triton

Membres

Afficher le profil Afficher son activité

Compteur de contenus
94
Inscription
le 12 décembre 2004
Dernière visite
le 11 octobre 2011

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par triton

windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

bon on avance j'ai suivi ta procédure et quand j'ai voulu nettoyer les registres j'ai eu le message suivant : la modification du registre a été désactivée par votre administrateur j'ai quand meme insisté et j'ai obtenu le rapport ci joint : SmitFraudFix v2.217 Rapport fait à 11:30:25,45, 06/09/2007 Executé à partir de C:\Documents and Settings\boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\printer.exe supprimé C:\WINDOWS\system32\WinAvXX.exe supprimé C:\DOCUME~1\boss\MENUDM~1\PROGRA~1\DMARRA~1\system.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin par contre winantivirus est toujours là et je ne le trouve pas dans systeme 32 merci encore pour ton aide
- le 6 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

on avance ! blocage là maintenant NY -> system.exe -> %UserStartup%\system.exe
- le 5 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

bonjour en mode sans échec même problème il bloque sur cette ligne : NY -> WinAvXX.exe -> %System32%\WinAvXX.exe
- le 5 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

ok merci quand je lance le fix il ne me rend pas la main !
- le 4 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

voila voila WinPFind3 logfile created on: 04/09/2007 15:33:28 WinPFind3U by OldTimer - Version 1.0.41 Folder = C:\Documents and Settings\boss\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 510,09 Mb Total Physical Memory | 194,83 Mb Available Physical Memory | 38,20% Memory free 1,22 Gb Paging File | 0,68 Gb Available in Paging File | 56,16% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229,76 Gb Total Space | 211,97 Gb Free Space | 92,26% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: FRANCIS Current User Name: boss Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 14:38:50 | Attr = ] aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ] autorun.exe -> %AllUsersStartup%\autorun.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] dex_ic-304v1.exe -> %UserAppData%\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE -> [Ver = | Size = 28771 bytes | Modified Date = 26/01/2004 18:58:48 | Attr = ] dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ] dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ] gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 12/05/2005 00:33:52 | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 12/05/2005 00:40:38 | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ] hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 11/05/2005 23:16:22 | Attr = ] hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ] jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ] soffice.bin -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9153 | Size = 2510848 bytes | Modified Date = 29/05/2007 15:48:16 | Attr = ] soffice.exe -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9153 | Size = 2359296 bytes | Modified Date = 29/05/2007 15:48:14 | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ] tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.41.0 | Size = 322560 bytes | Modified Date = 31/08/2007 10:30:22 | Attr = ] wlancfg.exe -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ] wlanmonitor.exe -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 14:38:50 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] (IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ] (Planificateur LiveUpdate automatique) Planificateur LiveUpdate automatique [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.1 | Size = 729416 bytes | Modified Date = 14/08/2007 17:02:22 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.5 | Size = 1407816 bytes | Modified Date = 14/08/2007 17:02:28 | Attr = ] (Wlancfg) Service de lancement de WlanCfg [Win32_Own | Auto | Running] -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ] AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ] dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ] DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 18:50:42 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ] WinAVX -> %System32%\WinAvXX.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DexStarter_IC-304V1 -> %UserAppData%\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat -> [Ver = | Size = 438 bytes | Modified Date = 22/06/2007 17:45:14 | Attr = ] WinAVX -> %System32%\WinAvXX.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> -> %AllUsersStartup%\autorun.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] %AllUsersStartup%\Démarrage rapide du logiciel HP Image Zone.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 12/05/2005 00:49:24 | Attr = ] %AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ] < User Startup > -> C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage -> %UserStartup%\Moniteur & Configuration.lnk -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ] %UserStartup%\OpenOffice.org 2.2.lnk -> %ProgramFiles%\OpenOffice.org 2.2\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 02/02/2007 17:54:56 | Attr = ] -> %UserStartup%\system.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> C:\WINDOWS\system32\printer.exe -> %System32%\printer.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> < HOSTS File > (3457 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 192.168.200.3 ad.doubleclick.net -> -> 192.168.200.3 ad.fastclick.net -> -> 192.168.200.3 ads.fastclick.net -> -> 192.168.200.3 ar.atwola.com -> -> 192.168.200.3 atdmt.com -> -> 192.168.200.3 avp.ch -> -> 192.168.200.3 avp.com -> -> 192.168.200.3 avp.ru -> -> 192.168.200.3 awaps.net -> -> 192.168.200.3 banner.fastclick.net -> -> 192.168.200.3 banners.fastclick.net -> -> 192.168.200.3 ca.com -> -> 192.168.200.3 click.atdmt.com -> -> 192.168.200.3 clicks.atdmt.com -> -> 192.168.200.3 customer.symantec.com -> -> 192.168.200.3 dispatch.mcafee.com -> -> 192.168.200.3 download.mcafee.com -> -> 192.168.200.3 download.microsoft.com -> -> 192.168.200.3 downloads-us1.kaspersky-labs.com -> -> 192.168.200.3 downloads-us2.kaspersky-labs.com -> -> 192.168.200.3 downloads-us3.kaspersky-labs.com -> -> 192.168.200.3 downloads.microsoft.com -> -> 192.168.200.3 downloads1.kaspersky-labs.com -> -> 192.168.200.3 downloads2.kaspersky-labs.com -> -> 192.168.200.3 downloads3.kaspersky-labs.com -> -> 192.168.200.3 downloads4.kaspersky-labs.com -> -> 192.168.200.3 engine.awaps.net -> -> 192.168.200.3 f-secure.com -> -> 192.168.200.3 fastclick.net -> -> 192.168.200.3 ftp.avp.ch -> -> 192.168.200.3 ftp.downloads1.kaspersky-labs.com -> -> 192.168.200.3 ftp.downloads2.kaspersky-labs.com -> -> 192.168.200.3 ftp.downloads3.kaspersky-labs.com -> -> 192.168.200.3 ftp.f-secure.com -> -> 192.168.200.3 ftp.kasperskylab.ru -> -> 192.168.200.3 ftp.sophos.com -> -> 192.168.200.3 go.microsoft.com -> -> 192.168.200.3 ids.kaspersky-labs.com -> -> 192.168.200.3 kaspersky-labs.com -> -> 192.168.200.3 kaspersky.com -> -> 192.168.200.3 liveupdate.symantec.com -> -> 192.168.200.3 liveupdate.symantecliveupdate.com -> -> 192.168.200.3 mast.mcafee.com -> -> 192.168.200.3 mcafee.com -> -> 192.168.200.3 media.fastclick.net -> -> 192.168.200.3 microsoft.com -> -> 192.168.200.3 msdn.microsoft.com -> -> 192.168.200.3 my-etrust.com -> -> 192.168.200.3 nai.com -> -> 192.168.200.3 networkassociates.com -> -> 192.168.200.3 norton.com -> -> 192.168.200.3 office.microsoft.com -> -> 192.168.200.3 pandasoftware.com -> -> 192.168.200.3 phx.corporate-ir.net -> -> 192.168.200.3 rads.mcafee.com -> -> 192.168.200.3 secure.nai.com -> -> 192.168.200.3 securityresponse.symantec.com -> -> 192.168.200.3 service1.symantec.com -> -> 192.168.200.3 sophos.com -> -> 192.168.200.3 spd.atdmt.com -> -> 192.168.200.3 support.microsoft.com -> -> 192.168.200.3 symantec.com -> -> 192.168.200.3 trendmicro.com -> -> 192.168.200.3 update.symantec.com -> -> 192.168.200.3 updates.symantec.com -> -> 192.168.200.3 updates1.kaspersky-labs.com -> -> 192.168.200.3 updates2.kaspersky-labs.com -> -> 192.168.200.3 updates3.kaspersky-labs.com -> -> 192.168.200.3 updates4.kaspersky-labs.com -> -> 192.168.200.3 updates5.kaspersky-labs.com -> -> 192.168.200.3 us.mcafee.com -> -> 192.168.200.3 vil.nai.com -> -> 192.168.200.3 viruslist.com -> -> 192.168.200.3 viruslist.ru -> -> 192.168.200.3 virusscan.jotti.org -> -> 192.168.200.3 virustotal.com -> -> 192.168.200.3 windowsupdate.microsoft.com -> -> 192.168.200.3 www.avp.ch -> -> 192.168.200.3 www.avp.com -> -> 192.168.200.3 www.avp.ru -> -> 192.168.200.3 www.awaps.net -> -> 192.168.200.3 www.ca.com -> -> 192.168.200.3 www.f-secure.com -> -> 192.168.200.3 www.fastclick.net -> -> 192.168.200.3 www.grisoft.com -> -> 192.168.200.3 www.kaspersky-labs.com -> -> 192.168.200.3 www.kaspersky.com -> -> 192.168.200.3 www.kaspersky.ru -> -> 192.168.200.3 www.mcafee.com -> -> 192.168.200.3 www.microsoft.com -> -> 192.168.200.3 www.my-etrust.com -> -> 192.168.200.3 www.nai.com -> -> 192.168.200.3 www.networkassociates.com -> -> 192.168.200.3 www.pandasoftware.com -> -> 192.168.200.3 www.sophos.com -> -> 192.168.200.3 www.symantec.com -> -> 192.168.200.3 www.symantec.com -> -> 192.168.200.3 www.trendmicro.com -> -> 192.168.200.3 www.viruslist.com -> -> 192.168.200.3 www.viruslist.ru -> -> 192.168.200.3 www.virustotal.com -> -> 192.168.200.3 www3.ca.com -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.google.com -> HKLM: Start Page -> http://www.google.com -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Page_URL -> http://www.dell.fr/myway -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Bar -> http://www.google.com/ie -> HKCU: Search Page -> http://www.google.com -> HKCU: Start Page -> http://www.google.fr/ -> HKCU: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Console Java (Sun)] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xporter vers Microsoft Excel -> -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4F24856B-E7B5-42FA-8898-F1B5156B6552} -> (ATMEL USB FastVNET (505A)) -> {7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558} -> (ATMEL USB FastVNET (505A)) -> {FFA92BA0-7FD5-4866-B39D-58FC128F4843} -> (Intel® PRO/100 VE Network Connection) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 59553 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE -> C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE:*:Enabled:DEX_IC-304V1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Outlook Express\msimn.exe -> C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> Google Gmail Notifier -> {03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7} -> PhotoGallery -> {075473F5-846A-448B-BCB3-104AA1760205} -> Sonic RecordNow Data -> {09984AEC-6B9F-4ca7-B78D-CB44D4771DA3} -> Destinations -> {0BD820A5-767A-40F5-8A8A-DAFCC62F36A7} -> Graphiplus 10.3 -> {0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> Panneau de contrôle ATI -> {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA -> {15EE79F4-4ED1-4267-9B0F-351009325D7D} -> HP Software Update -> {17E27BFB-BD58-11d2-AFC1-00C04F72FB3E} -> VBA (2720. -> {1D3C662A-F6C6-4767-A788-7AA43A9A1317} -> ARTEuro -> {1F63ED0B-EDD2-4037-B6AB-1358C624AF48} -> Scan -> {21657574-BD54-48A2-9450-EB03B2C7FC29} -> Sonic MyDVD LE -> {21DB3D90-D816-4092-A260-CA3F6B55A6DD} -> Sonic_PrimoSDK -> {23A7B376-BBEC-4e76-BBD7-0F155E70D74B} -> CP_Panorama1Config -> {2405665A-16C9-4D3A-B70E-F006220E1472} -> Overland -> {267868CE-6DFF-40F7-9C58-C01119B7B117} -> Fax -> {2BBC9458-07CA-4843-848B-5C8146E5EFA8} -> CreativeProjects -> {2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C} -> Unload -> {30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager -> {30C19FF2-7FBA-4d09-B9DE-1659977F64F6} -> TrayApp -> {32BDCCB8-9DC8-496d-9DB1-F77510775BDB} -> InstantShareDevices -> {34A59AC3-6C5C-4A09-A7F5-369A37176C8A} -> AiOSoftware -> {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page -> {36BD0774-6CD6-4FF9-A148-83CA09AC123E} -> Intel® PROSafe for Wired Connections -> {36E47DA1-10E1-45d9-8B19-14D19607CDCF} -> CP_CalendarTemplates1 -> {37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) -> {3AE681E0-4E8D-453F-950A-48534D3C0724} -> Copy -> {3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF} -> HPSystemDiagnostics -> {403EF592-953B-4794-BCEF-ECAB835C2095} -> Intel® PROSafe for Wired Connections -> {4192EAC0-6B36-4723-B216-D0E86E7757AC} -> Jasc Paint Shop Photo Album 5 -> {419805D6-75A0-4981-BC8F-9FF97EC6B03A} -> OpenOffice.org 2.2 -> {53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C} -> FullDPAppQFolder -> {56EE8B17-8274-418d-89AC-C057C5DB251E} -> RandMap -> {56F8AFC3-FA98-4ff1-9673-8A026CBF85BE} -> WebReg -> {5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool -> {597D73A8-5FDB-4bc1-9893-40B54459F1BC} -> ProductContext -> {5A01C58E-B0EC-49b9-AD71-7C0468688087} -> CP_Package_Basic1 -> {5B622B7A-60FB-4630-B11D-F121D20BCCD6} -> MarketResearch -> {5F26311C-B135-4F7F-B11E-8E650F83651E} -> DeviceFunctionQFolder -> {64D114CE-4234-45C2-B60A-2B07D5A48F72} -> Microsoft Works 7.0 -> {66BA8C26-AFE4-4408-807B-43E76B57EF53} -> SkinsHP1 -> {66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder -> {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.5 -> {6BD4B0B5-3359-4932-BF94-C805EE83E710} -> 2350_Help -> {6CD27A25-D4A5-4e25-86B1-36EBBA2BA279} -> 2350Trb -> {6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder -> {7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03 -> {74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore -> {78C496B9-5A6B-4692-8C2E-AFFFC34E4961} -> Jasc Paint Shop Pro Studio, Dell Editon -> {791CAF6C-90A3-11D4-8306-00D0B72E1DB9} -> Sentinel System Driver -> {79546A5F-AE7C-4693-8670-A3401B43ABD2} -> HP Deskjet 5900 series -> {7E27304E-BAA2-4d90-A34E-76641FAFABB4} -> CP_AtenaShokunin1Config -> {7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A} -> 2350 -> {8234A27D-C5A4-4F84-8718-3BF34BCFC89F} -> JourneySoftwarePromo -> {8777AC6D-89F9-4793-8266-DE406F343E89} -> QFolder -> {88C02750-7811-11D3-B83B-00C04F58D527} -> Bordures et arrière-plans -> {88C02752-7811-11D3-B83B-00C04F58D527} -> Légendes et liens -> {88C02753-7811-11D3-B83B-00C04F58D527} -> Images clipart et symboles -> {88C02758-7811-11D3-B83B-00C04F58D527} -> Assistant Rapport de propriétés -> {88C02759-7811-11D3-B83B-00C04F58D527} -> Enregistrer sous HTML -> {88C0275D-7811-11D3-B83B-00C04F58D527} -> Aide sur les fichiers programme -> {88C0275E-7811-11D3-B83B-00C04F58D527} -> Diagrammes de blocs -> {88C0275F-7811-11D3-B83B-00C04F58D527} -> Diagrammes de flux -> {88C02760-7811-11D3-B83B-00C04F58D527} -> Formulaires et graphiques -> {88C02763-7811-11D3-B83B-00C04F58D527} -> Diagrammes réseau -> {88C02765-7811-11D3-B83B-00C04F58D527} -> Organigrammes -> {88C02766-7811-11D3-B83B-00C04F58D527} -> Plannings de projet -> {88C02929-7811-11D3-B83B-00C04F58D527} -> Aide sur les diagrammes de flux -> {8DF66342-77E4-11D3-B83B-00C04F58D527} -> Vérificateur d'orthographe -> {8DF66343-77E4-11D3-B83B-00C04F58D527} -> Solutions -> {8DF66345-77E4-11D3-B83B-00C04F58D527} -> Notes sur cette version -> {8DF6634B-77E4-11D3-B83B-00C04F58D527} -> Programmes complémentaires -> {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel Matrix Storage Manager -> {91CA040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Small Business Edition 2003 -> {9A394342-4A68-4EBA-85A6-55B559F4E700} -> Microsoft .NET Framework 1.1 French Language Pack -> {9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B} -> QuickProjects -> {9DA5448B-4127-11D3-8F79-00C04F8DD7E3} -> Aide sur les images clipart et les symboles -> {9DA5448D-4127-11D3-8F79-00C04F8DD7E3} -> Aide sur les legendes et les liens -> {9DA5448F-4127-11D3-8F79-00C04F8DD7E3} -> Aide sur les bordures et les arrière-plans -> {9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3} -> PrintScreen -> {A1062847-0846-427A-92A1-BB8251A91E91} -> HP PSC & OfficeJet 4.2 -> {A2500497-FD32-493e-B8E5-28D6728DBEF5} -> Readme -> {A3B215CF-7A43-11D3-B83B-00C04F58D527} -> Aide sur les diagrammes de blocs -> {A3B21615-7A43-11D3-B83B-00C04F58D527} -> Aide sur les formulaires et les graphiques -> {A3B21686-7A43-11D3-B83B-00C04F58D527} -> Aide sur les diagrammes réseau -> {A4EA3AB4-E78C-4286-96DF-26035507CE55} -> AiO_Scan -> {A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} -> Apple Software Update -> {A5222E5A-13CB-4C98-9F5C-21CF6896A25C} -> HPDeskjet5900Series -> {A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D} -> CueTour -> {A890218A-2B99-4EF5-AE53-51FF4D305866} -> Micro Application - Faire-part MC -> {AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder -> {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Sonic RecordNow Audio -> {AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} -> Dell Media Experience -> {AC76BA86-0000-0000-0000-6028747ADE01} -> Adobe Acrobat - Reader 6.0.2 Update -> {AC76BA86-7AD7-1036-7B44-A00000000001} -> Adobe Reader 6.0.1 - Français -> {AF06CAE4-C134-44B1-B699-14FBDB63BD37} -> Dell Picture Studio v3.0 -> {B12665F4-4E93-4AB4-B7FC-37053B524629} -> Sonic RecordNow Copy -> {B2C7C466-408C-11D3-8F79-00C04F8DD7E3} -> Aide sur les plannings de projet -> {B2C7C469-408C-11D3-8F79-00C04F8DD7E3} -> Aide sur les organigrammes -> {B32C75F2-7495-4D01-9431-C11E97D66F8C} -> DocProc -> {B45D9FEE-1AF4-46F3-9A83-2545F81547F5} -> CreativeProjectsTemplates -> {B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D} -> DocumentViewer -> {B66F45DC-853B-11d3-83DE-00C04F3223C8} -> Visio 2000 (FR) -> {B66F462A-853B-11d3-83DE-00C04F3223C8} -> Visio -> {B66F464B-853B-11d3-83DE-00C04F3223C8} -> Aide de Visio 2000 (aide HTML) -> {B66F4695-853B-11d3-83DE-00C04F3223C8} -> Fichiers de base Visio -> {B996AE66-10DB-4ac5-B151-E8B4BFBC42FC} -> BufferChm -> {BCC992E5-5C81-4066-9B55-03DC10B24D21} -> InstantShare -> {C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {CDE4CC8B-134B-421E-943C-90799E56F664} -> Dell Media Experience Update -> {D9B0CB2E-AC76-4687-AA41-2BEF8A934A81} -> 802.11 Wireless LAN PCMCIA Card -> {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware 2007 -> {E3F90083-80D4-4b5a-87C7-E97E12F5516D} -> HPProductAssistant -> {E7559288-223B-453C-9F06-340E3BE21E39} -> MyWay Search Assistant -> {E8814A8F-3B06-11D3-8CD7-00C04F72C04D} -> Microsoft Visual Studio Service Pack 3 -> {EA103B64-C0E4-4C0E-A506-751590E1653D} -> SolutionCenter -> {ED479ED4-A1C5-11d3-83E3-00C04F3223C8} -> Fichiers programme -> {F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} -> QuickTime -> {F27E6293-F894-4562-B356-8726B89839FC} -> Filtres graphiques -> {F4C2E5F5-2970-45f4-ABD3-C180C4D961C4} -> Status -> 446227_R1 -> Micro Application - Aménagez Votre Intérieur 3D -> AOL YGP Screensaver -> Ecran de veille AOL Photos -> ATI Display Driver -> ATI Display Driver -> avast! -> avast! Antivirus -> CCleaner -> CCleaner (remove only) -> Encyclopédie Hachette Multimédia -> Encyclopédie Hachette Multimédia -> EVEREST Home Edition_is1 -> EVEREST Home Edition v2.20 -> HijackThis -> HijackThis 2.0.0 -> HP Imaging Device Functions -> HP Imaging Device Functions 5.0 -> HP Photo & Imaging -> HP Image Zone 5.0 -> HP Solution Center & Imaging Support Tools -> HP Solution Center & Imaging Support Tools 5.0 -> HPExtendedCapabilities -> HP Extended Capabilities 5.0 -> InstallShield_{D9B0CB2E-AC76-4687-AA41-2BEF8A934A81} -> 802.11 Wireless LAN PCMCIA Card Setup -> KB835221WXP -> High Definition Audio Driver Package - KB835221 -> KB873339 -> Correctif Windows XP - KB873339 -> KB885250 -> Correctif Windows XP - KB885250 -> KB885835 -> Correctif Windows XP - KB885835 -> KB885836 -> Correctif Windows XP - KB885836 -> KB886185 -> Correctif Windows XP - KB886185 -> KB887472 -> Correctif Windows XP - KB887472 -> KB888113 -> Correctif Windows XP - KB888113 -> KB888302 -> Correctif Windows XP - KB888302 -> KB888310 -> Correctif Windows XP - KB888310 -> KB890046 -> Mise à jour de sécurité pour Windows XP (KB890046) -> KB890175 -> Correctif Windows XP - KB890175 -> KB890859 -> Correctif Windows XP - KB890859 -> KB891781 -> Correctif Windows XP - KB891781 -> KB893756 -> Mise à jour de sécurité pour Windows XP (KB893756) -> KB893803v2 -> Windows Installer 3.1 (KB893803) -> KB894391 -> Mise à jour pour Windows XP (KB894391) -> KB896358 -> Mise à jour de sécurité pour Windows XP (KB896358) -> KB896422 -> Mise à jour de sécurité pour Windows XP (KB896422) -> KB896423 -> Mise à jour de sécurité pour Windows XP (KB896423) -> KB896424 -> Mise à jour de sécurité pour Windows XP (KB896424) -> KB896428 -> Mise à jour de sécurité pour Windows XP (KB896428) -> KB896727 -> Mise à jour pour Windows XP (KB896727) -> KB898458 -> Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) -> KB898461 -> Mise à jour pour Windows XP (KB898461) -> KB899587 -> Mise à jour de sécurité pour Windows XP (KB899587) -> KB899591 -> Mise à jour de sécurité pour Windows XP (KB899591) -> KB900485 -> Mise à jour pour Windows XP (KB900485) -> KB900725 -> Mise à jour de sécurité pour Windows XP (KB900725) -> KB901017 -> Mise à jour de sécurité pour Windows XP (KB901017) -> KB901214 -> Mise à jour de sécurité pour Windows XP (KB901214) -> KB902400 -> Mise à jour de sécurité pour Windows XP (KB902400) -> KB904706 -> Mise à jour de sécurité pour Windows XP (KB904706) -> KB905414 -> Mise à jour de sécurité pour Windows XP (KB905414) -> KB905749 -> Mise à jour de sécurité pour Windows XP (KB905749) -> KB908519 -> Mise à jour de sécurité pour Windows XP (KB908519) -> KB908531 -> Mise à jour pour Windows XP (KB908531) -> KB910437 -> Mise à jour pour Windows XP (KB910437) -> KB911280 -> Mise à jour pour Windows XP (KB911280) -> KB911562 -> Mise à jour de sécurité pour Windows XP (KB911562) -> KB911564 -> Mise à jour de sécurité pour Lecteur Windows Media (KB911564) -> KB911565 -> Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) -> KB911567 -> Mise à jour de sécurité pour Windows XP (KB911567) -> KB911927 -> Mise à jour de sécurité pour Windows XP (KB911927) -> KB912919 -> Mise à jour de sécurité pour Windows XP (KB912919) -> KB913580 -> Mise à jour de sécurité pour Windows XP (KB913580) -> KB914388 -> Mise à jour de sécurité pour Windows XP (KB914388) -> KB914389 -> Mise à jour de sécurité pour Windows XP (KB914389) -> KB916595 -> Mise à jour pour Windows XP (KB916595) -> KB917159 -> Mise à jour de sécurité pour Windows XP (KB917159) -> KB917344 -> Mise à jour de sécurité pour Windows XP (KB917344) -> KB917422 -> Mise à jour de sécurité pour Windows XP (KB917422) -> KB917734_WMP10 -> Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) -> KB917734_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) -> KB917953 -> Mise à jour de sécurité pour Windows XP (KB917953) -> KB918118 -> Mise à jour de sécurité pour Windows XP (KB918118) -> KB918439 -> Mise à jour de sécurité pour Windows XP (KB918439) -> KB918899 -> Mise à jour de sécurité pour Windows XP (KB918899) -> KB919007 -> Mise à jour de sécurité pour Windows XP (KB919007) -> KB920213 -> Mise à jour de sécurité pour Windows XP (KB920213) -> KB920214 -> Mise à jour de sécurité pour Windows XP (KB920214) -> KB920670 -> Mise à jour de sécurité pour Windows XP (KB920670) -> KB920683 -> Mise à jour de sécurité pour Windows XP (KB920683) -> KB920685 -> Mise à jour de sécurité pour Windows XP (KB920685) -> KB920872 -> Mise à jour pour Windows XP (KB920872) -> KB921398 -> Mise à jour de sécurité pour Windows XP (KB921398) -> KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) -> KB921883 -> Mise à jour de sécurité pour Windows XP (KB921883) -> KB922582 -> Mise à jour pour Windows XP (KB922582) -> KB922616 -> Mise à jour de sécurité pour Windows XP (KB922616) -> KB922760 -> Mise à jour de sécurité pour Windows XP (KB922760) -> KB922819 -> Mise à jour de sécurité pour Windows XP (KB922819) -> KB923191 -> Mise à jour de sécurité pour Windows XP (KB923191) -> KB923414 -> Mise à jour de sécurité pour Windows XP (KB923414) -> KB923694 -> Mise à jour de sécurité pour Windows XP (KB923694) -> KB923723 -> Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) -> KB923980 -> Mise à jour de sécurité pour Windows XP (KB923980) -> KB924191 -> Mise à jour de sécurité pour Windows XP (KB924191) -> KB924270 -> Mise à jour de sécurité pour Windows XP (KB924270) -> KB924496 -> Mise à jour de sécurité pour Windows XP (KB924496) -> KB924667 -> Mise à jour de sécurité pour Windows XP (KB924667) -> KB925398_WMP64 -> Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) -> KB925454 -> Mise à jour de sécurité pour Windows XP (KB925454) -> KB925486 -> Mise à jour de sécurité pour Windows XP (KB925486) -> KB925902 -> Mise à jour de sécurité pour Windows XP (KB925902) -> KB926239 -> Hotfix for Windows XP (KB926239) -> KB926255 -> Mise à jour de sécurité pour Windows XP (KB926255) -> KB926436 -> Mise à jour de sécurité pour Windows XP (KB926436) -> KB927779 -> Mise à jour de sécurité pour Windows XP (KB927779) -> KB927802 -> Mise à jour de sécurité pour Windows XP (KB927802) -> KB927891 -> Mise à jour pour Windows XP (KB927891) -> KB928090 -> Mise à jour de sécurité pour Windows XP (KB928090) -> KB928255 -> Mise à jour de sécurité pour Windows XP (KB928255) -> KB928843 -> Mise à jour de sécurité pour Windows XP (KB928843) -> KB929123 -> Mise à jour de sécurité pour Windows XP (KB929123) -> KB929338 -> Mise à jour pour Windows XP (KB929338) -> KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) -> KB929969 -> Mise à jour de sécurité pour Windows XP (KB929969) -> KB930178 -> Mise à jour de sécurité pour Windows XP (KB930178) -> KB930916 -> Mise à jour pour Windows XP (KB930916) -> KB931261 -> Mise à jour de sécurité pour Windows XP (KB931261) -> KB931768 -> Mise à jour de sécurité pour Windows XP (KB931768) -> KB931784 -> Mise à jour de sécurité pour Windows XP (KB931784) -> KB931836 -> Mise à jour pour Windows XP (KB931836) -> KB932168 -> Mise à jour de sécurité pour Windows XP (KB932168) -> KB933360 -> Mise à jour pour Windows XP (KB933360) -> KB933566 -> Mise à jour de sécurité pour Windows XP (KB933566) -> KB935839 -> Mise à jour de sécurité pour Windows XP (KB935839) -> KB935840 -> Mise à jour de sécurité pour Windows XP (KB935840) -> KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) -> KB936357 -> Mise à jour pour Windows XP (KB936357) -> KB936782_WMP11 -> Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) -> KB937143 -> Mise à jour de sécurité pour Windows XP (KB937143) -> KB938127 -> Mise à jour de sécurité pour Windows XP (KB938127) -> KB938828 -> Mise à jour pour Windows XP (KB938828) -> KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) -> KB939683 -> Correctif pour Lecteur Windows Media 11 (KB939683) -> M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) -> Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 -> MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP -> MSNINST -> MSN -> my360 Classic -> my360 Classic Screen Saver -> my360 Psyche -> my360 Psyche Screen Saver -> PornoPlayer -> PornoPlayer -> PROSetDX -> Logiciel des cartes réseau Intel® PRO v9.2.4.11 -> Rainbow Sentinel Driver -> Sentinel System Driver -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> Spyware Doctor -> Spyware Doctor 5.0 -> StreetPlugin -> Learn2 Player (Uninstall Only) -> ViewpointMediaPlayer -> Viewpoint Media Player -> WgaNotify -> Windows Genuine Advantage Notifications (KB905474) -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> Windows Media Player -> Lecteur Windows Media 11 -> WMFDist11 -> Windows Media Format 11 runtime -> wmp11 -> Windows Media Player 11 -> Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 -> [Files/Folders - Created Within 60 days] dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Created Date = 30/08/2007 15:41:56 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 30/08/2007 15:41:40 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS] rapport.txt -> %SystemDrive%\rapport.txt -> [Ver = | Size = 4605 bytes | Created Date = 29/08/2007 14:44:41 | Attr = ] WA7PV -> %SystemDrive%\WA7PV -> [Folder | Created Date = 28/08/2007 07:16:53 | Attr = HS] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 20/08/2007 02:02:18 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 03/09/2007 02:00:31 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 20/08/2007 02:02:27 | Attr = H ] $NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 13/07/2007 18:04:03 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 20/08/2007 02:00:42 | Attr = H ] $NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 20/08/2007 02:01:15 | Attr = H ] $NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 20/08/2007 02:01:25 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 20/08/2007 02:02:23 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 20/08/2007 02:02:13 | Attr = H ] $NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 03/09/2007 02:01:05 | Attr = H ] 0.log -> %SystemRoot%.log -> [Ver = | Size = 0 bytes | Created Date = 29/08/2007 15:28:42 | Attr = ] 3-wlancfg.log -> %SystemRoot%\3-wlancfg.log -> [Ver = | Size = 9414 bytes | Created Date = 29/08/2007 15:28:35 | Attr = ] 4-wlancfg.log -> %SystemRoot%\4-wlancfg.log -> [Ver = | Size = 14121 bytes | Created Date = 30/08/2007 15:41:40 | Attr = ] comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 4023 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 12317 bytes | Created Date = 03/09/2007 02:00:34 | Attr = ] IE4 Error Log.txt -> %SystemRoot%\IE4 Error Log.txt -> [Ver = | Size = 1528 bytes | Created Date = 01/09/2007 07:44:27 | Attr = ] iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 1921 bytes | Created Date = 03/09/2007 02:00:36 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1355 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] KB933360.log -> %SystemRoot%\KB933360.log -> [Ver = | Size = 17400 bytes | Created Date = 03/09/2007 02:00:21 | Attr = ] KB939683.log -> %SystemRoot%\KB939683.log -> [Ver = | Size = 10658 bytes | Created Date = 03/09/2007 02:00:39 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 03/09/2007 02:00:23 | Attr = ] MKDEMSG.LOG -> %SystemRoot%\MKDEMSG.LOG -> [Ver = | Size = 1360 bytes | Created Date = 29/08/2007 16:08:08 | Attr = ] msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 618 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 805450 bytes | Created Date = 29/08/2007 15:08:00 | Attr = ] ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 2440 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 5832 bytes | Created Date = 03/09/2007 02:00:34 | Attr = ] ocmsn.log -> %SystemRoot%\ocmsn.log -> [Ver = | Size = 684 bytes | Created Date = 03/09/2007 02:00:38 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 29/08/2007 15:50:58 | Attr = ] setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 360 bytes | Created Date = 30/08/2007 15:36:14 | Attr = ] setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 30671 bytes | Created Date = 03/09/2007 02:00:38 | Attr = ] setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 30/08/2007 15:36:14 | Attr = ] SpywareDoctor505Installation.log -> %SystemRoot%\SpywareDoctor505Installation.log -> [Ver = | Size = 213 bytes | Created Date = 29/08/2007 15:54:41 | Attr = ] tsoc.log -> %SystemRoot%\tsoc.log -> [Ver = | Size = 4718 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] msvcr80.dll -> %System32%\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Created Date = 29/08/2007 15:54:41 | Attr = ] msxml3a.dll -> %System32%\msxml3a.dll -> Microsoft Corporation [Ver = 8.10.8308.0 | Size = 24064 bytes | Created Date = 28/08/2007 07:15:57 | Attr = ] my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Created Date = 31/08/2007 16:53:25 | Attr = ] my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:25 | Attr = ] my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Created Date = 31/08/2007 16:53:14 | Attr = ] my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:14 | Attr = ] printer.exe -> %System32%\printer.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Created Date = 30/08/2007 16:05:49 | Attr = ] Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] SpOrder.dll -> %System32%\SpOrder.dll -> Microsoft Corporation [Ver = 5.2.3663.0 (main.020715-1506) | Size = 8704 bytes | Created Date = 28/08/2007 07:15:57 | Attr = ] SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] stera.job -> %System32%\stera.job -> [Ver = | Size = 2 bytes | Created Date = 28/08/2007 07:16:52 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 30/08/2007 06:45:49 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3132 bytes | Created Date = 29/08/2007 14:44:54 | Attr = ] tmp.txt -> %System32%\tmp.txt -> [Ver = | Size = 0 bytes | Created Date = 29/08/2007 14:44:54 | Attr = ] WinAvXX.exe -> %System32%\WinAvXX.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Created Date = 30/08/2007 16:05:49 | Attr = ] AWRTPD.sys -> %System32%\drivers\AWRTPD.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 6272 bytes | Created Date = 11/07/2007 13:37:26 | Attr = ] AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Created Date = 07/08/2007 12:58:08 | Attr = ] ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Created Date = 07/08/2007 12:56:58 | Attr = ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 28/08/2007 12:47:29 | Attr = ] SalesMonitor -> %AllUsersAppData%\SalesMonitor -> [Folder | Created Date = 28/08/2007 07:16:08 | Attr = R ] PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 29/08/2007 15:54:53 | Attr = ] 100MLT16 -> %UserDocuments%\100MLT16 -> [Folder | Created Date = 27/08/2007 07:31:40 | Attr = ] antivirus francis -> %UserDocuments%\antivirus francis -> [Folder | Created Date = 29/08/2007 14:25:00 | Attr = ] BASE FACT.ods -> %UserDocuments%\BASE FACT.ods -> [Ver = | Size = 69063 bytes | Created Date = 02/08/2007 13:08:46 | Attr = ] cc_20070829_1601.reg -> %UserDocuments%\cc_20070829_1601.reg -> [Ver = | Size = 97121 bytes | Created Date = 29/08/2007 15:01:44 | Attr = ] FACT -> %UserDocuments%\FACT -> [Folder | Created Date = 20/07/2007 11:10:42 | Attr = ] FACTBASE.ods -> %UserDocuments%\FACTBASE.ods -> [Ver = | Size = 111783 bytes | Created Date = 03/09/2007 12:33:16 | Attr = ] FACTSAUV AOUT07.ods -> %UserDocuments%\FACTSAUV AOUT07.ods -> [Ver = | Size = 112314 bytes | Created Date = 03/09/2007 13:56:50 | Attr = ] FACTSAUV TRIE.ods -> %UserDocuments%\FACTSAUV TRIE.ods -> [Ver = | Size = 116588 bytes | Created Date = 03/09/2007 10:46:23 | Attr = ] FACTSAUV TRIE.pdf -> %UserDocuments%\FACTSAUV TRIE.pdf -> [Ver = | Size = 202082 bytes | Created Date = 03/09/2007 10:46:48 | Attr = ] FACTSAUV TRIE2.ods -> %UserDocuments%\FACTSAUV TRIE2.ods -> [Ver = | Size = 111731 bytes | Created Date = 03/09/2007 12:16:11 | Attr = ] FACTSAUV TRIE2.pdf -> %UserDocuments%\FACTSAUV TRIE2.pdf -> [Ver = | Size = 197337 bytes | Created Date = 03/09/2007 12:16:54 | Attr = ] FACTSAUVEGARDE.ods -> %UserDocuments%\FACTSAUVEGARDE.ods -> [Ver = | Size = 116895 bytes | Created Date = 20/07/2007 11:10:12 | Attr = ] Nouvelle base de données.odb -> %UserDocuments%\Nouvelle base de données.odb -> [Ver = | Size = 2498 bytes | Created Date = 13/07/2007 13:26:52 | Attr = ] Nouvelle base de données.odb.lck -> %UserDocuments%\Nouvelle base de données.odb.lck -> [Ver = | Size = 16 bytes | Created Date = 13/07/2007 13:26:57 | Attr = ] Nouvelle base de données2.odb -> %UserDocuments%\Nouvelle base de données2.odb -> [Ver = | Size = 1381 bytes | Created Date = 13/07/2007 13:29:02 | Attr = ] Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 28160 bytes | Created Date = 09/07/2007 13:50:11 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable -> Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 28/08/2007 12:47:35 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 28/08/2007 12:47:35 | Attr = ] Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 768 bytes | Created Date = 29/08/2007 15:55:01 | Attr = ] carte udlm.pdf -> %UserDesktop%\carte udlm.pdf -> [Ver = | Size = 80538 bytes | Created Date = 26/07/2007 05:26:12 | Attr = ] JACQUET.pdf -> %UserDesktop%\JACQUET.pdf -> [Ver = | Size = 1308300 bytes | Created Date = 17/07/2007 16:06:40 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\JACQUET.pdf:Zone.Identifier -> Jeux.url -> %UserDesktop%\Jeux.url -> [Ver = | Size = 386 bytes | Created Date = 29/08/2007 14:46:58 | Attr = ] JUIN1.ods -> %UserDesktop%\JUIN1.ods -> [Ver = | Size = 34382 bytes | Created Date = 10/07/2007 06:33:25 | Attr = ] SKMBT_C25207062808250 (1).pdf -> %UserDesktop%\SKMBT_C25207062808250 (1).pdf -> [Ver = | Size = 421093 bytes | Created Date = 10/07/2007 05:39:41 | Attr = ] SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 30/08/2007 06:45:45 | Attr = ] Traducteur.url -> %UserDesktop%\Traducteur.url -> [Ver = | Size = 404 bytes | Created Date = 29/08/2007 14:46:58 | Attr = ] Télécharger les programmes.url -> %UserDesktop%\Télécharger les programmes.url -> [Ver = | Size = 312 bytes | Created Date = 29/08/2007 14:46:58 | Attr = ] Vidéos.url -> %UserDesktop%\Vidéos.url -> [Ver = | Size = 390 bytes | Created Date = 29/08/2007 14:46:58 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 04/09/2007 14:31:29 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355884 bytes | Created Date = 04/09/2007 14:31:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> autorun.exe -> %AllUsersStartup%\autorun.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Created Date = 29/08/2007 15:53:21 | Attr = ] system.exe -> %UserStartup%\system.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Created Date = 30/08/2007 16:05:49 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 28/08/2007 12:46:59 | Attr = ] [Files/Folders - Modified Within 60 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 29/08/2007 16:54:26 | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 29/08/2007 16:02:26 | Attr = H ] Devis10 -> %SystemDrive%\Devis10 -> [Folder | Modified Date = 04/09/2007 15:29:52 | Attr = ] dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Modified Date = 30/08/2007 16:41:58 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/08/2007 14:11:22 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 30/08/2007 16:44:16 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Modified Date = 30/08/2007 17:05:42 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 30/08/2007 16:36:12 | Attr = R ] rapport.txt -> %SystemDrive%\rapport.txt -> [Ver = | Size = 4605 bytes | Modified Date = 30/08/2007 17:02:30 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 30/08/2007 16:36:58 | Attr = HS] WA7PV -> %SystemDrive%\WA7PV -> [Folder | Modified Date = 28/08/2007 08:16:54 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 03/09/2007 03:01:10 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 29/08/2007 13:00:58 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 20/08/2007 03:02:20 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 03/09/2007 03:00:34 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 20/08/2007 03:02:28 | Attr = H ] $NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Modified Date = 13/07/2007 19:04:04 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 20/08/2007 03:00:46 | Attr = H ] $NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 20/08/2007 03:01:18 | Attr = H ] $NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 20/08/2007 03:01:26 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 20/08/2007 03:02:24 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 20/08/2007 03:02:14 | Attr = H ] $NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = H ] 0.log -> %SystemRoot%.log -> [Ver = | Size = 0 bytes | Modified Date = 30/08/2007 17:06:06 | Attr = ] 3-wlancfg.log -> %SystemRoot%\3-wlancfg.log -> [Ver = | Size = 9414 bytes | Modified Date = 29/08/2007 16:53:42 | Attr = ] 4-wlancfg.log -> %SystemRoot%\4-wlancfg.log -> [Ver = | Size = 14121 bytes | Modified Date = 30/08/2007 17:06:04 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 30/08/2007 17:05:44 | Attr = S] comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 4023 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ] FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 12317 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21/08/2007 22:38:08 | Attr = ] IE4 Error Log.txt -> %SystemRoot%\IE4 Error Log.txt -> [Ver = | Size = 1528 bytes | Modified Date = 01/09/2007 08:44:28 | Attr = ] iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 1921 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 03/09/2007 03:00:40 | Attr = ] imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1355 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 03/09/2007 03:01:10 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 29/08/2007 16:02:28 | Attr = HS] KB933360.log -> %SystemRoot%\KB933360.log -> [Ver = | Size = 17400 bytes | Modified Date = 03/09/2007 03:00:40 | Attr = ] KB939683.log -> %SystemRoot%\KB939683.log -> [Ver = | Size = 10658 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 03/09/2007 03:00:24 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ] MKDEMSG.LOG -> %SystemRoot%\MKDEMSG.LOG -> [Ver = | Size = 1360 bytes | Modified Date = 04/09/2007 15:30:22 | Attr = ] MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 3072 bytes | Modified Date = 04/09/2007 15:01:20 | Attr = ] msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 618 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 805450 bytes | Modified Date = 30/08/2007 17:00:50 | Attr = ] ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 2440 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 5832 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] ocmsn.log -> %SystemRoot%\ocmsn.log -> [Ver = | Size = 684 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 04/09/2007 15:31:32 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29/08/2007 16:52:08 | Attr = ] SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32536 bytes | Modified Date = 30/08/2007 16:50:16 | Attr = ] setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 360 bytes | Modified Date = 30/08/2007 17:02:50 | Attr = ] setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 30671 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Modified Date = 30/08/2007 16:36:16 | Attr = ] SpywareDoctor505Installation.log -> %SystemRoot%\SpywareDoctor505Installation.log -> [Ver = | Size = 213 bytes | Modified Date = 29/08/2007 16:54:54 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 29/08/2007 16:54:26 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 03/09/2007 03:00:34 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 04/09/2007 13:30:10 | Attr = ] tsoc.log -> %SystemRoot%\tsoc.log -> [Ver = | Size = 4718 bytes | Modified Date = 03/09/2007 03:01:10 | Attr = ] wiadebug.log -> %SystemRoot%\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 30/08/2007 17:06:00 | Attr = ] wiaservc.log -> %SystemRoot%\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 30/08/2007 17:05:58 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 816 bytes | Modified Date = 29/08/2007 16:54:26 | Attr = ] WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 1819918 bytes | Modified Date = 04/09/2007 05:59:24 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 20/08/2007 03:01:04 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 31/08/2007 10:23:02 | Attr = ] HPpromotions journeysoftware.job -> %SystemRoot%\tasks\HPpromotions journeysoftware.job -> [Ver = | Size = 364 bytes | Modified Date = 04/09/2007 12:00:02 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 30/08/2007 17:05:50 | Attr = H ] aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 28/07/2007 00:07:22 | Attr = ] AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 95608 bytes | Modified Date = 27/07/2007 23:57:50 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 03/09/2007 03:00:24 | Attr = ] cdm.dll -> %System32%\cdm.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 92504 bytes | Modified Date = 30/07/2007 19:19:20 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 28/08/2007 14:27:04 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 30/08/2007 16:43:40 | Attr = ] MRT.exe -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.32.2278.0 | Size = 16789464 bytes | Modified Date = 03/08/2007 06:34:10 | Attr = ] my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Modified Date = 31/08/2007 18:43:04 | Attr = ] my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ] my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Modified Date = 31/08/2007 17:53:16 | Attr = ] my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 64484 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 446566 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 956504 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] printer.exe -> %System32%\printer.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] stera.job -> %System32%\stera.job -> [Ver = | Size = 2 bytes | Modified Date = 28/08/2007 08:16:56 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3132 bytes | Modified Date = 30/08/2007 17:02:12 | Attr = ] tmp.txt -> %System32%\tmp.txt -> [Ver = | Size = 0 bytes | Modified Date = 30/08/2007 17:02:12 | Attr = ] tzchange.exe -> %System32%\tzchange.exe -> Microsoft Corporation [Ver = 5.1.2600.3180 (xpsp_sp2_gdr.070718-1245) | Size = 60416 bytes | Modified Date = 18/07/2007 14:42:22 | Attr = ] TZLog.log -> %System32%\TZLog.log -> [Ver = | Size = 249272 bytes | Modified Date = 03/09/2007 03:00:32 | Attr = ] WinAvXX.exe -> %System32%\WinAvXX.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 30/08/2007 17:06:18 | Attr = ] wuapi.dll -> %System32%\wuapi.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 549720 bytes | Modified Date = 30/07/2007 19:19:36 | Attr = ] wuapi.dll.mui -> %System32%\wuapi.dll.mui -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 30040 bytes | Modified Date = 30/07/2007 19:19:52 | Attr = ] wuauclt.exe -> %System32%\wuauclt.exe -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 53080 bytes | Modified Date = 30/07/2007 19:19:16 | Attr = ] wuaucpl.cpl -> %System32%\wuaucpl.cpl -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 216408 bytes | Modified Date = 30/07/2007 19:19:28 | Attr = ] wuaucpl.cpl.mui -> %System32%\wuaucpl.cpl.mui -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 30040 bytes | Modified Date = 30/07/2007 19:20:06 | Attr = ] wuaueng.dll -> %System32%\wuaueng.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 1712984 bytes | Modified Date = 30/07/2007 19:19:42 | Attr = ] wuaueng.dll.mui -> %System32%\wuaueng.dll.mui -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 21336 bytes | Modified Date = 30/07/2007 19:18:48 | Attr = ] wucltui.dll -> %System32%\wucltui.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 325976 bytes | Modified Date = 30/07/2007 19:19:32 | Attr = ] wucltui.dll.mui -> %System32%\wucltui.dll.mui -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 38232 bytes | Modified Date = 30/07/2007 19:19:04 | Attr = ] wups.dll -> %System32%\wups.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 33624 bytes | Modified Date = 30/07/2007 19:18:40 | Attr = ] wups2.dll -> %System32%\wups2.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 43352 bytes | Modified Date = 30/07/2007 19:19:12 | Attr = ] wuweb.dll -> %System32%\wuweb.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 203096 bytes | Modified Date = 30/07/2007 19:19:28 | Attr = ] cdm.dll -> %System32%\dllcache\cdm.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 92504 bytes | Modified Date = 30/07/2007 19:19:20 | Attr = ] wuapi.dll -> %System32%\dllcache\wuapi.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 549720 bytes | Modified Date = 30/07/2007 19:19:36 | Attr = ] wuauclt.exe -> %System32%\dllcache\wuauclt.exe -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 53080 bytes | Modified Date = 30/07/2007 19:19:16 | Attr = ] wuaucpl.cpl -> %System32%\dllcache\wuaucpl.cpl -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 216408 bytes | Modified Date = 30/07/2007 19:19:28 | Attr = ] wuaueng.dll -> %System32%\dllcache\wuaueng.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 1712984 bytes | Modified Date = 30/07/2007 19:19:42 | Attr = ] wucltui.dll -> %System32%\dllcache\wucltui.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 325976 bytes | Modified Date = 30/07/2007 19:19:32 | Attr = ] wups.dll -> %System32%\dllcache\wups.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 33624 bytes | Modified Date = 30/07/2007 19:18:40 | Attr = ] wuweb.dll -> %System32%\dllcache\wuweb.dll -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 203096 bytes | Modified Date = 30/07/2007 19:19:28 | Attr = ] aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 26624 bytes | Modified Date = 27/07/2007 23:58:36 | Attr = ] aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 92848 bytes | Modified Date = 28/07/2007 00:02:50 | Attr = ] aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 94416 bytes | Modified Date = 28/07/2007 00:02:34 | Attr = ] aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 23152 bytes | Modified Date = 28/07/2007 00:00:40 | Attr = ] aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 42912 bytes | Modified Date = 27/07/2007 23:59:58 | Attr = ] AWRTPD.sys -> %System32%\drivers\AWRTPD.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 6272 bytes | Modified Date = 11/07/2007 14:37:26 | Attr = ] AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 07/08/2007 13:58:08 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 04/09/2007 14:39:54 | Attr = ] ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Modified Date = 14/08/2007 17:02:00 | Attr = ] iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Modified Date = 14/08/2007 17:02:02 | Attr = ] iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Modified Date = 14/08/2007 17:02:04 | Attr = ] kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Modified Date = 14/08/2007 17:02:06 | Attr = ] NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 07/08/2007 13:56:58 | Attr = ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 28/08/2007 13:47:30 | Attr = ] SalesMonitor -> %AllUsersAppData%\SalesMonitor -> [Folder | Modified Date = 28/08/2007 08:16:10 | Attr = R ] OpenOffice.org2 -> %UserAppData%\OpenOffice.org2 -> [Folder | Modified Date = 30/08/2007 17:05:58 | Attr = ] PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 29/08/2007 16:54:54 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 30/08/2007 17:05:54 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 6408272 bytes | Modified Date = 30/08/2007 16:50:06 | Attr = H ] 100MLT16 -> %UserDocuments%\100MLT16 -> [Folder | Modified Date = 27/08/2007 08:36:44 | Attr = ] antivirus francis -> %UserDocuments%\antivirus francis -> [Folder | Modified Date = 04/09/2007 14:47:54 | Attr = ] ARTHEXT.doc -> %UserDocuments%\ARTHEXT.doc -> [Ver = | Size = 36864 bytes | Modified Date = 10/07/2007 17:56:54 | Attr = ] BASE FACT.ods -> %UserDocuments%\BASE FACT.ods -> [Ver = | Size = 69063 bytes | Modified Date = 02/08/2007 14:08:58 | Attr = ] cc_20070829_1601.reg -> %UserDocuments%\cc_20070829_1601.reg -> [Ver = | Size = 97121 bytes | Modified Date = 29/08/2007 16:01:52 | Attr = ] demande de prix brun.doc -> %UserDocuments%\demande de prix brun.doc -> [Ver = | Size = 20992 bytes | Modified Date = 31/08/2007 13:19:26 | Attr = ] FACT -> %UserDocuments%\FACT -> [Folder | Modified Date = 20/07/2007 12:12:10 | Attr = ] FACTBASE.ods -> %UserDocuments%\FACTBASE.ods -> [Ver = | Size = 111783 bytes | Modified Date = 03/09/2007 13:33:26 | Attr = ] FACTSAUV AOUT07.ods -> %UserDocuments%\FACTSAUV AOUT07.ods -> [Ver = | Size = 112314 bytes | Modified Date = 04/09/2007 11:55:00 | Attr = ] FACTSAUV TRIE.ods -> %UserDocuments%\FACTSAUV TRIE.ods -> [Ver = | Size = 116588 bytes | Modified Date = 03/09/2007 11:46:34 | Attr = ] FACTSAUV TRIE.pdf -> %UserDocuments%\FACTSAUV TRIE.pdf -> [Ver = | Size = 202082 bytes | Modified Date = 03/09/2007 11:46:52 | Attr = ] FACTSAUV TRIE2.ods -> %UserDocuments%\FACTSAUV TRIE2.ods -> [Ver = | Size = 111731 bytes | Modified Date = 03/09/2007 13:16:22 | Attr = ] FACTSAUV TRIE2.pdf -> %UserDocuments%\FACTSAUV TRIE2.pdf -> [Ver = | Size = 197337 bytes | Modified Date = 03/09/2007 13:16:56 | Attr = ] FACTSAUVEGARDE.ods -> %UserDocuments%\FACTSAUVEGARDE.ods -> [Ver = | Size = 116895 bytes | Modified Date = 03/09/2007 11:44:56 | Attr = ] Mises à jour de programme téléchargées -> %UserDocuments%\Mises à jour de programme téléchargées -> [Folder | Modified Date = 16/07/2007 05:11:00 | Attr = ] Nouvelle base de données.odb -> %UserDocuments%\Nouvelle base de données.odb -> [Ver = | Size = 2498 bytes | Modified Date = 13/07/2007 14:28:50 | Attr = ] Nouvelle base de données.odb.lck -> %UserDocuments%\Nouvelle base de données.odb.lck -> [Ver = | Size = 16 bytes | Modified Date = 13/07/2007 18:30:36 | Attr = ] Nouvelle base de données2.odb -> %UserDocuments%\Nouvelle base de données2.odb -> [Ver = | Size = 1381 bytes | Modified Date = 13/07/2007 14:29:04 | Attr = ] Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 28160 bytes | Modified Date = 10/07/2007 05:24:52 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable -> Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 28/08/2007 13:47:36 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 28/08/2007 13:47:36 | Attr = ] Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 768 bytes | Modified Date = 29/08/2007 16:55:02 | Attr = ] carte udlm.pdf -> %UserDesktop%\carte udlm.pdf -> [Ver = | Size = 80538 bytes | Modified Date = 26/07/2007 06:26:14 | Attr = ] JACQUET.pdf -> %UserDesktop%\JACQUET.pdf -> [Ver = | Size = 1308300 bytes | Modified Date = 17/07/2007 17:06:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\JACQUET.pdf:Zone.Identifier -> Jeux.url -> %UserDesktop%\Jeux.url -> [Ver = | Size = 386 bytes | Modified Date = 29/08/2007 15:47:00 | Attr = ] JUIN1.ods -> %UserDesktop%\JUIN1.ods -> [Ver = | Size = 34382 bytes | Modified Date = 10/07/2007 08:42:42 | Attr = ] Microsoft Office Word 2003 (2).lnk -> %UserDesktop%\Microsoft Office Word 2003 (2).lnk -> [Ver = | Size = 2573 bytes | Modified Date = 16/07/2007 17:21:12 | Attr = ] Raccourci vers data sur Mac OS X Server (10.32.235.18).lnk -> %UserDesktop%\Raccourci vers data sur Mac OS X Server (10.32.235.18).lnk -> [Ver = | Size = 486 bytes | Modified Date = 03/09/2007 11:47:06 | Attr = ] SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 30/08/2007 07:46:34 | Attr = ] Traducteur.url -> %UserDesktop%\Traducteur.url -> [Ver = | Size = 404 bytes | Modified Date = 29/08/2007 15:47:00 | Attr = ] Télécharger les programmes.url -> %UserDesktop%\Télécharger les programmes.url -> [Ver = | Size = 312 bytes | Modified Date = 29/08/2007 15:47:00 | Attr = ] Vidéos.url -> %UserDesktop%\Vidéos.url -> [Ver = | Size = 390 bytes | Modified Date = 29/08/2007 15:47:00 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 04/09/2007 15:31:30 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355884 bytes | Modified Date = 04/09/2007 15:31:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> autorun.exe -> %AllUsersStartup%\autorun.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] system.exe -> %UserStartup%\system.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 28/08/2007 13:47:00 | Attr = ] [File String Scan - Non-Microsoft Only] UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 28/07/2007 00:07:22 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] aspack , -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ] aspack , -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ] UPX0 , -> %System32%\printer.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] UPX0 , -> %System32%\WinAvXX.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 14/01/2005 15:09:24 | Attr = ] Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.115.0 | Size = 426848 bytes | Modified Date = 08/04/2004 13:50:04 | Attr = ] @Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\JACQUET.pdf:Zone.Identifier -> @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> UPX0 , -> %AllUsersStartup%\autorun.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] UPX0 , -> %UserStartup%\system.exe -> Microsoft Co [Ver = 1, 0, 0, 1 | Size = 16896 bytes | Modified Date = 28/08/2007 06:29:00 | Attr = ] < End of report >
- le 4 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

BONJOUR? LA SUITE DES REJOUISSANCES / SmitFraudFix v2.217 Rapport fait à 17:01:57,82, 30/08/2007 Executé à partir de E:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Username "boss" - 2007-08-30 16:41:53 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.114.54 85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4F24856B-E7B5-42FA-8898-F1B5156B6552} "nameserver"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558} "nameserver"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FFA92BA0-7FD5-4866-B39D-58FC128F4843} "nameserver"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0AD34A51-0577-4041-A095-B90383F744E9} "DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558} "DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "SigmatelSysTrayApp"="stsystra.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "AAWTray"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\AAWTray.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\"" "WinAVX"="C:\\WINDOWS\\system32\\WinAvXX.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "DexStarter_IC-304V1"="\"C:\\Documents and Settings\\boss\\Application Data\\Color_Server_Client_Tools\\PrinterDriver\\IC-304V1\\DexRunner.bat\"" "WinAVX"="C:\\WINDOWS\\system32\\WinAvXX.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:47:54, on 04/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9327 bytes merci
- le 4 septembre 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

merci ce sera pour lundi maintenant
- le 30 août 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

j'ai fait l'option 2 session administrateur en mode sans échec et j'ai redémarré mais sur une autre session en mode normal, j'ai lancé FixWAreOut sans problème et là au redémarrage il m'a dit qu'il ne trouvait pas la dll printtools. Et cette merde de winantivirus s'est réactivé. J'ai relancé l'option 2 et c'est là qu'il m'a refusé le nettoyage des registres. Je pense qu'il faut refaire tout à zéro. dur dur
- le 30 août 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

j'ai commencé la manip et quand je veux nettoyer le registre j'ai un message "manip interdite par votre admin" je suis sur la session admin rien à faire. par contre au boot il me dit que printertools est absent. Je ne bosse pas demain on verra ça lundi merci de ta patience.
- le 30 août 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

bonjour, ci joint le rapport merci SmitFraudFix v2.217 Rapport fait à 7:46:00,89, 30/08/2007 Executé à partir de C:\Documents and Settings\boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Outlook Express\msimn.exe C:\Devis10\Integr10.exe C:\WINDOWS\system32\W32MKDE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\hadjajr.ini PRESENT ! C:\WINDOWS\system32\printer.exe PRESENT ! C:\WINDOWS\system32\vtr???.dll PRESENT ! C:\WINDOWS\system32\WinAvXX.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boss »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boss\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\boss\MENUDM~1\PROGRA~1\PornoPlayer PRESENT ! C:\DOCUME~1\boss\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\boss\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\PornoPlayer\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\hadjajr.ini" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="kdntb.exe" kdntb.exe détecté ! »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Intel® PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.114.54 DNS Server Search Order: 85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0AD34A51-0577-4041-A095-B90383F744E9}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0AD34A51-0577-4041-A095-B90383F744E9}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0AD34A51-0577-4041-A095-B90383F744E9}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: DhcpNameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer=85.255.114.54,85.255.112.26 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.54 85.255.112.26 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.54 85.255.112.26 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.54 85.255.112.26 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
- le 30 août 2007
- 41 réponses
windows antivirus encoore lui

triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares

merci pour ton aide. Je ferai la manip demain matin au bureau.
- le 29 août 2007
- 41 réponses
windows antivirus encoore lui

triton a posté un sujet dans Analyses et éradication malwares

bonjour à tous pas facile de se débarasser de windowsantivirus qui revient à chaque fois. ci-joints logs : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:54:42, on 29/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CCleaner\ccleaner.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [install_BlueDSL] D:\install.exe O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9974 bytes StartupList report, 29/08/2007, 16:41:16 StartupList version: 1.52.2 Started from : C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage] Moniteur & Configuration.lnk = ? OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe SigmatelSysTrayApp = stsystra.exe ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe dla = C:\WINDOWS\system32\dla\tfswctrl.exe ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" {0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background DexStarter_IC-304V1 = "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hadjajr.ini -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job HPpromotions journeysoftware.job Rappel d'abonnement 1 auprès de l'ISP.job -------------------------------------------------- Enumerating Download Program Files: [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) drvnddm: system32\drivers\drvnddm.sys (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Fax: %systemroot%\system32\fxssvc.exe (autostart) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (autostart) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de lancement de WlanCfg: %SystemRoot%\wlancfg.exe SVC (autostart) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 15 085 bytes Report generated in 0,218 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only il s'agit de mon micro au boulot. merci pour votre aide Go to the top of the pageReport Post Edit Post+Quote Post V Édition complète V Édition rapide chef Note: 2 Voir le profil Ajouter à mes amis Envoyer un message Chercher ses sujets Chercher ses messages posté Aujourd'hui à 18h48 Message #2 Mega Power Member Icône de groupe Groupe : Membres Messages : 301 Inscrit : 07/07/2007 Membre n° 186633 Mes langues: FRANCAIS/ANGLAIS CITATION(triton @ mercredi 29 août 2007 à 18h22) * bonjour à tous pas facile de se débarasser de windowsantivirus qui revient à chaque fois. ci-joints logs : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:54:42, on 29/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CCleaner\ccleaner.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [install_BlueDSL] D:\install.exe O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9974 bytes StartupList report, 29/08/2007, 16:41:16 StartupList version: 1.52.2 Started from : C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage] Moniteur & Configuration.lnk = ? OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe SigmatelSysTrayApp = stsystra.exe ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe dla = C:\WINDOWS\system32\dla\tfswctrl.exe ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" {0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background DexStarter_IC-304V1 = "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hadjajr.ini -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job HPpromotions journeysoftware.job Rappel d'abonnement 1 auprès de l'ISP.job -------------------------------------------------- Enumerating Download Program Files: [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) drvnddm: system32\drivers\drvnddm.sys (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Fax: %systemroot%\system32\fxssvc.exe (autostart) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (autostart) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de lancement de WlanCfg: %SystemRoot%\wlancfg.exe SVC (autostart) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 15 085 bytes Report generated in 0,218 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only il s'agit de mon micro au boulot. merci pour votre aide
- le 29 août 2007
- 41 réponses
windows antivirus

triton a répondu à un(e) sujet de triton dans Software

ok merci
- le 29 août 2007
- 2 réponses
windows antivirus

triton a posté un sujet dans Software

bonjour à tous pas facile de se débarasser de windowsantivirus qui revient à chaque fois. ci-joints logs : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:54:42, on 29/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CCleaner\ccleaner.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [install_BlueDSL] D:\install.exe O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moniteur & Configuration.lnk = ? O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer = 85.255.114.54,85.255.112.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26 O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9974 bytes StartupList report, 29/08/2007, 16:41:16 StartupList version: 1.52.2 Started from : C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage] Moniteur & Configuration.lnk = ? OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe SigmatelSysTrayApp = stsystra.exe ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe dla = C:\WINDOWS\system32\dla\tfswctrl.exe ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" {0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background DexStarter_IC-304V1 = "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat" WinAVX = C:\WINDOWS\system32\WinAvXX.exe -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hadjajr.ini -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job HPpromotions journeysoftware.job Rappel d'abonnement 1 auprès de l'ISP.job -------------------------------------------------- Enumerating Download Program Files: [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) drvnddm: system32\drivers\drvnddm.sys (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Fax: %systemroot%\system32\fxssvc.exe (autostart) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (autostart) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de lancement de WlanCfg: %SystemRoot%\wlancfg.exe SVC (autostart) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 15 085 bytes Report generated in 0,218 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only il s'agit de mon micro au boulot. merci pour votre aide
- le 29 août 2007
- 2 réponses
xp2800+ poussif

triton a répondu à un(e) sujet de triton dans Overclocking

je viens d'ajouter une deuxieme barette de mémoire 512 pc 2700 et la c'est instable, plantage de firefox, photoshop qui plante avec écran bleu etc dur dur y a t'il un réglage oublié dans le bios merci
- le 14 décembre 2004
- 8 réponses
xp2800+ poussif

triton a répondu à un(e) sujet de triton dans Overclocking

c'est effectivement un barton, j'ai reglé le fsb à 166 je tourne donc à 2100 mhz avec 53° au repos et 57 en "action" je n'ose pas aller plus haut pour le moment. merci à tous pour vos précieux conseils
- le 14 décembre 2004
- 8 réponses
xp2800+ poussif

triton a répondu à un(e) sujet de triton dans Overclocking

c'est encore moi, je viens de passer le fsb à 166 j'ai maintenant une vitesse de 2100 avec une température de 53° je vais suivre les conseils du forum et changer le ventirad
- le 12 décembre 2004
- 8 réponses
xp2800+ poussif

triton a répondu à un(e) sujet de triton dans Overclocking

merci pur ta répose rapide, ok pour le ventilo je vais trouver celui que tu préconises si j'ai bien compris je n'ai rien d'autre à régler dans le bios ?
- le 12 décembre 2004
- 8 réponses
xp2800+ poussif

triton a posté un sujet dans Overclocking

bonsoir à tous, après un flashage du bios de ma carte mère msi ms-6590 j'ai tout réglé "par défaut" je me suis retrouvé avec une fréquence de 1230 mhz. en tatonnant et en suivant les conseils du forum j'ai monté un peu les valeurs fsb à 155 pour arriver à 1944 de clock, puis je aller plus loin et quelles sont les manips à faire au niveau de la ram (les réglages sont tous en automatique) la température actuelle du proc est de 51° la ram est une pc 2700 de 512. j'envisage de rajouter une autre barette de 512, dois-je mettre une pc2700 ou autre merci pour votre aide car j'ai peur des dégats !!!!!
- le 12 décembre 2004
- 8 réponses

Connexion

triton

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par triton

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus encoore lui

windows antivirus

windows antivirus

xp2800+ poussif

xp2800+ poussif

xp2800+ poussif

xp2800+ poussif

xp2800+ poussif

Zebulon

Outils en ligne

Naviguer