIEG\desktop.ini

Checking for CPL files...
Microsoft Corporation 05/08/2004 14:00:00 71680 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 30/09/2004 04:02:22 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 05/08/2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 05/08/2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 05/08/2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 05/08/2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 08/10/2004 01:29:16 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 05/08/2004 14:00:00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 22/11/2004 11:55:08 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 05/08/2004 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 05/08/2004 14:00:00 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 05/08/2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 05/08/2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 05/08/2004 14:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 05/08/2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 05/08/2004 14:00:00 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 28/03/2005 21:09:20 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 05/08/2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 05/08/2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 08/10/2004 19:00:28 86016 C:\WINDOWS\SYSTEM32\VCCenter.cpl
Microsoft Corporation 05/08/2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Socket Communications Inc. 03/08/2003 17:05:14 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
20/06/2005 21:47:04 1958 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
01/07/2006 01:29:48 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\desktop.ini
23/02/2005 20:25:26 1636 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\VAIO Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\vallas philippe\Application Data\desktop.ini
16/07/2006 01:37:58 1988 C:\Documents and Settings\vallas philippe\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
Wanadoo 6.2 = IEAKFT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A4113FE-0A12-4400-8DCA-B92F087C0A38}
= C:\WINDOWS\system32\mljjg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Console Java (Sun) : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
ButtonText = Antivirus Internet :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messager Wanadoo : C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Bande de recherche = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{74CC49F7-EB32-4A08-B204-948962A6E3DB} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint\Apoint.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Mouse Suite 98 Daemon ICO.EXE
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SonyPowerCfg C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe
VAIO Update 2 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
PDService.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Easy-PrintToolBox C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
kav "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
SpywareBot C:\Program Files\SpywareBot\SpywareBot.exe -boot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon
= C:\WINDOWS\system32\klogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjg
= C:\WINDOWS\system32\mljjg.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon
= VESWinlogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32
= wineak32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port
Driver C:\WINDOWS\system32\AdobePDF.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port\Ports

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
Driver cnbjmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
Driver cnbjmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
Driver localspl.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
Driver pjlmon.dll
EOJTimeout 60000


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
Driver tcpmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
StatusUpdateInterval 10
StatusUpdateEnabled 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
Driver usbmon.dll



<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
"%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!


<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
10/05/2006 07:24:36 16384 C:\WINDOWS\SYSTEM32\jsproxy.dll found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
11/05/2006 10:57:36 26624 C:\WINDOWS\SYSTEM32\xpsp3res.dll found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All User\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!

<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center found!
FirstRunDisabled 1
AntiVirusDisableNotify 0
FirewallDisableNotify 0
UpdatesDisableNotify 0
AntiVirusOverride 0
FirewallOverride 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
DisableMonitoring 1

DisableMonitoring 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
EnableDCOM Y

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat\ActivationSecurityCheckExemptionList
{A50398B8-9075-4FBF-A7A1-456BF21937AD} 1
{AD65A69D-3831-40D7-9629-9B0B50A93843} 1
{0040D221-54A1-11D1-9DE0-006097042D69} 1
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} 1

Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
autodisconnect 15
enableforcedlogoff 1
enablesecuritysignature 0
requiresecuritysignature 0
Lmannounce 0
Size 1
Guid ù¯…¹‹
—A¢à\&Óõ0¿
AdjustedNullSessionPipes 1
CachedOpenLimit 0
srvcomment vallas philippe
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
enableplaintextpassword 0
enablesecuritysignature 1
requiresecuritysignature 0

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00022613-0000-0000-C000-000000000046} Feuille de propriétés du fichier multimédia
{176d6597-26d3-11d1-b350-080036a75b03} Gestion de scanneur ICM
{1F2E5C40-9550-11CE-99D2-00AA006E086C} Page de sécurité NTFS
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} Page des propriétés de OLE DocFile
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Extensions de l'environnement pour le partage
{41E300E0-78B6-11ce-849B-444553540000} PlusPack CPL Extension
{42071712-76d4-11d1-8b24-00a0c9068ff3} Extension Affichage Carte du Panneau de configuration
{42071713-76d4-11d1-8b24-00a0c9068ff3} Extension Affichage Écran du Panneau de configuration
{42071714-76d4-11d1-8b24-00a0c9068ff3} Extension Affichage Panorama du Panneau de configuration
{4E40F770-369C-11d0-8922-00A024AB2DBB} Page de sécurité DS
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Page de compatibilité
{56117100-C0CD-101B-81E2-00AA004AE837} Gestionnaire de données endommagées de l'environnement
{59099400-57FF-11CE-BD94-0020AF85B590} Extension copie de disquette
{59be4990-f85c-11ce-aff7-00aa003ca9f6} Extensions de l'environnement pour les objets réseau de Microsoft Windows
{5DB2625A-54DF-11D0-B6C4-0800091AA605} Gestion d'écran ICM
{675F097E-4C4D-11D0-B6C1-0800091AA605} Gestion d'imprimante ICM
{764BF0E1-F219-11ce-972D-00AA00A14F56} Extensions de l'environnement de compression de fichiers
{77597368-7b15-11d0-a0c2-080036af3f03} Extension de l'environnement d'imprimante Web
{7988B573-EC89-11cf-9C00-00AA00A14F56} Disk Quota UI
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Menu contextuel de cryptage
{85BBD920-42A0-1069-A2E4-08002B30309D} Porte-documents
{88895560-9AA2-1069-930E-00AA0030EBC8} Extension icône HyperTerminal
{BD84B380-8CA2-1069-AB1D-08000948F534} Fonts
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} Profil ICC
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} Page de sécurité des imprimantes
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Extensions de l'environnement pour le partage
{f92e8c40-3d33-11d2-b1aa-080036a75b03} Display TroubleShoot CPL Extension
{7444C717-39BF-11D1-8CD9-00C04FC29D45} Extension de cryptographie PKO
{7444C719-39BF-11D1-8CD9-00C04FC29D45} Extension de cryptographie Sign
{7007ACC7-3202-11D1-AAD2-00805FC1270E} Connexions réseau
{992CFFA0-F557-101A-88EC-00DD010CCC48} Connexions réseau
{A70C977A-BF00-412C-90B7-034C51DA2439} NvCpl DesktopContext Class
{FFB699E0-306A-11d3-8BD1-00104B6F7516} Play on my TV helper
{E211B736-43FD-11D1-9EFB-0000F8757FCD} &Scanneurs et appareils photo
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} &Scanneurs et appareils photo
{905667aa-acd6-11d2-8080-00805f6596d2} &Scanneurs et appareils photo
{3F953603-1008-4f6e-A73A-04AAC7A992F1} &Scanneurs et appareils photo
{83bbcbf3-b28a-4919-a5aa-73027445d672} &Scanneurs et appareils photo
{F0152790-D56E-4445-850E-4F3117DB740C} Remote Sessions CPL Extension
{60254CA5-953B-11CF-8C96-00AA00B8708C} Extensions de l'interpréteur de commandes pour l'environnement d'exécution de scripts Windows
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} Liaison de données Microsoft
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} Tasks Folder Icon Handler
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} Tasks Folder Shell Extension
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Tâches planifiées
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} Set Program Access and Defaults
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Auto Update Property Sheet Extension
{0DF44EAA-FF21-4412-828E-260A8728E7F1} Barre des tâches et menu Démarrer
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} Rechercher
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} Aide et support
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} Aide et support
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} Exécuter...
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} Internet
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} Courrier électronique
{D20EA4E1-3957-11d2-A40B-0C5020524152} Polices
{D20EA4E1-3957-11d2-A40B-0C5020524153} Outils d'administration
{596AB062-B4D2-4215-9F74-E9109B0A8153} Page de propriétés des versions précédentes
{9DB7A13C-F208-4981-8353-73CC61AE2783} Versions précédentes
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} Audio Media Properties Handler
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} Video Media Properties Handler
{E4B29F9D-D390-480b-92FD-7DDB47101D71} Wav Properties Handler
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} Avi Properties Handler
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} Midi Properties Handler
{c5a40261-cd64-4ccf-84cb-c394da41d590} Video Thumbnail Extractor
{5E6AB780-7743-11CF-A12B-00AA004AE837} Barre d'outils Internet Microsoft
{22BF0C20-6DA7-11D0-B373-00A0C9034938} État du téléchargement
{91EA3F8B-C99B-11d0-9815-00C04FD91972} Dossier Bureau étendu
{6413BA2C-B461-11d1-A18A-080036B11A03} Dossier du shell augmenté
{F61FFEC1-754F-11d0-80CA-00AA005B4383} BandProxy
{7BA4C742-9E81-11CF-99D3-00AA004AE837} Bande du navigateur Microsoft
{30D02401-6A81-11d0-8274-00C04FD5AE38} Bande de recherche
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} Volet intégré de recherche
{07798131-AF23-11d1-9111-00A0C98BA67D} Recherche Web
{AF4F6510-F982-11d0-8595-00AA004CD6D8} Utilitaire des options de l'arborescence du Registre
{01E04581-4EEE-11d0-BFE9-00AA005B4383} &Adresse
{A08C11D2-A228-11d0-825B-00AA005B4383} Boîte d'entrée de l'adresse
{00BB2763-6A77-11D0-A535-00C04FD7D062} Saisie semi-automatique Microsoft
{7376D660-C583-11d0-A3A5-00C04FD706EC} TridentImageExtractor
{6756A641-DE71-11d0-831B-00AA005B4383} Liste de saisie semi-automatique MRU
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} Liste de saisie semi-automatique personnalisée MRU
{7e653215-fa25-46bd-a339-34a2790f3cb7} Accessible
{acf35015-526e-4230-9596-becbe19f0ac9} Barre de progrès auto-ouvrante
{00BB2764-6A77-11D0-A535-00C04FD7D062} Liste de saisie semi-automatique de l'historique Microsoft
{03C036F1-A186-11D0-824A-00AA005B4383} Liste de saisie semi-automatique du dossier Shell Microsoft
{00BB2765-6A77-11D0-A535-00C04FD7D062} Conteneur de la liste de saisie semi-automatique multiple Microsoft
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} Menu Site de bandes
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} Shell DeskBarApp
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} Barre du Bureau
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} Shell Rebar BandSite
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} Assistance utilisateur
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} Paramètres du dossier global
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} Favorites Band
{0A89A860-D7B1-11CE-8350-444553540000} Shell Automation Inproc Service
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} Shell DocObject Viewer
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} Microsoft Browser Architecture
{FBF23B40-E3F0-101B-8488-00AA003E56F8} InternetShortcut
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} Microsoft Url History Service
{FF393560-C2A7-11CF-BFF4-444553540000} Historique
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Microsoft Url Search Hook
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} Image de démarrage de la Suite IE4
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} CDF Extension Copy Hook
{131A6951-7F78-11D0-A979-00C04FD705A2} ISFBand OC
{9461b922-3c5a-11d2-bf8b-00c04fb93661} Search Assistant OC
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} Internet
{871C5380-42A0-1069-A2EA-08002B30309D} Internet Name Space
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} Explorer Band
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{88C6C381-2E85-11D0-94DE-444553540000} Dossier ActiveX Cache
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} Subscription Mgr
{F5175861-2688-11d0-9C5E-00AA00A45957} Dossier Inscription
{08165EA0-E946-11CF-9C87-00AA005127ED} WebCheckWebCrawler
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} WebCheckChannelAgent
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} TrayAgent
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} Code Download Agent
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} ConnectionAgent
{D8BD2030-6FC9-11D0-864F-00AA006809D9} PostAgent
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} WebCheck SyncMgr Handler
{352EC2B7-8B9A-11D1-B8AE-006008059382} Gestionnaire d'applications d'environnement
{0B124F8F-91F0-11D1-B8B5-006008059382} Énumérateur d'applications installées
{CFCCC7A0-A282-11D1-9082-006008059382} Publication d'application Darwin
{e84fda7c-1d6a-45f6-b725-cb260c236066} Shell Image Verbs
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} Shell Image Data Factory
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Autoplay for SlideShow
{3F30C968-480A-4C6C-862D-EFC0897BB84B} Extracteur de miniatures de fichier + GDI
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} Gestionnaire de miniatures - Informations de résumé (DOCFILES)
{EAB841A0-9550-11cf-8C16-00805F1408F3} Extracteur de miniatures HTML
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} Shell Image Property Handler
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} Assistant Publication de sites Web
{add36aa8-751a-4579-a266-d66f5202ccbb} Commande d'impressions via le Web
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} Objet Assistant de publication Shell
{58f1f272-9240-4f51-b6d4-fd63d1618591} Assistant Obtenir une identité Passport
{7A9D77BD-5403-11d2-8785-2E0420524153} Comptes d'utilisateurs
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} Dossier compressé
{BD472F60-27FA-11cf-B8B4-444553540000} Compressed (zipped) Folder Right Drag Handler
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} Compressed (zipped) Folder SendTo Target
{f39a0dc0-9cc8-11d0-a599-00c04fd64433} Fichier de chaîne
{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} Raccourci de chaîne
{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} Channel Handler Object
{f3da0dc0-9cc8-11d0-a599-00c04fd64437} Channel Menu
{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} Channel Properties
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} Extensions Manager Folder
{63da6ec0-2e98-11cf-8d82-444553540000} FTP Folders Webview
{883373C3-BF89-11D1-BE35-080036B11A03} Microsoft DocProp Shell Ext
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} Microsoft DocProp Inplace Edit Box Control
{8EE97210-FD1F-4B19-91DA-67914005F020} Microsoft DocProp Inplace ML Edit Box Control
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} Microsoft DocProp Inplace Droplist Combo Control
{6A205B57-2567-4A2C-B881-F787FAB579A3} Microsoft DocProp Inplace Calendar Control
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} Microsoft DocProp Inplace Time Control
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} Directory Query UI
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} Shell properties for a DS object
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} Directory Object Find
{F020E586-5264-11d1-A532-0000F8757D7E} Directory Start/Search Find
{0D45D530-764B-11d0-A1CA-00AA00C16E65} Directory Property UI
{62AE1F9A-126A-11D0-A14B-0800361B1103} Directory Context Menu Verbs
{ECF03A33-103D-11d2-854D-006008059367} MyDocs Copy Hook
{ECF03A32-103D-11d2-854D-006008059367} MyDocs Drop Target
{4a7ded0a-ad25-11d0-98a8-0800361b1103} MyDocs Properties
{750fdf0e-2a26-11d1-a3ea-080036587f03} Offline Files Menu
{10CFC467-4392-11d2-8DB4-00C04FA31A66} Offline Files Folder Options
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Dossier Fichiers hors connexion
{143A62C8-C33B-11D1-84FE-00C04FA34A14} Microsoft Agent Character Property Sheet Handler
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} DfsShell
{60fd46de-f830-4894-a628-6fa81bc0190d} %DESC_PublishDropTarget%
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} MMC Icon Handler
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} .CAB file viewer
{32714800-2E5F-11d0-8B85-00AA0044F941} Des &personnes...
{8DD448E6-C188-4aed-AF92-44956194EB1F} Windows Media Player Play as Playlist Context Menu Handler
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} Windows Media Player Burn Audio CD Context Menu Handler
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} Windows Media Player Add to Playlist Context Menu Handler
{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
{cc86590a-b60a-48e6-996b-41d25ed39a1e} Portable Media Devices Menu
{ED58A35B-B554-42AF-A26C-6F3D424200D3} Sony Power Management Extensiond
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} SafeGuard® PrivateDisk extension
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} RecordNow! SendToExt
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} Adobe.Acrobat.ContextMenu
{21569614-B795-46b1-85F4-E737A8DC09AD} Shell Search Band
{e57ce731-33e8-4c51-8354-bb4de9d215d1} Périphériques Plug and Play universels
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} iTunes
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} Antivirus Internet


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{750FDF0E-2A26-11D1-A3EA-080036587F03} {000214E8-0000-0000-C000-000000000046} 0x401 1
{1e9b04fb-f9e5-4718-997b-b8da88302a47} {000214e8-0000-0000-c000-000000000046} 0x401 1
{1e9b04fb-f9e5-4718-997b-b8da88302a48} {000214e8-0000-0000-c000-000000000046} 0x401 1
{1cdb2949-8f65-4355-8456-263e7c208a5d} {000214e6-0000-0000-c000-000000000046} 0x401 1
{A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401 1


Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
File C:\WINDOWS\wkssvc.exe was not found!

<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
{438755C2-A8BA-11D1-B96B-00A0C90312E1} Pré-chargeur Browseui
{8C7461EF-2B13-11d2-BE35-3078302C2030} Démon de cache des catégories de composant


<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
05/08/2004 14:00:00 11264 C:\WINDOWS\SYSTEM32\atmadm.exe found!
05/08/2004 14:00:00 11264 C:\WINDOWS\SYSTEM32\attrib.exe found!
05/08/2004 14:00:00 11264 C:\WINDOWS\SYSTEM32\autolfn.exe found!
05/08/2004 14:00:00 11264 C:\WINDOWS\SYSTEM32\chkntfs.exe found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All User\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
System
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoBandCustomize;;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer found!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize not found!
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion;Disabled;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\\Disabled not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar;;
HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\SearchToolbar;;
HKEY_CURRENT_USER\Software\SearchToolbar not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser;{08BEC6AA-49FC-4379-3587-4B21E286C19E};;
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser found!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} not found!

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 16/07/2006 02:41:09

Voila a plus tard...

Ok jait fait tout ce que tu ma demander, mais pour Vundo il n'y a pas de rapport car pas d'infection.

en tout cas j'ai toujours des lenteurs


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 12/07/2006 23:17:00 218112 C:\Program Files\HijackThis.exe

Checking %WinDir% folder...
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
UPX! 01/07/2006 15:14:38 176709 C:\WINDOWS\tsc.exe
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
UPX! 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll
aspack 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 05/08/2004 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 07/07/2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/08/2004 14:00:00 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 05/08/2004 14:00:00 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 13/07/2006 00:20:14 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 13/07/2006 00:20:14 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 13/07/2006 00:20:14 40960 C:\WINDOWS\SYSTEM32\swsc.exe
UPX! 16/07/2006 13:06:00 77312 C:\WINDOWS\SYSTEM32\VundoFix.exe
winsync 05/08/2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
15/07/2006 17:01:20 S 2048 C:\WINDOWS\bootstat.dat
25/06/2006 10:41:10 H 12908 C:\WINDOWS\Help\SBSI\Training\LSINGLE.GID
01/07/2006 15:01:10 HS 595105 C:\WINDOWS\system32\gjjlm.bak1
14/07/2006 20:30:26 HS 663027 C:\WINDOWS\system32\gjjlm.bak2
01/07/2006 16:01:46 HS 596256 C:\WINDOWS\system32\gjjlm.ini
14/07/2006 23:53:32 HS 596418 C:\WINDOWS\system32\gjjlm.ini2
01/07/2006 15:58:36 HS 596205 C:\WINDOWS\system32\gjjlm.tmp
24/06/2006 22:00:26 HS 5632 C:\WINDOWS\system32\Thumbs.db
22/06/2006 13:18:14 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
19/05/2006 17:53:42 S 16203 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat
29/05/2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 09:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
01/06/2006 22:28:42 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
16/07/2006 03:08:30 H 1024 C:\WINDOWS\system32\config\default.LOG
15/07/2006 17:01:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
16/07/2006 12:19:54 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16/07/2006 13:22:14 H 1024 C:\WINDOWS\system32\config\software.LOG
16/07/2006 13:06:24 H 1024 C:\WINDOWS\system32\config\system.LOG
16/07/2006 01:48:26 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
16/07/2006 13:18:30 HS 8537120 C:\WINDOWS\system32\drivers\fidbox.dat
15/07/2006 00:17:58 HS 115280 C:\WINDOWS\system32\drivers\fidbox.idx
16/07/2006 13:04:36 HS 179232 C:\WINDOWS\system32\drivers\fidbox2.dat
15/07/2006 00:17:58 HS 18536 C:\WINDOWS\system32\drivers\fidbox2.idx
29/06/2006 23:52:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\154b23d8-37b1-410a-bcab-af3a8eab5fbd
29/06/2006 23:52:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
21/05/2006 21:47:50 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\90277b72-01ab-4027-86b9-592a27d4b577
21/05/2006 21:47:50 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
16/07/2006 01:48:16 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
15/07/2006 17:01:32 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 05/08/2004 14:00:00 71680 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 30/09/2004 04:02:22 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 05/08/2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 05/08/2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 05/08/2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 05/08/2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 08/10/2004 01:29:16 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 05/08/2004 14:00:00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 22/11/2004 11:55:08 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 05/08/2004 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 05/08/2004 14:00:00 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 05/08/2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 05/08/2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 05/08/2004 14:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 05/08/2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 05/08/2004 14:00:00 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 28/03/2005 21:09:20 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 05/08/2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 05/08/2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 08/10/2004 19:00:28 86016 C:\WINDOWS\SYSTEM32\VCCenter.cpl
Microsoft Corporation 05/08/2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Socket Communications Inc. 03/08/2003 17:05:14 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
20/06/2005 21:47:04 1958 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
01/07/2006 01:29:48 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\desktop.ini
23/02/2005 20:25:26 1636 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\VAIO Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\vallas philippe\Application Data\desktop.ini
16/07/2006 01:37:58 1988 C:\Documents and Settings\vallas philippe\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
Wanadoo 6.2 = IEAKFT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A4113FE-0A12-4400-8DCA-B92F087C0A38}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Console Java (Sun) : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
ButtonText = Antivirus Internet :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messager Wanadoo : C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Bande de recherche = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{74CC49F7-EB32-4A08-B204-948962A6E3DB} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint\Apoint.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Mouse Suite 98 Daemon ICO.EXE
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SonyPowerCfg C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe
VAIO Update 2 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
PDService.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Easy-PrintToolBox C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
kav "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon
= C:\WINDOWS\system32\klogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjg
= C:\WINDOWS\system32\mljjg.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon
= VESWinlogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32
= wineak32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 16/07/2006 13:25:09

Merci. :-P

Ok jait fait tout ce que tu ma demander, mais pour Vundo il n'y a pas de rapport car pas d'infection.

en tout cas j'ai toujours des lenteurs


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 12/07/2006 23:17:00 218112 C:\Program Files\HijackThis.exe

Checking %WinDir% folder...
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\LPT$VPN.545
UPX! 01/07/2006 15:14:38 176709 C:\WINDOWS\tsc.exe
PECompact2 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
qoologic 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
SAHAgent 01/07/2006 15:14:38 20153673 C:\WINDOWS\VPTNFILE.545
UPX! 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll
aspack 01/07/2006 15:14:38 1077328 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 05/08/2004 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 07/07/2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/08/2004 14:00:00 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 05/08/2004 14:00:00 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 13/07/2006 00:20:14 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 13/07/2006 00:20:14 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 13/07/2006 00:20:14 40960 C:\WINDOWS\SYSTEM32\swsc.exe
UPX! 16/07/2006 13:06:00 77312 C:\WINDOWS\SYSTEM32\VundoFix.exe
winsync 05/08/2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
15/07/2006 17:01:20 S 2048 C:\WINDOWS\bootstat.dat
25/06/2006 10:41:10 H 12908 C:\WINDOWS\Help\SBSI\Training\LSINGLE.GID
01/07/2006 15:01:10 HS 595105 C:\WINDOWS\system32\gjjlm.bak1
14/07/2006 20:30:26 HS 663027 C:\WINDOWS\system32\gjjlm.bak2
01/07/2006 16:01:46 HS 596256 C:\WINDOWS\system32\gjjlm.ini
14/07/2006 23:53:32 HS 596418 C:\WINDOWS\system32\gjjlm.ini2
01/07/2006 15:58:36 HS 596205 C:\WINDOWS\system32\gjjlm.tmp
24/06/2006 22:00:26 HS 5632 C:\WINDOWS\system32\Thumbs.db
22/06/2006 13:18:14 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
19/05/2006 17:53:42 S 16203 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat
29/05/2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 09:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
01/06/2006 22:28:42 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
16/07/2006 03:08:30 H 1024 C:\WINDOWS\system32\config\default.LOG
15/07/2006 17:01:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
16/07/2006 12:19:54 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16/07/2006 13:22:14 H 1024 C:\WINDOWS\system32\config\software.LOG
16/07/2006 13:06:24 H 1024 C:\WINDOWS\system32\config\system.LOG
16/07/2006 01:48:26 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
16/07/2006 13:18:30 HS 8537120 C:\WINDOWS\system32\drivers\fidbox.dat
15/07/2006 00:17:58 HS 115280 C:\WINDOWS\system32\drivers\fidbox.idx
16/07/2006 13:04:36 HS 179232 C:\WINDOWS\system32\drivers\fidbox2.dat
15/07/2006 00:17:58 HS 18536 C:\WINDOWS\system32\drivers\fidbox2.idx
29/06/2006 23:52:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\154b23d8-37b1-410a-bcab-af3a8eab5fbd
29/06/2006 23:52:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
21/05/2006 21:47:50 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\90277b72-01ab-4027-86b9-592a27d4b577
21/05/2006 21:47:50 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
16/07/2006 01:48:16 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
15/07/2006 17:01:32 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 05/08/2004 14:00:00 71680 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 30/09/2004 04:02:22 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 05/08/2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 05/08/2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 05/08/2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 05/08/2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 08/10/2004 01:29:16 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 05/08/2004 14:00:00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 05/08/2004 14:00:00 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 22/11/2004 11:55:08 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 05/08/2004 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 05/08/2004 14:00:00 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 05/08/2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 05/08/2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 05/08/2004 14:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 05/08/2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 05/08/2004 14:00:00 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 28/03/2005 21:09:20 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 05/08/2004 14:00:00 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 05/08/2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 05/08/2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 08/10/2004 19:00:28 86016 C:\WINDOWS\SYSTEM32\VCCenter.cpl
Microsoft Corporation 05/08/2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Socket Communications Inc. 03/08/2003 17:05:14 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
20/06/2005 21:47:04 1958 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
01/07/2006 01:29:48 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
19/11/2004 12:22:18 HS 84 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\desktop.ini
23/02/2005 20:25:26 1636 C:\Documents and Settings\vallas philippe\Menu Démarrer\Programmes\Démarrage\VAIO Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
19/11/2004 13:14:02 HS 62 C:\Documents and Settings\vallas philippe\Application Data\desktop.ini
16/07/2006 01:37:58 1988 C:\Documents and Settings\vallas philippe\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
Wanadoo 6.2 = IEAKFT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPDMenu
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A4113FE-0A12-4400-8DCA-B92F087C0A38}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Console Java (Sun) : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
ButtonText = Antivirus Internet :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messager Wanadoo : C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Bande de recherche = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{74CC49F7-EB32-4A08-B204-948962A6E3DB} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint\Apoint.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Mouse Suite 98 Daemon ICO.EXE
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SonyPowerCfg C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe
VAIO Update 2 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
PDService.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Easy-PrintToolBox C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
kav "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon
= C:\WINDOWS\system32\klogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjg
= C:\WINDOWS\system32\mljjg.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon
= VESWinlogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32
= wineak32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 16/07/2006 13:25:09

Merci.

Voila le rapport Run fixit


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32


Sur Registry Search la commande gjjlm na rien donné par contre pour wineak32 voila le rapport:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "wineak32" 16/07/2006 17:04:38

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineak32]
"DllName"="wineak32.dll"

et le petit dernier:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "mljjg" 16/07/2006 17:06:08

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0000]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0011]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0001]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0014]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjg]
"DllName"="C:\\WINDOWS\\system32\\mljjg.dll"

voila bas dit dont que de rapport depuis le debut de l'aventure... ;-)

Bonjour, voila le nouveaux rapport,

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "mljjg" 17/07/2006 13:34:02

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0000]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0011]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0001]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0014]
"ImagePath"="C:\\WINDOWS\\system32\\mljjg.dll"

pour le reste r.a.s pas de rapport detailler,
a plus.

Oui sa rame grave.
Sinon niveau affichage sa fonctionne pour le moment.
y'a pas un moyen de tester les composant de la machine.

Je te remercie du temps que tu consacre a mon probleme.

A plus tard. :-P

Bonsoir, sur le scanne Ecleaner il y a des dossier qui ne peut pas supprimer.

Nom Taille Type Modifié Attr. Version du fichier Version du produit
C:\WINDOWS\Temp\JETCA2C.tmp 0 Fichier TMP 17/07/2006 13:29:10 A
C:\WINDOWS\Temp\JETCAA9.tmp 0 Fichier TMP 17/07/2006 13:29:10 A
C:\Documents and Settings\vallas philippe\Local Settings\Historique\History.IE5 0 16/07/2006 01:37:18 S
C:\Documents and Settings\vallas philippe\Local Settings\Temporary Internet Files\Content.IE5 0 16/07/2006 16:59:06 S
C:\WINDOWS\Temp\~DF1D79.tmp 16384 Fichier TMP 17/07/2006 13:28:48 A
C:\Documents and Settings\vallas philippe\Local Settings\Historique\History.IE5\index.dat 98304 17/07/2006 21:04:52 A
C:\Documents and Settings\vallas philippe\Local Settings\Temporary Internet Files\Content.IE5\index.dat 1130496 Fichier DAT 17/07/2006 21:06:08 A


Et certain registre aussi,

Racine Clé de Registre Modifié Valeur de chaîne Fichiers/réf. chemin
HKEY_LOCAL_MACHINE Software\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0000 17/07/2006 19:00:36 ImagePath C:\WINDOWS\system32\mljjg.dll
HKEY_LOCAL_MACHINE Software\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0012\TrustedImageList\0011 17/07/2006 19:00:36 ImagePath C:\WINDOWS\system32\mljjg.dll
HKEY_LOCAL_MACHINE Software\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0001 17/07/2006 19:00:36 ImagePath C:\WINDOWS\system32\mljjg.dll
HKEY_LOCAL_MACHINE Software\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0013\TrustedImageList\0014 17/07/2006 19:00:37 ImagePath C:\WINDOWS\system32\mljjg.dll

Quand t'as Ccleaner pas de probleme, la defragmentation ok.

Kaspersky peut'il generer des lenteurs, car j'ai l'impression que l'orsque que le systeme est desactiver sa fonctionne mieux.

Il rame par cycle s'est vraiment etrange.

Dans le gestionnaire des taches il y a un dossier " Processus inactif " qui mouline a 99%.

Quand pense tu.