PAPI84
-
Compteur de contenus
23 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par PAPI84
-
-
Salut Charles
J'ai regardé dans C/ et il y ce Combofix - bloc-notes
Avant de faire la manip de ton dernier message je le poste
"Pierrot" - 2007-06-05 15:00:47 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Pierrot\Bureau\"
((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))
2007-06-04 15:24 <REP> d-------- C:\Program Files\SPYWAREfighter
2007-06-04 15:24 <REP> d-------- C:\Program Files\Fichiers communs\Application
2007-06-02 10:16 853 --a------ C:\reboot.cmd
2007-06-02 10:16 68,096 --a------ C:\diff.exe
2007-06-02 10:16 103,424 --a------ C:\grep.exe
2007-06-02 10:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 16:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-01 13:13 <REP> d-------- C:\Program Files\Lavasoft
2007-06-01 11:44 <REP> d-------- C:\WINDOWS\CSC
2007-05-31 09:36 5,242,880 --a------ C:\DOCUME~1\Pierrot\ntuser.dat
2007-05-31 09:36 <REP> d-------- C:\DOCUME~1\Pierrot\APPLIC~1\InstallShield Installation Information
2007-05-28 15:11 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-05-28 15:11 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-05-27 08:41 <REP> d-------- C:\Program Files\AxBx
2007-05-10 11:18 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 15:12 <REP> d-------- C:\Program Files\Spamihilator
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-04 12:36:13 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-06-03 14:35:26 -------- d-----w C:\Program Files\eMule
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Share_Accelerator
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Multi_Media
2007-06-01 18:37:27 -------- d-----w C:\Program Files\Sunbelt Software
2007-05-31 12:21:04 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Lavasoft
2007-05-31 12:19:53 -------- d-----w C:\Program Files\IncrediMail
2007-05-29 10:02:07 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Canon
2007-05-29 07:49:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-03 12:51:46 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Skype
2007-05-01 16:11:21 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-01 16:02:25 -------- d-----w C:\Program Files\Fichiers communs\Agnitum Shared
2007-05-01 16:02:23 -------- d-----w C:\Program Files\Agnitum
2007-05-01 09:32:20 505,483 --sh--w C:\WINDOWS\system32\bbadd.ini2
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 15:17:18 520,880 --sh--w C:\WINDOWS\system32\bbadd.bak2
2007-04-27 13:41:22 281,348 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-23 07:03:44 82,882 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-04-23 07:03:44 485,902 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 10:44:00 96,400 ----a-w C:\DOCUME~1\Pierrot\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-30 11:16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"GSICONEXE"="GSICON.EXE" [2007-01-08 11:50 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2007-01-08 11:50 C:\WINDOWS\system32\dslagent.exe]
"OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 13:09]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-01-25 16:08]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-01-25 16:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-24 23:08]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2006-12-03 14:19]
"@"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 20:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 11:16]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 15:49]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 15:03:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1340]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-05 15:05:30
C:\ComboFix-quarantined-files.txt ... 2007-06-05 15:05
C:\ComboFix2.txt ... 2007-06-02 10:03
--- E O F ---
Je ferai faire la dernière manip par mon fils car j'ai peur de tout planter
il touche beuacoup plus que moi .Encore merci pour tout le boulot que tu fais pour moi
Cordialement Pierre
-
Salut Charles
excuses moi pour cette réponse tardive (problème perso)
j'ai fais les manips de ton dernier message voiçi les réponses:
SDFix: Version 1.86
Run by Pierrot - 04/06/2007 - 14:21:14,20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
ndis.sys Infected!
Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...
Unable To Replace Patched File!
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\CP1041.NLS - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100640.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100642.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100645.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100650.dll
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\ywbfdwas.tmp
Listing User Accounts:
comptes d'utilisateurs de \\121879940317
Administrateur ASPNET HelpAssistant
Invit‚ Pierrot SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Effectué le 06/06/2007 à 9:08:10,35.
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\WINDOWS\system32\drivers
27/04/2007 15:41 281 348 ndis.sys
1 fichier(s) 281 348 octets
j'ai eu deux écrans bleu à la lecture problème de pilote
1 le 05/06/07 obligé de refaire un point de restauration à la date du 04/06/07 pour redémarrer
et 1 il y a dix minutes redémarrage normal.
Effectué le 06/06/2007 à 9:08:10,35.
voiçi les nouvelles
Par avance merci
Pierre
-
Salut Charles
Voici le rapport COMBOFIX.EXE
"Pierrot" - 2007-06-05 15:00:47 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Pierrot\Bureau\"
((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))
2007-06-04 15:24 <REP> d-------- C:\Program Files\SPYWAREfighter
2007-06-04 15:24 <REP> d-------- C:\Program Files\Fichiers communs\Application
2007-06-02 10:16 853 --a------ C:\reboot.cmd
2007-06-02 10:16 68,096 --a------ C:\diff.exe
2007-06-02 10:16 103,424 --a------ C:\grep.exe
2007-06-02 10:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 16:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-01 13:13 <REP> d-------- C:\Program Files\Lavasoft
2007-06-01 11:44 <REP> d-------- C:\WINDOWS\CSC
2007-05-31 09:36 5,242,880 --a------ C:\DOCUME~1\Pierrot\ntuser.dat
2007-05-31 09:36 <REP> d-------- C:\DOCUME~1\Pierrot\APPLIC~1\InstallShield Installation Information
2007-05-28 15:11 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-05-28 15:11 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-05-27 08:41 <REP> d-------- C:\Program Files\AxBx
2007-05-10 11:18 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 15:12 <REP> d-------- C:\Program Files\Spamihilator
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-04 12:36:13 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-06-03 14:35:26 -------- d-----w C:\Program Files\eMule
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Share_Accelerator
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Multi_Media
2007-06-01 18:37:27 -------- d-----w C:\Program Files\Sunbelt Software
2007-05-31 12:21:04 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Lavasoft
2007-05-31 12:19:53 -------- d-----w C:\Program Files\IncrediMail
2007-05-29 10:02:07 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Canon
2007-05-29 07:49:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-03 12:51:46 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Skype
2007-05-01 16:11:21 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-01 16:02:25 -------- d-----w C:\Program Files\Fichiers communs\Agnitum Shared
2007-05-01 16:02:23 -------- d-----w C:\Program Files\Agnitum
2007-05-01 09:32:20 505,483 --sh--w C:\WINDOWS\system32\bbadd.ini2
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 15:17:18 520,880 --sh--w C:\WINDOWS\system32\bbadd.bak2
2007-04-27 13:41:22 281,348 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-23 07:03:44 82,882 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-04-23 07:03:44 485,902 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 10:44:00 96,400 ----a-w C:\DOCUME~1\Pierrot\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-30 11:16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"GSICONEXE"="GSICON.EXE" [2007-01-08 11:50 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2007-01-08 11:50 C:\WINDOWS\system32\dslagent.exe]
"OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 13:09]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-01-25 16:08]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-01-25 16:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-24 23:08]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2006-12-03 14:19]
"@"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 20:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 11:16]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 15:49]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 15:03:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1340]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-05 15:05:30
C:\ComboFix-quarantined-files.txt ... 2007-06-05 15:05
C:\ComboFix2.txt ... 2007-06-02 10:03
--- E O F ---
Encore merci
Pierre
-
Charles
j'ai fais la manip avec SDFIX + un scan hijackthis
SDFix: Version 1.86
Run by Pierrot - 04/06/2007 - 14:21:14,20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
ndis.sys Infected!
Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...
Unable To Replace Patched File!
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\CP1041.NLS - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100640.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100642.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100645.dll
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP195\A0100650.dll
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\ywbfdwas.tmp
Listing User Accounts:
comptes d'utilisateurs de \\121879940317
Administrateur ASPNET HelpAssistant
Invit‚ Pierrot SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Logfile of HijackThis v1.99.1
Scan saved at 14:36:18, on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:36:18, on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Voiçi le resultat.
Par avance merci pour la réponse
Pierre
-
Salut Charles
Je viens de faire la procédure suivant :
Etape 1 ok
Etape 2 ok
Etape 3 j'ai fais toute cette étape:
Dans cette étape il n'y a pas la dll : plelf.dll
Il y a: mswsock.dll - winrnr.dll - rsvpsp.dll dans 'keep'
Je n'ai rien fais et j'ai redémarré l'ordi en mode normal.
Cordialement Pierre
-
Charles
Quelle patience avec moi
Oui deux fois pour ComoboFix
Voiçi la suite
Logfile of HijackThis v1.99.1
Scan saved at 13:37:58, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\plelf.dll
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
DiagHelp version v1.1 - http://www.malekal.com
excute le 02/06/2007 à 14:12:08,73
Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\fwdrv.err -->02/06/2007 14:10:22
C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55
C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42
C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41
C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51
C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23
C:\WINDOWS\System32/drivers\ndis.sys -->27/04/2007 15:41:22
C:\WINDOWS\System32\wpa.dbl -->02/06/2007 11:02:42
C:\WINDOWS\System32\plelf.dll -->02/06/2007 10:03:52
C:\WINDOWS\System32\CmdLineExt03.dll -->29/05/2007 09:49:11
C:\WINDOWS\System32\FNTCACHE.DAT -->28/05/2007 08:41:08
C:\WINDOWS\System32\mcrh.tmp -->16/05/2007 08:31:48
C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->09/05/2007 15:03:50
C:\WINDOWS\System32\enchtjly.ini -->09/05/2007 10:20:09
C:\WINDOWS\System32\CONFIG.NT -->03/05/2007 14:16:39
C:\WINDOWS\System32\bbadd.ini2 -->01/05/2007 11:32:20
C:\WINDOWS\System32\cmpoqbkg.ini -->01/05/2007 11:28:28
C:\WINDOWS\System32\aswBoot.exe -->30/04/2007 17:46:10
C:\WINDOWS\System32\AVASTSS.scr -->30/04/2007 17:35:28
C:\WINDOWS\System32\bbadd.bak2 -->28/04/2007 17:17:18
C:\WINDOWS\System32\MRT.exe -->27/04/2007 22:45:12
C:\WINDOWS\System32\dgxushyj.ini -->27/04/2007 18:59:31
C:\WINDOWS\System32\sqevksgy.ini -->24/04/2007 17:01:56
C:\WINDOWS\System32\eecuhtue.ini -->23/04/2007 09:21:09
C:\WINDOWS\System32\PerfStringBackup.INI -->23/04/2007 09:03:44
C:\WINDOWS\System32\perfh00C.dat -->23/04/2007 09:03:44
C:\WINDOWS\System32\perfh009.dat -->23/04/2007 09:03:44
C:\WINDOWS\System32\perfc00C.dat -->23/04/2007 09:03:44
C:\WINDOWS\System32\perfc009.dat -->23/04/2007 09:03:44
C:\WINDOWS\System32\pvkyispe.ini -->20/04/2007 14:11:19
C:\WINDOWS\System32\thksgscg.ini -->19/04/2007 10:32:03
C:\WINDOWS\System32\msi.dll -->18/04/2007 18:14:18
C:\WINDOWS.log -->02/06/2007 11:01:59
C:\WINDOWS\WindowsUpdate.log -->02/06/2007 11:01:30
C:\WINDOWS\wiadebug.log -->02/06/2007 11:01:23
C:\WINDOWS\wiaservc.log -->02/06/2007 11:01:17
C:\WINDOWS\bootstat.dat -->02/06/2007 11:00:22
C:\WINDOWS\SchedLgU.Txt -->02/06/2007 10:59:25
C:\WINDOWS\setupapi.log -->01/06/2007 16:28:51
C:\WINDOWS\win.ini -->01/06/2007 13:13:12
C:\WINDOWS\system.ini -->01/06/2007 13:13:12
C:\WINDOWS\wwdslcfg.log -->01/06/2007 11:53:43
C:\WINDOWS\MEMORY.DMP -->31/05/2007 14:01:42
C:\WINDOWS\catchme.exe -->28/05/2007 04:23:11
C:\WINDOWS\tsoc.log -->23/05/2007 20:10:09
C:\WINDOWS\tabletoc.log -->23/05/2007 20:10:09
C:\WINDOWS\ocmsn.log -->23/05/2007 20:10:09
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\WINDOWS\system32
10/08/2004 15:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 196 449 386 496 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\WINDOWS\Downloaded Program Files
01/06/2007 16:28 <REP> .
01/06/2007 16:28 <REP> ..
22/11/2006 22:12 73 216 Account.dll
22/11/2006 22:00 216 Account.inf
23/09/2004 20:09 65 desktop.ini
25/07/2002 18:13 24 576 dwusplay.dll
25/07/2002 18:13 196 608 dwusplay.exe
25/06/2006 13:50 1 793 erma.inf
25/07/2002 18:05 172 032 isusweb.dll
08/08/2006 11:45 576 kavwebscan.inf
11/12/2006 17:44 367 LegitCheckControl.inf
27/06/2006 15:52 2 856 MCLPhoto.INF
27/06/2006 16:04 263 984 MCLPhoto.ocx
26/05/2005 04:19 293 muweb.inf
13/10/2005 17:23 380 928 npSeaTools_FR.dll
01/11/2005 14:06 892 npSeaTools_FR.inf
07/09/2006 13:15 142 848 UDC6V_0001_D19M0709NetInstaller.exe
15 fichier(s) 1 261 250 octets
Total des fichiers listés :
15 fichier(s) 1 261 250 octets
2 Rép(s) 196 449 382 400 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Export de la clef SharedTaskScheduler
[sharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 14:12:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
536 - sqlservr.exe
728 - csrss.exe
764 - winlogon.exe
808 - services.exe
820 - lsass.exe
996 - svchost.exe
1060 - ashDisp.exe
1084 - svchost.exe
1136 - svchost.exe
1180 - CLI.exe
1204 - kpf4ss.exe
1228 - svchost.exe
1292 - svchost.exe
1432 - ashServ.exe
1484 - DetectorApp.exe
1516 - RTHDCPL.exe
1672 - explorer.exe
1856 - spoolsv.exe
2016 - AOLacsd.exe
2040 - gsicon.exe
2120 - ntvdm.exe
2184 - svchost.exe
2252 - svchost.exe
2392 - mcrdsvc.exe
2492 - PMSHost.exe
2544 - ctfmon.exe
2556 - kpf4gui.exe
2604 - GoogleToolbarNo
2692 - cmd.exe
2760 - iexplore.exe
3108 - svchost.exe
3392 - ashMaiSv.exe
3488 - kpf4gui.exe
3540 - ashWebSv.exe
3732 - dllhost.exe
4000 - CLI.exe
4012 - CLI.exe
Total number of processes = 37
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
F7990000 - \WINDOWS\system32\KDCOM.DLL
F78A0000 - \WINDOWS\system32\BOOTVID.dll
F72B8000 - sptd.sys
F7992000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F72A0000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7271000 - ACPI.sys
F7260000 - pci.sys
F7490000 - isapnp.sys
F7A58000 - pciide.sys
F7710000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7994000 - aliide.sys
F7996000 - cmdide.sys
F7998000 - toside.sys
F799A000 - viaide.sys
F799C000 - intelide.sys
F74A0000 - MountMgr.sys
F7241000 - ftdisk.sys
F799E000 - dmload.sys
F721B000 - dmio.sys
F7718000 - PartMgr.sys
F74B0000 - VolSnap.sys
F78A4000 - cpqarray.sys
F7203000 - atapi.sys
F78A8000 - aha154x.sys
F7720000 - sparrow.sys
F78AC000 - symc810.sys
F74C0000 - aic78xx.sys
F78B0000 - dac960nt.sys
F74D0000 - ql10wnt.sys
F78B4000 - amsint.sys
F7728000 - asc.sys
F78B8000 - asc3550.sys
F7730000 - mraid35x.sys
F7738000 - i2omp.sys
F78BC000 - ini910u.sys
F74E0000 - ql1240.sys
F74F0000 - aic78u2.sys
F7740000 - symc8xx.sys
F7748000 - sym_hi.sys
F7750000 - sym_u3.sys
F7758000 - ABP480N5.SYS
F7760000 - asc3350p.sys
F79A0000 - cd20xrnt.sys
F7500000 - ultra.sys
F71EA000 - adpu160m.sys
F7768000 - dpti2o.sys
F7510000 - ql1080.sys
F7520000 - ql1280.sys
F7530000 - ql12160.sys
F7770000 - perc2.sys
F79A2000 - perc2hib.sys
F7778000 - hpn.sys
F78C0000 - cbidf2k.sys
F71BE000 - dac2w2k.sys
F7540000 - disk.sys
F7550000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F719E000 - fltMgr.sys
F718C000 - sr.sys
F7560000 - PxHelp20.sys
F7175000 - KSecDD.sys
F70E8000 - Ntfs.sys
F70B9000 - NDIS.sys
F7085000 - timntr.sys
F7570000 - viaagp.sys
F7070000 - snapman.sys
F7580000 - sisagp.sys
F7590000 - ohci1394.sys
F75A0000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7055000 - Mup.sys
F75B0000 - alim1541.sys
F75C0000 - amdagp.sys
F75D0000 - agp440.sys
F75E0000 - agpCPQ.sys
F7610000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6D8F000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F6D7B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7810000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F6D58000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7818000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7620000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7820000 - \SystemRoot\System32\Drivers\ASAPIW2K.sys
F6F71000 - \SystemRoot\system32\drivers\pfc.sys
F7630000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F7640000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6D35000 - \SystemRoot\system32\DRIVERS\ks.sys
F6D10000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F6CFC000 - \SystemRoot\system32\DRIVERS\Rtnicxp.sys
F6CB2000 - \SystemRoot\System32\Drivers\a8qmx8ee.SYS
F7650000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7890000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7788000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7AE0000 - \SystemRoot\system32\DRIVERS\audstub.sys
F7670000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F6F41000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6BD9000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F7680000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F7690000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F77D8000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6BC8000 - \SystemRoot\system32\DRIVERS\psched.sys
F76A0000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F77E8000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F77F8000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7800000 - \SystemRoot\system32\DRIVERS\wanatw4.sys
F6B97000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F76B0000 - \SystemRoot\system32\DRIVERS\termdd.sys
F79B4000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6B3B000 - \SystemRoot\system32\DRIVERS\update.sys
F6F1D000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6B0D000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
F7828000 - \SystemRoot\system32\DRIVERS\NkVBus.sys
F76C0000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F76F0000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F79BA000 - \SystemRoot\system32\DRIVERS\USBD.SYS
AABF3000 - \SystemRoot\system32\drivers\RtkHDAud.sys
AABD1000 - \SystemRoot\system32\drivers\portcls.sys
F7700000 - \SystemRoot\system32\drivers\drmk.sys
F79C0000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
F79C4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B4D000 - \SystemRoot\System32\Drivers\Null.SYS
F79C8000 - \SystemRoot\System32\Drivers\Beep.SYS
F7868000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7870000 - \SystemRoot\System32\drivers\vga.sys
F79CE000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F79D2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
AAB40000 - \SystemRoot\system32\drivers\fwdrv.sys
F7880000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7898000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6F4D000 - \SystemRoot\system32\DRIVERS\rasacd.sys
AAB2D000 - \SystemRoot\system32\DRIVERS\ipsec.sys
AAAD5000 - \SystemRoot\system32\DRIVERS\tcpip.sys
AAAB4000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7045000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F7035000 - \SystemRoot\system32\DRIVERS\wanarp.sys
AA9EC000 - \SystemRoot\system32\DRIVERS\netbt.sys
F6B83000 - \SystemRoot\System32\drivers\ws2ifsl.sys
AA9CA000 - \SystemRoot\System32\drivers\afd.sys
F7025000 - \SystemRoot\system32\DRIVERS\netbios.sys
AA99F000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F6B7B000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
AA930000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
AA91F000 - \SystemRoot\system32\drivers\khips.sys
F77F0000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7005000 - \SystemRoot\System32\Drivers\Fips.SYS
F6AE5000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F6AD5000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F6AAD000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F6FE5000 - \SystemRoot\System32\Drivers\Cdfs.SYS
AA867000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F79DE000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F6F59000 - \SystemRoot\System32\drivers\Dxapi.sys
F7830000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7AA5000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA17000 - \SystemRoot\System32\ati2cqag.dll
BFA51000 - \SystemRoot\System32\atikvmag.dll
BFA87000 - \SystemRoot\System32\ati3duag.dll
BFCEE000 - \SystemRoot\System32\ativvaxx.dll
AA8A7000 - \SystemRoot\system32\DRIVERS\tifsfilt.sys
A8672000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
A84EC000 - \SystemRoot\System32\Drivers\aswMon2.SYS
A81C7000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
A818A000 - \SystemRoot\system32\drivers\wdmaud.sys
A8334000 - \SystemRoot\system32\drivers\sysaudio.sys
F79A6000 - \SystemRoot\System32\Drivers\ASCTRM.SYS
A7F19000 - \SystemRoot\System32\Drivers\HTTP.sys
A7E9F000 - \SystemRoot\system32\DRIVERS\srv.sys
A7490000 - \SystemRoot\System32\Drivers\aswRdr.SYS
A713A000 - \SystemRoot\system32\DRIVERS\gwausb.sys
F7B64000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
A6F04000 - \SystemRoot\system32\drivers\kmixer.sys
Total number of drivers = 174
Liste des programmes installes
Ad-Aware SE Personal
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9 - Français
Adobe Shockwave Player
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIDA32 v3.93
AIDA32 v3.93
Archiveur WinRAR
ArcSoft Panorama Maker 3
ArcSoft PhotoBase
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft PhotoStudio 2000
ATI Catalyst Control Center
AutoUpdate
avast! Antivirus
avast! Antivirus
Canon iP1600
Canon iP1600
Canon ScanGear Toolbox 3.1
Canon ScanGear Toolbox 3.1
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint
Capturino 1.4
Capturino 1.4
CCleaner (remove only)
CCleaner (remove only)
Cloneur Expert
Cloneur Expert
Codeur Windows Media Série 9
Codeur Windows Media Série 9
Coloriage
Coloriage
Correctif n° 2 pour Windows XP Édition Media Center 2005
Correctif n° 2 pour Windows XP Édition Media Center 2005
Correctif pour Windows XP (KB888795)
Correctif pour Windows XP (KB888795)
Correctif pour Windows XP (KB891593)
Correctif pour Windows XP (KB891593)
Correctif pour Windows XP (KB896256)
Correctif pour Windows XP (KB896256)
Correctif pour Windows XP (KB899337)
Correctif pour Windows XP (KB899337)
Correctif pour Windows XP (KB899510)
Correctif pour Windows XP (KB899510)
Correctif pour Windows XP (KB902841)
Correctif pour Windows XP (KB902841)
Correctif pour Windows XP (KB910728)
Correctif pour Windows XP (KB912024)
Correctif pour Windows XP (KB914440)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB891781
Correctif Windows XP - KB895961
Correctif Windows XP - KB895961
D-Link DSL-200 ADSL Modem
DiscAPI (Studio 10)
DivX Codec
DivX Content Uploader
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dora l'exploratrice : Les animaux de la jungle
Dora La Cité Perdue
Dora Sakado
Démo de Dora au pays des contes de fées
eMule
eMule
EVEREST Home Edition v2.20
EVEREST Home Edition v2.20
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
HijackThis 1.99.1
Hijackthis Version Française
Hijackthis Version Française
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
Java SE Runtime Environment 6 Update 1
jv16 PowerTools 1.3
jv16 PowerTools 1.3
Kaspersky Online Scanner
Kaspersky Online Scanner
Language pack for Ad-Aware SE
Lecteur Windows Media 11
LightScribe 1.4.44.1
LimeWire 4.12.11
Macromedia Flash Player 8
Macromedia Shockwave Player
Micro Application - 1, 2, 3 Photo 2006
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional avec FrontPage
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour pour Lecteur Windows Media 10 (KB910393)
Mise à jour pour Lecteur Windows Media 10 (KB913800)
Mise à jour pour Lecteur Windows Media 10 (KB926251)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Multi Media Toolbar
Multi Virus Cleaner 2007
Nero Suite
OmniPage Pro 9.0
PhotoFiltre
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pinnacle Studio LINX
Plus de 15 000 Cliparts Volume 1
PowerDVD
QuickTime
QuickTime
QuickTime
RAPID (Studio 10)
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Scan Manager 5.2
Seagate SeaTools Online French
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update pour Microsoft .NET Framework 2.0 (KB922770)
Share Accelerator Toolbar
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Spamihilator
Studio 10
Studio 8
Sunbelt Personal Firewall
Ulead DVD DiskRecorder 2.1.1
Ulead PhotoImpact 10 SE
Ulead VideoStudio 9.0 SE DVD
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Yahoo! Toolbar
Yahoo! Toolbar avec bloqueur de fenêtres pop-up
Yoodoo
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\Program Files
31/05/2007 14:21 <REP> .
31/05/2007 14:21 <REP> ..
08/02/2007 13:25 <REP> 3B Software
27/02/2007 11:07 <REP> Adobe
01/05/2007 18:02 <REP> Agnitum
10/01/2007 13:52 <REP> Ahead
12/01/2007 22:07 <REP> AIDA32 - Enterprise System Information
25/01/2007 15:23 <REP> Alcohol Soft
05/01/2007 17:11 <REP> Alwil Software
22/11/2006 02:51 <REP> AOL Compagnon
04/02/2007 19:37 <REP> ArcSoft
01/03/2007 15:35 <REP> Atari
22/11/2006 02:50 <REP> ATI Technologies
09/02/2007 15:44 <REP> AudioTest
27/05/2007 08:41 <REP> AxBx
27/01/2007 17:33 <REP> BitTorrent
09/01/2007 14:43 <REP> Caere
05/02/2007 10:26 <REP> Canon
04/02/2007 19:13 <REP> Capturino 1.4
06/01/2007 14:17 <REP> CCleaner
22/11/2006 02:50 <REP> ComPlus Applications
22/11/2006 02:50 <REP> CyberLink
25/02/2007 13:03 <REP> denouvel
11/02/2007 19:13 <REP> DivX
08/01/2007 11:55 <REP> D-Link
28/05/2007 19:30 <REP> eMule
01/03/2007 21:44 <REP> eoRezo
03/05/2007 12:13 <REP> Fichiers communs
07/02/2007 14:58 <REP> Google
02/06/2007 13:37 <REP> Hijackthis Version Française
31/05/2007 14:19 <REP> IncrediMail
10/05/2007 12:34 <REP> Internet Explorer
09/05/2007 15:03 <REP> Java
06/01/2007 14:44 <REP> jv16 PowerTools
12/01/2007 20:05 <REP> Lavalys
01/06/2007 13:13 <REP> Lavasoft
22/11/2006 02:50 <REP> Learn2.com
27/02/2007 11:27 <REP> LimeWire
22/11/2006 02:53 <REP> Messenger
20/03/2007 12:04 <REP> Micro Application
10/05/2007 11:18 <REP> Microsoft CAPICOM 2.1.0.2
22/11/2006 02:50 <REP> microsoft frontpage
07/02/2007 19:01 <REP> Microsoft Office
24/02/2007 23:32 <REP> Microsoft SQL Server
14/02/2007 17:51 <REP> Midori
22/11/2006 02:53 <REP> Movie Maker
06/01/2007 00:06 <REP> MSN
22/11/2006 02:50 <REP> MSN Gaming Zone
04/02/2007 19:39 <REP> MSXML 4.0
02/06/2007 09:23 <REP> Multi_Media
27/01/2007 16:41 <REP> MyAlbum
22/11/2006 02:53 <REP> NetMeeting
04/02/2007 22:33 <REP> Nikon
22/11/2006 02:53 <REP> Online Services
05/01/2007 23:08 <REP> Outlook Express
21/01/2007 15:33 <REP> PhotoFiltre
24/02/2007 23:34 <REP> Pinnacle
24/02/2007 23:09 <REP> QuickTime
22/11/2006 02:50 <REP> Real
22/11/2006 02:50 <REP> Realtek
06/01/2007 18:25 <REP> Seagate
22/11/2006 02:53 <REP> Services en ligne
02/06/2007 09:23 <REP> Share_Accelerator
22/11/2006 02:50 <REP> SmartSound Software
28/01/2007 12:54 <REP> SoftChris
22/11/2006 02:50 <REP> Sonic
01/06/2007 13:13 <REP> Spamihilator
01/06/2007 20:37 <REP> Sunbelt Software
05/01/2007 16:56 <REP> Symantec
23/02/2007 17:10 <REP> Ulead Systems
22/11/2006 02:50 <REP> Viewpoint
22/11/2006 02:50 <REP> Windows Media Components
25/01/2007 17:06 <REP> Windows Media Connect 2
25/01/2007 17:06 <REP> Windows Media Player
22/11/2006 02:54 <REP> Windows NT
22/11/2006 02:50 <REP> Windows Plus
18/02/2007 18:50 <REP> WinRAR
22/11/2006 02:50 <REP> xerox
06/01/2007 14:17 <REP> Yahoo!
27/01/2007 11:09 <REP> Zapu
0 fichier(s) 0 octets
80 Rép(s) 196 449 382 400 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\Program Files\fichiers communs
03/05/2007 12:13 <REP> .
03/05/2007 12:13 <REP> ..
25/01/2007 16:08 <REP> Acronis
27/02/2007 17:20 <REP> Adobe
27/02/2007 11:05 <REP> Adobe Systems Shared
01/05/2007 18:02 <REP> Agnitum Shared
10/01/2007 13:49 <REP> Ahead
22/11/2006 02:53 <REP> AOL
22/11/2006 02:53 <REP> aolshare
09/01/2007 14:43 <REP> Caere
05/01/2007 17:25 <REP> Designer
02/03/2007 12:03 <REP> DriveCleaner Free
22/11/2006 02:50 <REP> InstallShield
22/11/2006 02:50 <REP> Java
10/01/2007 13:52 <REP> LightScribe
05/04/2007 20:44 <REP> Microsoft Shared
22/11/2006 02:50 <REP> MSSoap
10/01/2007 13:51 <REP> Nero
04/02/2007 22:32 <REP> Nikon
22/11/2006 02:50 <REP> Nullsoft
22/11/2006 02:50 <REP> ODBC
22/11/2006 02:50 <REP> Real
22/11/2006 02:53 <REP> Services
22/11/2006 02:53 <REP> Sonic Shared
22/11/2006 02:50 <REP> SpeechEngines
22/11/2006 02:53 <REP> SureThing Shared
05/01/2007 16:56 <REP> Symantec Shared
05/01/2007 23:08 <REP> System
22/11/2006 02:50 <REP> TiVo Shared
22/11/2006 02:53 <REP> Ulead Systems
19/02/2007 18:28 <REP> Vbox
0 fichier(s) 0 octets
31 Rép(s) 196 449 382 400 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
04/04/2007 20:42 <REP> .
04/04/2007 20:42 <REP> ..
05/01/2007 17:25 <REP> 1033
04/04/2007 20:42 <REP> 1036
29/01/2004 16:08 1 277 952 MSONSEXT.DLL
13/02/2001 09:23 58 784 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
06/08/2000 10:04 401 462 MSVCP60.DLL
29/01/2004 16:08 69 632 PKMAXCTL.DLL
29/01/2004 16:08 868 352 PKMCDO.DLL
29/01/2004 16:08 53 248 PKMCORE.DLL
29/01/2004 16:08 102 400 PKMFORMS.DLL
29/01/2004 16:38 634 880 PKMRES.DLL
29/01/2004 16:08 28 672 PKMSSTLB.DLL
22/01/2001 04:25 40 960 PKMTEMPL.DLL
29/01/2004 16:08 24 576 PKMTRACE.DLL
29/01/2004 16:08 86 016 PKMWS.DLL
29/01/2004 16:08 237 568 PROMDEMO.DLL
29/01/2004 16:08 184 320 SECMGR.DLL
29/01/2004 16:08 315 392 VAIDDMGR.DLL
29/01/2004 16:08 32 768 VAIMEM.DLL
18 fichier(s) 4 666 952 octets
4 Rép(s) 196 449 378 304 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\
12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
31/10/2005 17:56 700 416 StubInstaller.exe
3 fichier(s) 871 936 octets
0 Rép(s) 196 449 378 304 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3824-C69F
Répertoire de C:\
02/06/2007 11:03 91 648 cp1041.nls
1 fichier(s) 91 648 octets
0 Rép(s) 196 449 378 304 octets libres
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\Cnmvsa.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\helpkicker.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe
c:\Documents and Settings\Pierrot\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe
c:\Documents and Settings\Pierrot\.limewire\.NetworkShare\LimeWireWinInstaller.exe
c:\Documents and Settings\Pierrot\Application Data\ezpinst.exe
c:\Documents and Settings\Pierrot\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Pierrot\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe
c:\Documents and Settings\Pierrot\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Pierrot\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
c:\Documents and Settings\Pierrot\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
c:\Documents and Settings\Pierrot\Bureau\ccsetup140.exe
c:\Documents and Settings\Pierrot\Bureau\CloneMaster Setup.exe
c:\Documents and Settings\Pierrot\Bureau\ComboFix.exe
c:\Documents and Settings\Pierrot\Bureau\kerio-personal-firewall_4.2.3.912.exe
c:\Documents and Settings\Pierrot\Bureau\siw_siw_1.66_build_624_anglais_14288.exe
c:\Documents and Settings\Pierrot\Bureau\spamihilator_0_9_9_10.exe
c:\Documents and Settings\Pierrot\Bureau\wrar362fr.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Pierrot\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Pierrot\Mes documents\aawsepersonal.exe
c:\Documents and Settings\Pierrot\Mes documents\Audiotest.exe
c:\Documents and Settings\Pierrot\Mes documents\Demo_Dora_Contes_fees.exe
c:\Documents and Settings\Pierrot\Mes documents\DivXInstaller.exe
c:\Documents and Settings\Pierrot\Mes documents\HijackThisFR.exe
c:\Documents and Settings\Pierrot\Mes documents\LimeWireWin.exe
c:\Documents and Settings\Pierrot\Mes documents\PPVIEWER.EXE
c:\Documents and Settings\Pierrot\Mes documents\registryrepair_rrfr002.exe
c:\Documents and Settings\Pierrot\Mes documents\rminstall.exe
c:\Documents and Settings\Pierrot\Mes documents\Start.exe
c:\Documents and Settings\Pierrot\Mes documents\Downloads\La Solution Pour Faire Marcher Le Jeu ' Jeux Dora L'exploratrice - Les Animaux De La Jungle - Alcohol.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\delaySpawn.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\dslagent.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\gsicon.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\Q307271_WxP_SP1_x86_enu_MID57834.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\Q307271_WxP_SP1_x86_ENU_MID58293.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\setup.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\ATM Driver\dsldrv\dslagent.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\ATM Driver\dsldrv\gsicon.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\LAN Driver\dsldrv\dslagent.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\LAN Driver\dsldrv\gsicon.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\WAN Driver\dsldrv\dslagent.exe
c:\Documents and Settings\Pierrot\Mes documents\Driver modem\Pilote_ADSL_USB_-Pack_Wanadoo-_1.12.0019_98Me2000XP\usb\WAN Driver\dsldrv\gsicon.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules404\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules404\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules404\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules405\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules405\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules405\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules406\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules406\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules406\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules407\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules407\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules407\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules408\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules408\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules408\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules409\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules409\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules409\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40B\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40B\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40B\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40C\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40C\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40C\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40E\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40E\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules40E\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules410\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules410\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules410\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules411\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules411\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules411\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules412\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules412\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules412\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules413\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules413\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules413\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules414\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules414\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules414\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules415\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules415\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules415\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules419\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules419\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules419\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41D\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41D\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41D\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41E\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41E\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41E\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41F\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41F\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules41F\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules804\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules804\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules804\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules816\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules816\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules816\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModulesC0A\CNMlr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModulesC0A\CNMsr75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModulesC0A\CNMur75.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNM_0257.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMBR256.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMDRV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMDUMP5.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMFUS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMINST.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLMON2.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMLRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMMR256.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMOP74.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMP_257.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMPCOMM.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMPD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMPP.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMPV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMQUEUE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSMSD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMSTMN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMUI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMUR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMURTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMVS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Driver2\CNMW3.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmi040c.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnminst2.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis4.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis5.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\devid.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
En espérant avoir fait la bonne manip????
Encore Merci
Pierre
-
* HijackThis v1.99.1 *
Written by Merijn - merijn@spywareinfo.com
http://www.merijn.org/files/hijackthis.zip
http://www.merijn.org/index.html
Traduction française réalisée .
Par:PC-HELP-BORDEAUX http://pchelpbordeaux.free.fr .
Retrouvez le tutorial complet sur le site de PC-HELP Poster vos LOG sur le forum d'Assistance Informatique en Live http://belver.free.fr ' '.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
Command-line parameters:
* /autolog - Automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* Version history *
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
-
Voici le scan par combofix.exe
"Pierrot" - 2007-06-02 10:00:05 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Pierrot\Bureau\"
((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))
2007-06-01 16:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-01 13:13 <REP> d-------- C:\Program Files\Lavasoft
2007-06-01 11:44 <REP> d-------- C:\WINDOWS\CSC
2007-05-31 09:36 5,242,880 --a------ C:\Documents and Settings\Pierrot\ntuser.dat
2007-05-31 09:36 5,242,880 --a------ C:\DOCUME~1\Pierrot\ntuser.dat
2007-05-31 09:36 <REP> d-------- C:\DOCUME~1\Pierrot\APPLIC~1\InstallShield Installation Information
2007-05-28 15:11 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-05-28 15:11 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-05-27 08:41 <REP> d-------- C:\Program Files\AxBx
2007-05-10 11:18 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 15:12 <REP> d-------- C:\Program Files\Spamihilator
2007-05-03 14:51 <REP> d-------- C:\Program Files\Sunbelt Software
2007-05-03 14:16 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Share_Accelerator
2007-06-02 07:23:54 -------- d-----w C:\Program Files\Multi_Media
2007-06-02 07:23:34 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-05-31 12:21:04 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Lavasoft
2007-05-31 12:19:53 -------- d-----w C:\Program Files\IncrediMail
2007-05-29 10:02:07 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Canon
2007-05-29 07:49:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-28 17:30:49 -------- d-----w C:\Program Files\eMule
2007-05-03 12:51:46 -------- d-----w C:\DOCUME~1\Pierrot\APPLIC~1\Skype
2007-05-01 16:11:21 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-01 16:02:25 -------- d-----w C:\Program Files\Fichiers communs\Agnitum Shared
2007-05-01 16:02:23 -------- d-----w C:\Program Files\Agnitum
2007-05-01 09:32:20 505,483 --sh--w C:\WINDOWS\system32\bbadd.ini2
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 15:17:18 520,880 --sh--w C:\WINDOWS\system32\bbadd.bak2
2007-04-27 13:41:22 281,348 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-23 07:03:44 82,882 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-04-23 07:03:44 485,902 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 10:44:00 96,400 ----a-w C:\DOCUME~1\Pierrot\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-30 11:16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"GSICONEXE"="GSICON.EXE" [2007-01-08 11:50 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2007-01-08 11:50 C:\WINDOWS\system32\dslagent.exe]
"OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 13:09]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-01-25 16:08]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-01-25 16:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-24 23:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 20:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 11:16]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 15:49]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 10:02:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-02 10:03:18
C:\ComboFix-quarantined-files.txt ... 2007-06-02 10:03
--- E O F ---
-
Bonjour Charles
Petite question concernant la manip :
Ferme tous les programmes(internet explorer) et clique sue "Fixer les objets"
Est ce que je dois déconnecter internet ?
Merci
Cordialement Pierre
PS: je n'ai pas fait la manip hier
Car problème de santé et quand je prends mon traitement je dois m'allonger.
-
salut
Je vais détailler les opérations au maximum PAPI84, si tu as le moindre problème, n'hésite pas à demander.
Ne te laisse pas rebuter par la procédure: c'est très simple en fait, il suffit de prendre ton temps et de faire les choses dans l'ordre, comme indiqué
J'aimerai stp que tu expédies un fichier pour analyse >
C:\windows\system32\imprbtalljw.dll
*Rend toi sur cette page > http://secubox.gateweb.org/mad.php
Clique sur le bouton Parcourir > une fenêtre va s'ouvrir te permettant de naviguer dans les répertoires de ton disque dur. Clique sur l'icône du Poste de Travail à gauche > double clique sur le disque C > double clique sur le dossier Windows > System 32 > sélectionne le fichier nommé imprbtalljw.dll > clique sur le bouton Ouvrir.
Dans la case dessous (Veuillez indiquer ci-dessous le message destiné à notre équipe:) copie/colle ce message >
Clique enfin sur le bouton Envoyer
Merci d'avance
Note: si tu ne vois pas ce fichier, fais ceci au préalable >
Assure toi d'avoir accès à tous les fichiers,certains fichiers/dossiers sont cachés!!
Après ca, poste les rapports suivants stp >
1) * Démarre Hijackthis et clique sur la case "Scanner seulement",puis coche les lignes suivantes :
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O2 - BHO: (no name) - {0C10445A-6E66-4698-90EB-24D270A51BFC} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\qtghpeir.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7F6F9815-58A4-40A9-8191-4138F051807A} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\hnnobvuk.dll",realset
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
020 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: xxyvwts - xxyvwts.dll (file missing)
-Ferme tous les programmes (internet explorer) et clique sur "Fixer Objet"
Télécharge combofix.exe de sUBs
- Assure toi que tous les programmes sont fermés avant de lancer le fix!
- Fait un double clique sur combofix.exe.
-
Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
- Si le rapport est trop long, poste le en deux fois.
2) Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php
Ne lance que l'option 1 et poste le rapport stp.Attention: n'oublie pas d'appuyer sur une touche lorsque cela te sera demandé à la fin du rapport Catchme.
3) Poste enfin un nouveau rapport hijackthis stp
Charles
Je vais détailler les opérations au maximum PAPI84, si tu as le moindre problème, n'hésite pas à demander.
Ne te laisse pas rebuter par la procédure: c'est très simple en fait, il suffit de prendre ton temps et de faire les choses dans l'ordre, comme indiqué
J'aimerai stp que tu expédies un fichier pour analyse >
C:\windows\system32\imprbtalljw.dll
*Rend toi sur cette page > http://secubox.gateweb.org/mad.php
Clique sur le bouton Parcourir > une fenêtre va s'ouvrir te permettant de naviguer dans les répertoires de ton disque dur. Clique sur l'icône du Poste de Travail à gauche > double clique sur le disque C > double clique sur le dossier Windows > System 32 > sélectionne le fichier nommé imprbtalljw.dll > clique sur le bouton Ouvrir.
Dans la case dessous (Veuillez indiquer ci-dessous le message destiné à notre équipe:) copie/colle ce message >
CITATION
dll inconnue dans Winsock > http://forum.zebulon.fr/index.php?showtopic=123130
Clique enfin sur le bouton Envoyer
Je viens de faire cette manip .
J'ai trouvé C:\windows\system32\imprbtalljw.dll envoyé
je pense avoir fais la bonne manips pour envoyer le message
Merci
A++++ Pierre
- Assure toi que tous les programmes sont fermés avant de lancer le fix!
-
Bonjour à tous
Hier j'ai eu deux fois l'ecran bleu.Winxp a rencontré un problème serieux
J'ai redémaré deux fois et maintenant cela va.
Mais comme je suis un novice en informatique , je ne comprends pas grand chose et je ne sais pas faire les manips pour réparer.
57 balais.
Qui peut m'aider suite à la lecture du scan HijackThis ?? Faut il supprimer des choses??
Si possible avec des solutions simples.
je poste ici de la part de pear Godlike Member
Par avance Merci
Cordialement
Papi84
Logfile of HijackThis v1.99.1
Scan saved at 13:38:38, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C10445A-6E66-4698-90EB-24D270A51BFC} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\qtghpeir.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F6F9815-58A4-40A9-8191-4138F051807A} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\hnnobvuk.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvwts - xxyvwts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
-
Vous avez aussi décoché Avast, votre antivirus. Recochez le, il est indispensable.
Décochez Google, msconfig, et ctfmon(sauf si vous êtes spécialiste des langues orientales),
dans Windows XP, cliquez sur Options régionales, date, heure et langue, puis sur Options régionales et linguistiques.
Sous l'onglet Langues, cliquez sur Détails ->avancé pour le désactiver.
J'ai remarqué que vous avez de curieuses choses dans votre rapport comme awvvv.dll .
N'étant pas spécialiste en Sécurité, je vous conseille fortement de poster votre rapport Hijackthis sur le forum adhoc:Sécurité->Analyse....
Ok merci pour toutes vos infos
je vais poster mon rapport Hijackthis sur Sécurité->Analyse....
Encore merci pour votre travail
A+++++++++++
Cordialement Pierre
-
Bonjour
j'ai décoché tout il n'y avais rien sur la sécurité puis redémarage
Voici un nouveau scan
Logfile of HijackThis v1.99.1
Scan saved at 10:16:29, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C10445A-6E66-4698-90EB-24D270A51BFC} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\qtghpeir.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F6F9815-58A4-40A9-8191-4138F051807A} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.137.170 212.151.136.246
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvwts - xxyvwts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
-
Bonsoir,
N'ayez aucune crainte.Si vous faisiez une erreur, vous pourrez recocher ou, au pire, restaurer à une date antérieure.
Ce serait une bonne précaution à prendre que de faire une sauvegarde système avant une manipulation incertaine.
Ensuite, si vous le jugez utile, faites un autre Hijackthis, on y verra vos 04 , les applications démarrées.
Mais ce n'est pas là votre préoccupation majeure.
Avez vous désactivé le redémarrage automatique ?
Bonsoir
le redémarrage automatique était désactivé
Voici un autre Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:56:09, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C10445A-6E66-4698-90EB-24D270A51BFC} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\qtghpeir.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F6F9815-58A4-40A9-8191-4138F051807A} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\hnnobvuk.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvwts - xxyvwts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Pour ce soir je suis obligé de quitter car nous avons un gros orage,il tombe des cordes.
Je reprends contact avec vous demain.
Bonne soirée
Et encore merci
Cordialement pierre
-
Bonjour,
Hijackthis n'a pas vocation à réparer les erreurs indiquées par les écrans bleus, même s'il peut y aider parfois.
Il est dommage que vous ne donniez aucun renseignement sur ces écrans, c'est indispensable pour avoir des pistes de recherche.
Pour que vous ayez le temps de les lire et d'en noter soigneusement les détails, faites ceci:
Poste de travail->propriétés->avancé->Démarrage et récupération->paramètres->Décocher Redémarrer automatiquement.
Lors d'un prochain plantage, vous nous communiquerez les détails collectés.
Dans l'immédiat, et pour alléger votre pc , car vous avez 32 logiciels qui se lancent au démarrage, ce qui est considérable,vous allez faire ceci:
Démarrer->Exécuter->msconfig->Démarrage
Décochez tout ce qui ne concerne pas la sécurité:antivirus, parefeu, antispyware .Le reste ne sera chargé qu'en cas de besoin et votre pc vous en sera reconnaissant.
Voici le résultat suite à la manip Démarrer->Exécuter->msconfig->Démarrage
Je n'arrive pas à faire un copier coller du résultat pour le mettre sur ce post
Comment faire car je ne veux pas faire de faute pour décocher.
Merci
Cordialement papi84
-
Bonjour à tous
Ce matin j'ai eu deux fois l'ecran bleu.
J'ai redémaré deux fois et maintenant cela va.
Mais comme je suis un novice en informatique , je ne comprends pas grand chose et je ne sais pas faire les manips pour réparer.
57 balais.
Qui peut m'aider suite à la lecture du scan HijackThis ??
Si possible avec des solutions simples.
Par avance Merci
Papi84
Logfile of HijackThis v1.99.1
Scan saved at 15:00:22, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C10445A-6E66-4698-90EB-24D270A51BFC} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\qtghpeir.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F6F9815-58A4-40A9-8191-4138F051807A} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\hnnobvuk.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imprbtalljw.dll
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175687746531
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67AC927D-2DC0-48D8-851D-4B54054B8881}: NameServer = 212.151.136.242 212.151.137.166
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvwts - xxyvwts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
-
Salut .
Si tu as gravé tes photos au format jpeg; le temps entre chaque photo à la lecture sur ton lecteur de salon est le temps de chargement de tes photos et dépend uniquement de ton lecteur ! Si tu graves en mpeg, c'est différent car là tu crées une vidéo avec tes photos mais la qualité est moins bonne ...
C'est ok
Merci pour la réponse.
AA++++
Cordialement Pierre
-
Bonjour
Hier j'ai gravé 150 photos avec néro (Cd de donnés)
Elles passent bien en lecture sur la platine mais le temps entre chaque photos est très long (15 à 20 secondes)
Avant de graver est il possible de réduire le temps de lecture de chaque photos avec néro.
Pour avoir une lecture plus rapide j'ai gravé un autre cd avec studio 10 en mpeg 1 avec un temps de 4 secondes entre chaque photos,mais les photos sont moins nettes.
Platine Peekton 6024 elle lit tous les formats.
Qui peut m'aider
Par avance merci
Cordialement Pierre (56 ans) et par expert en informatique)
-
Tu peux donc agrandir la résolution de ton écran vers la droite, mais pas trop non plus, juste ce qu'il faut pour que tu puisses placer ta fenêtre de logiciel où tu veux et la mettre en plein écran par exemple.
Problème résolu
Merci pour votre aide
A+++++++
Cordialement Pierre
-
Re,
Ton écran est un 15', 17', 19' ???
Ecran plat 19' Philips 190 C
-
Bonjour PAPI84,
Sous quelle résolution d'écran es tu ?
Tu peux le voir en cliquant droit sur le fond de ton écran, "propriétés", puis l'onglet "paramètres".
Tu peux certainement la changer un peu pour voir la fenêtre de ton logiciel en entier.
Cordialement...
J'ai fais la manip propriétés", puis l'onglet "paramètres".
Résolution écran
moins plus
1280 1020 pixels
le curseur est du coté gauche
qualité couleur
Optimale
32 bits
-
Bonjour
Lorsque je lance studio 8 celui-ci s'affiche tout en haut de l'écran.
je ne vois plus les boutons de commandes
je n'arrive pas à le deplacer pour le mettre au centre de l'écran.
Qui peut me donner une solution pour faire cette manip.
Je ne suis pas un expert en informatique (56 ans)
Par avance merci
Cordialement Pierre
Message erreur au déméarage de xp
dans Analyses et éradication malwares
Posté(e)
Bonjour à tous
Le matin au démarrage de mon ordi j'ai le message suivant:
Rundll
erreur de chargement de C:windows system32 gzm rt.dll
le module spécifié est introuvable
Que veut dire ce message
Merci pour les réponses.
Cordialement Pierre