yvan dyselynck

Membres

Afficher le profil Afficher son activité

Compteur de contenus
4
Inscription
le 5 janvier 2008
Dernière visite
le 27 juillet 2017

À propos de yvan dyselynck

Date de naissance 17/10/1944

Contact Methods

Website URL
http://
ICQ
0

Profile Information

Sexe
Male
Localisation
Belgique

Autres informations

Mes langues
Français Neerlandais

yvan dyselynck's Achievements

Junior Member (3/12)

Réputation sur la communauté

Le portable ne démarre plus après installation d'un nouveau SSD

yvan dyselynck a répondu à un(e) sujet de jem dans Windows 7

Bonjour, Avez-vous encore la possibilité de remettre l'ancien DD dans la machine ? Si oui, faites le, ensuite, créer une image système de votre disque (W7 intègre un outil pour la réaliser). Cette image système, qui est une copie exacte de votre partition, peut alors être utilisée pour réinstaller votre nouveau disque SSD. Amicalement
- le 5 avril 2016
- 14 réponses
Analyse d'un log file Hijackthis

yvan dyselynck a répondu à un(e) sujet de yvan dyselynck dans Analyses et éradication malwares

Bonsoir Gof, faut pas t'excuser, savoir qu'on peut compter sur une aide est encourageant pour un Papy fouineur comme moi. L'antivir et ZoneAlarm désactivés ? ... c'était moi, mais la machine n'était pas sur réseau à ce moment. De mon côté je ne suis pas resté sans rien faire, en mode normal et surtout en mode sans échec, j'ai passé ce pc à la moulinette de plusieurs outils. Je cite ... Spybot bien sûr, cwshredder, ccleaner, antivir (réglé au max), Smitfraudfix, ... et j'en oublie peut être. Par ailleurs, la machine étant très lente, j'ai examiné les process et services et certains sont maintenant hors service (dwm.exe / SSBKydUpdate / etc...) et ce pc commence a reprendre vie. Je lui ai rajouté AVG antispayware en résident ... avec Antivir et Zone Alarm cela me semble suffisant. J'ai réalisé un petit tour de Hijackthis et je te joints le log. Ce serait sympa que tu commentes (en bien ou en mal) les actions prisent et que tu me dises si le log est plus propre et surtout me guider vers d'autres actions si nécessaire. Merci d'avance Amicalement Yvan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:14:48, on 10/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: BlueSoleil - Raccourci.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7133 bytes
- le 9 janvier 2008
- 7 réponses
Analyse d'un log file Hijackthis

yvan dyselynck a répondu à un(e) sujet de yvan dyselynck dans Analyses et éradication malwares

Merco Gof, voilà un sérieux coup de main ! Effectivement, je ne suis pas Français .... une fois ! ... et Papy en plus ! J'étais présomptueux de m'attaquer à tenter d'aider mon voisin ... malheureux tout de même, une machine qui a un mois ! Mais heureusement tes compétences vont me mettre sur la bonne voie ! (j'ai signalé que je faisais appel au forum ZEBULON .... pas la peine de se faire passer pour ce qu'on est pas ) Je pose les formules de politesse ici, ... tout au bout c'est moche ! Merci encore pour l'aide reçue ... et peut être future ! Amicalement Yvan J'ai tout exécuter comme décrit et voici les différents textes sauvegardés : 1) le résultat de deletesvc.bat [sC] ControlService ‚chec(s) 1062 : Le service n'a pas ‚t‚ d‚marr‚. [sC] DeleteService r‚ussite(s) 2) Le résultat de MoveIt C:\Windows\system32\dmzqw.exe moved successfully. C:\Windows\system32\dmazk.exe moved successfully. C:\Windows\system32\dmzlf.exe moved successfully. C:\Windows\system32\dmypd.exe moved successfully. C:\Windows\system32\dmtbm.exe moved successfully. C:\Windows\system32\dmhrb.exe moved successfully. C:\Windows\system32\dmrvg.exe moved successfully. C:\Windows\system32\dmoux.exe moved successfully. C:\Windows\system32\dmzsx.exe moved successfully. C:\Windows\system32\dmajh.exe moved successfully. C:\Windows\system32\dmkyw.exe moved successfully. C:\Windows\system32\dmvre.exe moved successfully. C:\Windows\system32\dmttb.exe moved successfully. C:\Windows\system32\dmhik.exe moved successfully. C:\Windows\system32\dmyci.exe moved successfully. C:\Windows\system32\dmobi.exe moved successfully. C:\Windows\system32\dmbin.exe moved successfully. C:\Windows\system32\dmmuj.exe moved successfully. File/Folder C:\Windows\system32\dmctr.exe not found. File/Folder C:\Windows\system32\dmhze.exe not found. C:\Windows\system32\dmeba.exe moved successfully. C:\Windows\system32\dmpds.exe moved successfully. C:\Windows\system32\dmzdu.exe moved successfully. C:\Windows\system32\dmpyx.exe moved successfully. C:\Windows\system32\dmbgf.exe moved successfully. C:\Windows\system32\dmfei.exe moved successfully. C:\Windows\SMINST\launcher.exe moved successfully. C:\Windows\system32\dmdrx.exe moved successfully. Created on 01/06/2008 21:09:16 3) le texte de Main.txt (pas très digeste comme littérature !!! Deckard's System Scanner v20071014.68 Run by jack on 2008-01-06 21:33:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 12: 2008-01-05 17:18:05 UTC - RP69 - yvan0501_1 11: 2008-01-05 14:02:38 UTC - RP68 - Windows Update 10: 2008-01-05 10:26:05 UTC - RP67 - Point de contrôle planifié 9: 2008-01-04 10:33:02 UTC - RP66 - Point de contrôle planifié 8: 2008-01-03 13:35:03 UTC - RP65 - Ad-Aware Restore Point 2008-01-03 14:35:01 -- First Restore Point -- 1: 2007-12-31 12:59:55 UTC - RP56 - Point de contrôle planifié Backed up registry hives. Performed disk cleanup. -- HijackThis (run as jack.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:25, on 06/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\conime.exe C:\Users\jack\Contacts\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\jack.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhnet.be/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: BlueSoleil - Raccourci.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED82545E-837C-4B29-8C42-D26B3E1FA500}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D4BED9-F25F-4AFB-9EFD-8370C6916C02}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmvjb.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10139 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080106-212416-123 O4 - HKLM\..\Run: [dmzdu.exe] C:\Windows\system32\dmzdu.exe backup-20080106-212416-133 O4 - HKLM\..\Run: [dmrvg.exe] C:\Windows\system32\dmrvg.exe backup-20080106-212416-199 O4 - HKLM\..\Run: [dmmuj.exe] C:\Windows\system32\dmmuj.exe backup-20080106-212416-268 O4 - HKLM\..\Run: [dmajh.exe] C:\Windows\system32\dmajh.exe backup-20080106-212416-302 O4 - HKLM\..\Run: [dmpds.exe] C:\Windows\system32\dmpds.exe backup-20080106-212416-386 O4 - HKLM\..\Run: [dmazk.exe] C:\Windows\system32\dmazk.exe backup-20080106-212416-397 O4 - HKLM\..\Run: [dmfei.exe] C:\Windows\system32\dmfei.exe backup-20080106-212416-419 O4 - HKLM\..\Run: [dmeba.exe] C:\Windows\system32\dmeba.exe backup-20080106-212416-468 O4 - HKLM\..\Run: [dmhze.exe] C:\Windows\system32\dmhze.exe backup-20080106-212416-469 O4 - HKLM\..\Run: [dmzqw.exe] C:\Windows\system32\dmzqw.exe backup-20080106-212416-503 O4 - HKLM\..\Run: [dmpyx.exe] C:\Windows\system32\dmpyx.exe backup-20080106-212416-513 O4 - HKLM\..\Run: [dmzsx.exe] C:\Windows\system32\dmzsx.exe backup-20080106-212416-520 O4 - HKLM\..\Run: [dmoux.exe] C:\Windows\system32\dmoux.exe backup-20080106-212416-528 O4 - HKLM\..\Run: [dmkyw.exe] C:\Windows\system32\dmkyw.exe backup-20080106-212416-587 O4 - HKLM\..\Run: [dmyci.exe] C:\Windows\system32\dmyci.exe backup-20080106-212416-635 O4 - HKLM\..\Run: [dmzlf.exe] C:\Windows\system32\dmzlf.exe backup-20080106-212416-651 O4 - HKLM\..\Run: [dmbin.exe] C:\Windows\system32\dmbin.exe backup-20080106-212416-655 O4 - HKLM\..\Run: [dmazw.exe] C:\Windows\system32\dmazw.exe backup-20080106-212416-667 O4 - HKLM\..\Run: [dmtbm.exe] C:\Windows\system32\dmtbm.exe backup-20080106-212416-668 O4 - HKLM\..\Run: [dmttb.exe] C:\Windows\system32\dmttb.exe backup-20080106-212416-697 O4 - HKLM\..\Run: [dmctr.exe] C:\Windows\system32\dmctr.exe backup-20080106-212416-730 O4 - HKLM\..\Run: [dmtoh.exe] C:\Windows\system32\dmtoh.exe backup-20080106-212416-845 O4 - HKLM\..\Run: [dmypd.exe] C:\Windows\system32\dmypd.exe backup-20080106-212416-879 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe backup-20080106-212416-922 O4 - HKLM\..\Run: [dmobi.exe] C:\Windows\system32\dmobi.exe backup-20080106-212416-924 O4 - HKLM\..\Run: [dmbgf.exe] C:\Windows\system32\dmbgf.exe backup-20080106-212416-934 O4 - HKLM\..\Run: [dmhrb.exe] C:\Windows\system32\dmhrb.exe backup-20080106-212416-944 O4 - HKLM\..\Run: [dmhik.exe] C:\Windows\system32\dmhik.exe backup-20080106-212416-958 O4 - HKLM\..\Run: [dmvre.exe] C:\Windows\system32\dmvre.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> S2 Windows Management Service - c:\windows\system32\dmvjb.exe -srv S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Carte Microsoft 6to4 Device ID: ROOT\*6TO4MP00 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP00 Service: tunnel -- Files created between 2007-12-06 and 2008-01-06 ----------------------------- 2008-01-05 17:57:52 0 d-------- C:\Users\jack\Desktop 2008-01-05 17:57:52 0 d-------- C:\Program Files\Trend Micro 2008-01-05 16:15:06 0 d-------- C:\Program Files\CCleaner 2008-01-05 15:58:50 0 --a------ C:\Windows\nsreg.dat 2008-01-05 15:58:35 0 d-------- C:\Users\jack\Application Data\Mozilla 2008-01-05 15:43:03 0 d-------- C:\Windows\report 2008-01-05 15:39:58 0 d-------- C:\Windows\AU_Backup 2008-01-05 15:39:57 1163344 --a------ C:\Windows\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-01-05 15:39:57 267845 --a------ C:\Windows\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner> 2008-01-05 15:39:57 71749 --a------ C:\Windows\hcextoutput.dll 2008-01-05 15:39:57 86094 --a------ C:\Windows\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-01-05 15:35:32 0 d-------- C:\Windows\AU_Temp 2008-01-05 15:35:32 0 d-------- C:\Windows\AU_Log 2008-01-05 15:35:29 507904 --a------ C:\Windows\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-01-05 15:35:28 69689 --a------ C:\Windows\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-01-05 15:35:28 286720 --a------ C:\Windows\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-01-05 15:03:09 0 d-------- C:\Windows\system32\ZoneLabs 2008-01-05 15:03:07 0 d-------- C:\Users\All Users\CheckPoint 2008-01-05 15:03:07 0 d-------- C:\Users\All Users\Application Data\CheckPoint 2008-01-05 15:01:25 0 d-------- C:\Windows\Internet Logs 2008-01-03 22:45:46 0 d-------- C:\Program Files\Paint Shop Pro 2008-01-03 22:40:06 247664 --a------ C:\Windows\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2008-01-03 22:40:06 26768 --a------ C:\Windows\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control> 2008-01-03 22:38:23 0 -rahs---- C:\MSDOS.SYS 2008-01-03 22:38:23 0 -rahs---- C:\IO.SYS 2008-01-03 13:01:45 0 d-------- C:\Users\jack\Application Data\Canon 2008-01-03 12:58:40 0 d-------- C:\Users\jack\Application Data\ArcSoft 2008-01-03 12:38:38 0 d-------- C:\Users\All Users\Application Data\Apple Computer 2008-01-03 12:38:38 0 d-------- C:\Users\All Users\Apple Computer 2008-01-03 12:38:38 0 d-------- C:\Program Files\QuickTime 2008-01-03 12:38:16 0 d-------- C:\Users\All Users\Application Data\Apple 2008-01-03 12:38:16 0 d-------- C:\Users\All Users\Apple 2008-01-03 12:38:16 0 d-------- C:\Program Files\Apple Software Update 2008-01-01 21:59:21 0 d-------- C:\Users\All Users\InstallShield 2008-01-01 21:59:21 0 d-------- C:\Users\All Users\Application Data\InstallShield 2008-01-01 21:59:15 0 d-------- C:\Users\jack\Application Data\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Users\All Users\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Users\All Users\Application Data\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-01-01 21:58:16 0 d-------- C:\Program Files\ScanSoft 2008-01-01 21:55:46 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-01-01 21:51:15 0 d--h----- C:\Users\All Users\CanonBJ 2008-01-01 21:51:15 0 d--h----- C:\Users\All Users\Application Data\CanonBJ 2008-01-01 21:50:49 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information 2008-01-01 21:49:00 0 d--h----- C:\Program Files\CanonBJ 2008-01-01 21:47:06 0 d-------- C:\Program Files\Canon 2007-12-28 19:01:31 0 d-------- C:\Users\jack\Application Data\Généatique2007 2007-12-28 18:43:34 5632 --a------ C:\Windows\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor> 2007-12-28 18:43:29 0 d-------- C:\Program Files\Tracker Software 2007-12-28 18:43:00 212480 --a------ C:\Windows\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2007-12-28 18:43:00 640512 --a------ C:\Windows\system32\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit> 2007-12-28 18:42:59 618496 --a------ C:\Windows\system32\stlpmt45.dll 2007-12-28 18:42:59 240640 --a------ C:\Windows\system32\imgman31.dll <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit> 2007-12-28 18:42:59 51200 --a------ C:\Windows\system32\H5TOOL32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 94720 --a------ C:\Windows\system32\H5RTF32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 175104 --a------ C:\Windows\system32\H5MENU32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 1055744 --a------ C:\Windows\system32\H5KRNL32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 188928 --a------ C:\Windows\system32\H5ICON32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 111616 --a------ C:\Windows\system32\H5DLG32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:58 204800 --a------ C:\Windows\system32\LPNG.DLL 2007-12-28 18:42:58 71680 --a------ C:\Windows\system32\DragExt.dll <Not Verified; Martin Prikryl; WinSCP> 2007-12-28 18:42:58 1500160 --a------ C:\Windows\system32\cc3260mt.dll <Not Verified; Borland Corporation; Borland C++ Builder 6.0> 2007-12-28 18:42:58 1497088 --a------ C:\Windows\system32\cc3250mt.dll <Not Verified; Inprise Corporation; Borland C++ Builder 5.0> 2007-12-28 18:42:58 25600 --a------ C:\Windows\system32\borlndmm.dll <Not Verified; Inprise Corporation; Borland Memory Manager> 2007-12-28 18:42:46 0 d-------- C:\Program Files\Geneatique2007 2007-12-23 13:30:21 0 d-------- C:\Users\jack\Application Data\CyberLink 2007-12-23 13:30:14 0 d-------- C:\Users\jack\Application Data\HP 2007-12-20 16:40:34 0 d-------- C:\Users\jack\Application Data\Template 2007-12-20 16:40:19 0 --a------ C:\Users\jack\Application Data\wklnhst.dat 2007-12-20 16:27:50 0 d-------- C:\Utilitaires 2007-12-20 16:11:58 0 d-------- C:\Program Files\Microsoft Works 2007-12-20 15:34:47 0 dr-h----- C:\MSOCache 2007-12-18 11:19:10 0 d-------- C:\Program Files\Support.com 2007-12-18 11:18:12 0 d-------- C:\Program Files\Common Files\SupportSoft 2007-12-12 19:37:22 0 d-------- C:\Users\jack\Data 2007-12-12 16:33:03 0 d-------- C:\Program Files\Microsoft.NET 2007-12-12 16:20:38 0 d-------- C:\Users\All Users\Lavasoft 2007-12-12 16:20:38 0 d-------- C:\Users\All Users\Application Data\Lavasoft 2007-12-12 16:20:38 0 d-------- C:\Program Files\Lavasoft 2007-12-12 16:19:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-12 16:12:05 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2007-12-12 16:12:05 0 d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy 2007-12-12 15:56:29 0 d-------- C:\Users\All Users\Avira 2007-12-12 15:56:29 0 d-------- C:\Users\All Users\Application Data\Avira 2007-12-12 15:56:29 0 d-------- C:\Program Files\Avira 2007-12-12 14:50:11 0 d-------- C:\Users\jack\Application Data\Google 2007-12-11 17:09:55 0 d-------- C:\Users\All Users\LightScribe 2007-12-11 17:09:55 0 d-------- C:\Users\All Users\Application Data\LightScribe 2007-12-11 15:08:36 0 d-------- C:\Users\All Users\Bluetooth 2007-12-11 15:08:36 0 d-------- C:\Users\All Users\Application Data\Bluetooth 2007-12-11 14:53:01 0 d-------- C:\Program Files\IVT Corporation 2007-12-11 14:52:59 0 --a------ C:\Windows\system32 2007-12-11 14:52:59 32 --a------ C:\Windows 2007-12-11 14:45:31 0 d-------- C:\Users\jack\Application Data\Adobe 2007-12-11 14:45:07 0 dr------- C:\Users\jack\Searches 2007-12-11 14:44:59 0 d-------- C:\Users\jack\Application Data\Identities 2007-12-11 14:44:55 0 dr------- C:\Users\jack\Contacts 2007-12-09 16:57:14 0 d-------- C:\Users\jack\Application Data\Macromedia 2007-12-09 10:19:03 0 d-------- C:\Users\jack\Application Data\Hewlett-Packard 2007-12-09 10:16:59 81 --a------ C:\Windows\system32\LOG 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Voisinage réseau 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Voisinage d'impression 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Videos 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\SendTo 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Saved Games 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Recent 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Pictures 2007-12-09 10:16:55 2621440 --ahs---- C:\Users\jack\NTUSER.DAT 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Music 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Modèles 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Mes documents 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Menu Démarrer 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Local Settings 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Links 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Favorites 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Downloads 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Documents 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Cookies 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Application Data 2007-12-09 10:16:55 0 d---s---- C:\Users\jack\Application Data\Microsoft 2007-12-09 10:16:55 0 d-------- C:\Users\jack\Application Data\Media Center Programs 2007-12-09 10:16:55 0 d--h----- C:\Users\jack\AppData 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Voisinage réseau 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Voisinage d'impression 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\SendTo 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Recent 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Mes documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Local Settings 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Cookies 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Voisinage réseau 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Voisinage d'impression 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\SendTo 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Recent 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Mes documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Local Settings 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Cookies 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Favoris 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Bureau 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Favoris 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Bureau 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Program Files\Fichiers communs 2007-12-09 10:15:40 0 d--hs---- C:\Documents and Settings -- Find3M Report --------------------------------------------------------------- 2008-01-06 21:02:08 690832 --a------ C:\Windows\system32\perfh00C.dat 2008-01-06 21:02:08 117572 --a------ C:\Windows\system32\perfc00C.dat 2008-01-05 17:46:23 0 d-------- C:\Users\jack\AppData\Roaming\Adobe 2008-01-05 15:58:35 0 d-------- C:\Users\jack\AppData\Roaming\Mozilla 2008-01-03 13:01:45 0 d-------- C:\Users\jack\AppData\Roaming\Canon 2008-01-03 12:58:40 0 d-------- C:\Users\jack\AppData\Roaming\ArcSoft 2008-01-01 21:59:15 0 d-------- C:\Users\jack\AppData\Roaming\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Program Files\Common Files 2008-01-01 21:59:05 0 d-------- C:\Program Files\Common Files\InstallShield 2008-01-01 21:55:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-28 19:03:35 0 d-------- C:\Users\jack\AppData\Roaming\Généatique2007 2007-12-23 13:30:21 0 d-------- C:\Users\jack\AppData\Roaming\CyberLink 2007-12-23 13:30:14 0 d-------- C:\Users\jack\AppData\Roaming\HP 2007-12-20 21:28:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-20 16:50:38 0 d-------- C:\Users\jack\AppData\Roaming\Template 2007-12-20 16:40:19 0 --a------ C:\Users\jack\AppData\Roaming\wklnhst.dat 2007-12-20 10:09:06 0 d-------- C:\Program Files\Google 2007-12-12 15:11:17 0 d-------- C:\Users\jack\AppData\Roaming\Google 2007-12-11 15:35:11 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-11 14:44:59 0 d-------- C:\Users\jack\AppData\Roaming\Identities 2007-12-09 16:57:14 0 d-------- C:\Users\jack\AppData\Roaming\Macromedia 2007-12-09 10:19:03 0 d-------- C:\Users\jack\AppData\Roaming\Hewlett-Packard 2007-12-09 10:15:40 0 d-------- C:\Program Files\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/07/2007 06:57] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/11/2006 21:57] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [06/06/2007 12:52] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06/06/2007 12:52] "Persistence"="C:\Windows\system32\igfxpers.exe" [06/06/2007 12:52] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [28/03/2007 16:45] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2007 07:57] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 10:54] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 12:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 15:12] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 22:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/07/2007 08:14] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/12/2007 15:59] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [28/09/2006 13:16] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [11/10/2006 12:45] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28/06/2007 05:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 13:35] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BlueSoleil - Raccourci.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2007 15:50:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7824 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-01-06 21:36:36 ------------ et enfin ... 4) extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Édition Familiale Premium (build 6000) Architecture: X86; Language: French CPU 0: Intel® Pentium® Dual CPU T2310 @ 1.46GHz Percentage of Memory in Use: 34% Physical Memory (total/avail): 2037.41 MiB / 1335.89 MiB Pagefile Memory (total/avail): 4294.62 MiB / 3394.56 MiB Virtual Memory (total/avail): 2047.88 MiB / 1916.05 MiB C: is Fixed (NTFS) - 142.12 GiB total, 95.32 GiB free. D: is Fixed (NTFS) - 6.92 GiB total, 2.36 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Système de fichiers installable - 142.12 GiB - C: \PARTITION1 - Système de fichiers installable - 6.92 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FW: ZoneAlarm Firewall v7.1.099.000 (Check Point, LTD.) Disabled AV: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) Disabled AS: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) Disabled AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\jack\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC-DE-JACK ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\jack LOCALAPPDATA=C:\Users\jack\AppData\Local LOGONSERVER=\\PC-DE-JACK NUMBER_OF_PROCESSORS=2 OnlineServices=Services en ligne OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PCBRAND=PRESARIO PLATFORM=MCD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\jack\AppData\Local\Temp TMP=C:\Users\jack\AppData\Local\Temp tvdumpflags=8 USERDOMAIN=PC-de-jack USERNAME=jack USERPART=E: USERPROFILE=C:\Users\jack windir=C:\Windows -- User Profiles --------------------------------------------------------------- jack (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bluesoleil2.6.0.9 Release 070606 --> MsiExec.exe /X{846AC73B-9394-48B9-B941-8F7F472F0047} Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP810 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810 /L0x000c Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ISprtHDza.inf Enregistrement utilisateur de Canon MP810 --> C:\Program Files\Canon\IJEREG\MP810\UNINST.EXE ESU for Microsoft Vista --> MsiExec.exe /X{72B5AE99-C0B6-4DF0-8023-0DED52BC43CF} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Généatique 2007 --> "C:\Program Files\Geneatique2007\unins000.exe" HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045_SprtHDzm\UIU32m.exe -U -ISprtHDzm.inf Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409 HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68} HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP DVD Play 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636} HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.20 G2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5} HP User Guides 0078 --> MsiExec.exe /I{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4} HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8} Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSCU for Microsoft Vista --> MsiExec.exe /I{DCB21DB9-6177-4A7B-B85D-7C081F15A424} muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x040c -removeonly NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly Paint Shop Pro 4.15 SE --> C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG PDF-XChange 3 --> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x040c -removeonly Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72} ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type9889 / Error Event Submitted/Written: 01/06/2008 08:56:16 PM Event ID/Source: 5007 / WerSvc Event Description: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9. Event Record #/Type9888 / Error Event Submitted/Written: 01/06/2008 08:56:11 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante dmhik.exe, version 0.0.0.0, horodatage 0x4759612c, module défaillant dmhik.exe, version 0.0.0.0, horodatage 0x4759612c, code d’exception 0x80000003, décalage d’erreur 0x000111b6, ID du processus 0xe0c, heure de début de l’application 0xdmhik.exe0. Event Record #/Type9882 / Success Event Submitted/Written: 01/06/2008 08:55:48 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type9881 / Success Event Submitted/Written: 01/06/2008 08:55:47 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type9878 / Success Event Submitted/Written: 01/06/2008 08:55:02 PM Event ID/Source: 902 / Software Licensing Service Event Description: Le service de gestion des licences du logiciel a démarré. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type16456 / Error Event Submitted/Written: 01/06/2008 09:06:24 PM Event ID/Source: 7030 / Service Control Manager Event Description: Windows Management Service Event Record #/Type16452 / Error Event Submitted/Written: 01/06/2008 08:58:22 PM Event ID/Source: 7000 / Service Control Manager Event Description: HP Health Check Service%%1053 Event Record #/Type16451 / Error Event Submitted/Written: 01/06/2008 08:58:22 PM Event ID/Source: 7009 / Service Control Manager Event Description: 30000HP Health Check Service Event Record #/Type16443 / Error Event Submitted/Written: 01/06/2008 08:56:17 PM Event ID/Source: 7030 / Service Control Manager Event Description: Windows Management Service Event Record #/Type16191 / Error Event Submitted/Written: 01/06/2008 11:14:01 AM Event ID/Source: 7000 / Service Control Manager Event Description: HP Health Check Service%%1053 -- End of Deckard's System Scanner: finished at 2008-01-06 21:36:36 ------------ Merco Gof, voilà un sérieux coup de main ! Effectivement, je ne suis pas Français .... une fois ! ... et Papy en plus ! J'étais présomptueux de m'attaquer à tenter d'aider mon voisin ... malheureux tout de même, une machine qui a un mois ! Mais heureusement tes compétences vont me mettre sur la bonne voie ! (j'ai signalé que je faisais appel au forum ZEBULON .... pas la peine de se faire passer pour ce qu'on est pas ) Je pose les formules de politesse ici, ... tout au bout c'est moche ! Merci encore pour l'aide reçue ... et peut être future ! Amicalement Yvan J'ai tout exécuter comme décrit et voici les différents textes sauvegardés : 1) le résultat de deletesvc.bat [sC] ControlService ‚chec(s) 1062 : Le service n'a pas ‚t‚ d‚marr‚. [sC] DeleteService r‚ussite(s) 2) Le résultat de MoveIt C:\Windows\system32\dmzqw.exe moved successfully. C:\Windows\system32\dmazk.exe moved successfully. C:\Windows\system32\dmzlf.exe moved successfully. C:\Windows\system32\dmypd.exe moved successfully. C:\Windows\system32\dmtbm.exe moved successfully. C:\Windows\system32\dmhrb.exe moved successfully. C:\Windows\system32\dmrvg.exe moved successfully. C:\Windows\system32\dmoux.exe moved successfully. C:\Windows\system32\dmzsx.exe moved successfully. C:\Windows\system32\dmajh.exe moved successfully. C:\Windows\system32\dmkyw.exe moved successfully. C:\Windows\system32\dmvre.exe moved successfully. C:\Windows\system32\dmttb.exe moved successfully. C:\Windows\system32\dmhik.exe moved successfully. C:\Windows\system32\dmyci.exe moved successfully. C:\Windows\system32\dmobi.exe moved successfully. C:\Windows\system32\dmbin.exe moved successfully. C:\Windows\system32\dmmuj.exe moved successfully. File/Folder C:\Windows\system32\dmctr.exe not found. File/Folder C:\Windows\system32\dmhze.exe not found. C:\Windows\system32\dmeba.exe moved successfully. C:\Windows\system32\dmpds.exe moved successfully. C:\Windows\system32\dmzdu.exe moved successfully. C:\Windows\system32\dmpyx.exe moved successfully. C:\Windows\system32\dmbgf.exe moved successfully. C:\Windows\system32\dmfei.exe moved successfully. C:\Windows\SMINST\launcher.exe moved successfully. C:\Windows\system32\dmdrx.exe moved successfully. Created on 01/06/2008 21:09:16 3) le texte de Main.txt (pas très digeste comme littérature !!! Deckard's System Scanner v20071014.68 Run by jack on 2008-01-06 21:33:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 12: 2008-01-05 17:18:05 UTC - RP69 - yvan0501_1 11: 2008-01-05 14:02:38 UTC - RP68 - Windows Update 10: 2008-01-05 10:26:05 UTC - RP67 - Point de contrôle planifié 9: 2008-01-04 10:33:02 UTC - RP66 - Point de contrôle planifié 8: 2008-01-03 13:35:03 UTC - RP65 - Ad-Aware Restore Point 2008-01-03 14:35:01 -- First Restore Point -- 1: 2007-12-31 12:59:55 UTC - RP56 - Point de contrôle planifié Backed up registry hives. Performed disk cleanup. -- HijackThis (run as jack.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:25, on 06/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\conime.exe C:\Users\jack\Contacts\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\jack.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhnet.be/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: BlueSoleil - Raccourci.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED82545E-837C-4B29-8C42-D26B3E1FA500}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D4BED9-F25F-4AFB-9EFD-8370C6916C02}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmvjb.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10139 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080106-212416-123 O4 - HKLM\..\Run: [dmzdu.exe] C:\Windows\system32\dmzdu.exe backup-20080106-212416-133 O4 - HKLM\..\Run: [dmrvg.exe] C:\Windows\system32\dmrvg.exe backup-20080106-212416-199 O4 - HKLM\..\Run: [dmmuj.exe] C:\Windows\system32\dmmuj.exe backup-20080106-212416-268 O4 - HKLM\..\Run: [dmajh.exe] C:\Windows\system32\dmajh.exe backup-20080106-212416-302 O4 - HKLM\..\Run: [dmpds.exe] C:\Windows\system32\dmpds.exe backup-20080106-212416-386 O4 - HKLM\..\Run: [dmazk.exe] C:\Windows\system32\dmazk.exe backup-20080106-212416-397 O4 - HKLM\..\Run: [dmfei.exe] C:\Windows\system32\dmfei.exe backup-20080106-212416-419 O4 - HKLM\..\Run: [dmeba.exe] C:\Windows\system32\dmeba.exe backup-20080106-212416-468 O4 - HKLM\..\Run: [dmhze.exe] C:\Windows\system32\dmhze.exe backup-20080106-212416-469 O4 - HKLM\..\Run: [dmzqw.exe] C:\Windows\system32\dmzqw.exe backup-20080106-212416-503 O4 - HKLM\..\Run: [dmpyx.exe] C:\Windows\system32\dmpyx.exe backup-20080106-212416-513 O4 - HKLM\..\Run: [dmzsx.exe] C:\Windows\system32\dmzsx.exe backup-20080106-212416-520 O4 - HKLM\..\Run: [dmoux.exe] C:\Windows\system32\dmoux.exe backup-20080106-212416-528 O4 - HKLM\..\Run: [dmkyw.exe] C:\Windows\system32\dmkyw.exe backup-20080106-212416-587 O4 - HKLM\..\Run: [dmyci.exe] C:\Windows\system32\dmyci.exe backup-20080106-212416-635 O4 - HKLM\..\Run: [dmzlf.exe] C:\Windows\system32\dmzlf.exe backup-20080106-212416-651 O4 - HKLM\..\Run: [dmbin.exe] C:\Windows\system32\dmbin.exe backup-20080106-212416-655 O4 - HKLM\..\Run: [dmazw.exe] C:\Windows\system32\dmazw.exe backup-20080106-212416-667 O4 - HKLM\..\Run: [dmtbm.exe] C:\Windows\system32\dmtbm.exe backup-20080106-212416-668 O4 - HKLM\..\Run: [dmttb.exe] C:\Windows\system32\dmttb.exe backup-20080106-212416-697 O4 - HKLM\..\Run: [dmctr.exe] C:\Windows\system32\dmctr.exe backup-20080106-212416-730 O4 - HKLM\..\Run: [dmtoh.exe] C:\Windows\system32\dmtoh.exe backup-20080106-212416-845 O4 - HKLM\..\Run: [dmypd.exe] C:\Windows\system32\dmypd.exe backup-20080106-212416-879 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe backup-20080106-212416-922 O4 - HKLM\..\Run: [dmobi.exe] C:\Windows\system32\dmobi.exe backup-20080106-212416-924 O4 - HKLM\..\Run: [dmbgf.exe] C:\Windows\system32\dmbgf.exe backup-20080106-212416-934 O4 - HKLM\..\Run: [dmhrb.exe] C:\Windows\system32\dmhrb.exe backup-20080106-212416-944 O4 - HKLM\..\Run: [dmhik.exe] C:\Windows\system32\dmhik.exe backup-20080106-212416-958 O4 - HKLM\..\Run: [dmvre.exe] C:\Windows\system32\dmvre.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> S2 Windows Management Service - c:\windows\system32\dmvjb.exe -srv S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Carte Microsoft 6to4 Device ID: ROOT\*6TO4MP00 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP00 Service: tunnel -- Files created between 2007-12-06 and 2008-01-06 ----------------------------- 2008-01-05 17:57:52 0 d-------- C:\Users\jack\Desktop 2008-01-05 17:57:52 0 d-------- C:\Program Files\Trend Micro 2008-01-05 16:15:06 0 d-------- C:\Program Files\CCleaner 2008-01-05 15:58:50 0 --a------ C:\Windows\nsreg.dat 2008-01-05 15:58:35 0 d-------- C:\Users\jack\Application Data\Mozilla 2008-01-05 15:43:03 0 d-------- C:\Windows\report 2008-01-05 15:39:58 0 d-------- C:\Windows\AU_Backup 2008-01-05 15:39:57 1163344 --a------ C:\Windows\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-01-05 15:39:57 267845 --a------ C:\Windows\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner> 2008-01-05 15:39:57 71749 --a------ C:\Windows\hcextoutput.dll 2008-01-05 15:39:57 86094 --a------ C:\Windows\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-01-05 15:35:32 0 d-------- C:\Windows\AU_Temp 2008-01-05 15:35:32 0 d-------- C:\Windows\AU_Log 2008-01-05 15:35:29 507904 --a------ C:\Windows\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-01-05 15:35:28 69689 --a------ C:\Windows\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-01-05 15:35:28 286720 --a------ C:\Windows\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-01-05 15:03:09 0 d-------- C:\Windows\system32\ZoneLabs 2008-01-05 15:03:07 0 d-------- C:\Users\All Users\CheckPoint 2008-01-05 15:03:07 0 d-------- C:\Users\All Users\Application Data\CheckPoint 2008-01-05 15:01:25 0 d-------- C:\Windows\Internet Logs 2008-01-03 22:45:46 0 d-------- C:\Program Files\Paint Shop Pro 2008-01-03 22:40:06 247664 --a------ C:\Windows\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2008-01-03 22:40:06 26768 --a------ C:\Windows\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control> 2008-01-03 22:38:23 0 -rahs---- C:\MSDOS.SYS 2008-01-03 22:38:23 0 -rahs---- C:\IO.SYS 2008-01-03 13:01:45 0 d-------- C:\Users\jack\Application Data\Canon 2008-01-03 12:58:40 0 d-------- C:\Users\jack\Application Data\ArcSoft 2008-01-03 12:38:38 0 d-------- C:\Users\All Users\Application Data\Apple Computer 2008-01-03 12:38:38 0 d-------- C:\Users\All Users\Apple Computer 2008-01-03 12:38:38 0 d-------- C:\Program Files\QuickTime 2008-01-03 12:38:16 0 d-------- C:\Users\All Users\Application Data\Apple 2008-01-03 12:38:16 0 d-------- C:\Users\All Users\Apple 2008-01-03 12:38:16 0 d-------- C:\Program Files\Apple Software Update 2008-01-01 21:59:21 0 d-------- C:\Users\All Users\InstallShield 2008-01-01 21:59:21 0 d-------- C:\Users\All Users\Application Data\InstallShield 2008-01-01 21:59:15 0 d-------- C:\Users\jack\Application Data\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Users\All Users\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Users\All Users\Application Data\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-01-01 21:58:16 0 d-------- C:\Program Files\ScanSoft 2008-01-01 21:55:46 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-01-01 21:51:15 0 d--h----- C:\Users\All Users\CanonBJ 2008-01-01 21:51:15 0 d--h----- C:\Users\All Users\Application Data\CanonBJ 2008-01-01 21:50:49 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information 2008-01-01 21:49:00 0 d--h----- C:\Program Files\CanonBJ 2008-01-01 21:47:06 0 d-------- C:\Program Files\Canon 2007-12-28 19:01:31 0 d-------- C:\Users\jack\Application Data\Généatique2007 2007-12-28 18:43:34 5632 --a------ C:\Windows\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor> 2007-12-28 18:43:29 0 d-------- C:\Program Files\Tracker Software 2007-12-28 18:43:00 212480 --a------ C:\Windows\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2007-12-28 18:43:00 640512 --a------ C:\Windows\system32\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit> 2007-12-28 18:42:59 618496 --a------ C:\Windows\system32\stlpmt45.dll 2007-12-28 18:42:59 240640 --a------ C:\Windows\system32\imgman31.dll <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit> 2007-12-28 18:42:59 51200 --a------ C:\Windows\system32\H5TOOL32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 94720 --a------ C:\Windows\system32\H5RTF32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 175104 --a------ C:\Windows\system32\H5MENU32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 1055744 --a------ C:\Windows\system32\H5KRNL32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 188928 --a------ C:\Windows\system32\H5ICON32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:59 111616 --a------ C:\Windows\system32\H5DLG32.DLL <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit> 2007-12-28 18:42:58 204800 --a------ C:\Windows\system32\LPNG.DLL 2007-12-28 18:42:58 71680 --a------ C:\Windows\system32\DragExt.dll <Not Verified; Martin Prikryl; WinSCP> 2007-12-28 18:42:58 1500160 --a------ C:\Windows\system32\cc3260mt.dll <Not Verified; Borland Corporation; Borland C++ Builder 6.0> 2007-12-28 18:42:58 1497088 --a------ C:\Windows\system32\cc3250mt.dll <Not Verified; Inprise Corporation; Borland C++ Builder 5.0> 2007-12-28 18:42:58 25600 --a------ C:\Windows\system32\borlndmm.dll <Not Verified; Inprise Corporation; Borland Memory Manager> 2007-12-28 18:42:46 0 d-------- C:\Program Files\Geneatique2007 2007-12-23 13:30:21 0 d-------- C:\Users\jack\Application Data\CyberLink 2007-12-23 13:30:14 0 d-------- C:\Users\jack\Application Data\HP 2007-12-20 16:40:34 0 d-------- C:\Users\jack\Application Data\Template 2007-12-20 16:40:19 0 --a------ C:\Users\jack\Application Data\wklnhst.dat 2007-12-20 16:27:50 0 d-------- C:\Utilitaires 2007-12-20 16:11:58 0 d-------- C:\Program Files\Microsoft Works 2007-12-20 15:34:47 0 dr-h----- C:\MSOCache 2007-12-18 11:19:10 0 d-------- C:\Program Files\Support.com 2007-12-18 11:18:12 0 d-------- C:\Program Files\Common Files\SupportSoft 2007-12-12 19:37:22 0 d-------- C:\Users\jack\Data 2007-12-12 16:33:03 0 d-------- C:\Program Files\Microsoft.NET 2007-12-12 16:20:38 0 d-------- C:\Users\All Users\Lavasoft 2007-12-12 16:20:38 0 d-------- C:\Users\All Users\Application Data\Lavasoft 2007-12-12 16:20:38 0 d-------- C:\Program Files\Lavasoft 2007-12-12 16:19:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-12 16:12:05 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2007-12-12 16:12:05 0 d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy 2007-12-12 15:56:29 0 d-------- C:\Users\All Users\Avira 2007-12-12 15:56:29 0 d-------- C:\Users\All Users\Application Data\Avira 2007-12-12 15:56:29 0 d-------- C:\Program Files\Avira 2007-12-12 14:50:11 0 d-------- C:\Users\jack\Application Data\Google 2007-12-11 17:09:55 0 d-------- C:\Users\All Users\LightScribe 2007-12-11 17:09:55 0 d-------- C:\Users\All Users\Application Data\LightScribe 2007-12-11 15:08:36 0 d-------- C:\Users\All Users\Bluetooth 2007-12-11 15:08:36 0 d-------- C:\Users\All Users\Application Data\Bluetooth 2007-12-11 14:53:01 0 d-------- C:\Program Files\IVT Corporation 2007-12-11 14:52:59 0 --a------ C:\Windows\system32 2007-12-11 14:52:59 32 --a------ C:\Windows 2007-12-11 14:45:31 0 d-------- C:\Users\jack\Application Data\Adobe 2007-12-11 14:45:07 0 dr------- C:\Users\jack\Searches 2007-12-11 14:44:59 0 d-------- C:\Users\jack\Application Data\Identities 2007-12-11 14:44:55 0 dr------- C:\Users\jack\Contacts 2007-12-09 16:57:14 0 d-------- C:\Users\jack\Application Data\Macromedia 2007-12-09 10:19:03 0 d-------- C:\Users\jack\Application Data\Hewlett-Packard 2007-12-09 10:16:59 81 --a------ C:\Windows\system32\LOG 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Voisinage réseau 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Voisinage d'impression 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Videos 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\SendTo 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Saved Games 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Recent 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Pictures 2007-12-09 10:16:55 2621440 --ahs---- C:\Users\jack\NTUSER.DAT 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Music 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Modèles 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Mes documents 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Menu Démarrer 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Local Settings 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Links 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Favorites 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Downloads 2007-12-09 10:16:55 0 dr------- C:\Users\jack\Documents 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Cookies 2007-12-09 10:16:55 0 d--hs---- C:\Users\jack\Application Data 2007-12-09 10:16:55 0 d---s---- C:\Users\jack\Application Data\Microsoft 2007-12-09 10:16:55 0 d-------- C:\Users\jack\Application Data\Media Center Programs 2007-12-09 10:16:55 0 d--h----- C:\Users\jack\AppData 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Voisinage réseau 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Voisinage d'impression 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\SendTo 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Recent 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Mes documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Local Settings 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Cookies 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Voisinage réseau 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Voisinage d'impression 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\SendTo 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Recent 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Mes documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Local Settings 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Cookies 2007-12-09 10:15:40 0 d--hs---- C:\Users\Default User\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Favoris 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Bureau 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Modèles 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Menu Démarrer 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Favoris 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Documents 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Bureau 2007-12-09 10:15:40 0 d--hs---- C:\Users\All Users\Application Data\Application Data 2007-12-09 10:15:40 0 d--hs---- C:\Program Files\Fichiers communs 2007-12-09 10:15:40 0 d--hs---- C:\Documents and Settings -- Find3M Report --------------------------------------------------------------- 2008-01-06 21:02:08 690832 --a------ C:\Windows\system32\perfh00C.dat 2008-01-06 21:02:08 117572 --a------ C:\Windows\system32\perfc00C.dat 2008-01-05 17:46:23 0 d-------- C:\Users\jack\AppData\Roaming\Adobe 2008-01-05 15:58:35 0 d-------- C:\Users\jack\AppData\Roaming\Mozilla 2008-01-03 13:01:45 0 d-------- C:\Users\jack\AppData\Roaming\Canon 2008-01-03 12:58:40 0 d-------- C:\Users\jack\AppData\Roaming\ArcSoft 2008-01-01 21:59:15 0 d-------- C:\Users\jack\AppData\Roaming\ScanSoft 2008-01-01 21:59:07 0 d-------- C:\Program Files\Common Files 2008-01-01 21:59:05 0 d-------- C:\Program Files\Common Files\InstallShield 2008-01-01 21:55:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-28 19:03:35 0 d-------- C:\Users\jack\AppData\Roaming\Généatique2007 2007-12-23 13:30:21 0 d-------- C:\Users\jack\AppData\Roaming\CyberLink 2007-12-23 13:30:14 0 d-------- C:\Users\jack\AppData\Roaming\HP 2007-12-20 21:28:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-20 16:50:38 0 d-------- C:\Users\jack\AppData\Roaming\Template 2007-12-20 16:40:19 0 --a------ C:\Users\jack\AppData\Roaming\wklnhst.dat 2007-12-20 10:09:06 0 d-------- C:\Program Files\Google 2007-12-12 15:11:17 0 d-------- C:\Users\jack\AppData\Roaming\Google 2007-12-11 15:35:11 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-11 14:44:59 0 d-------- C:\Users\jack\AppData\Roaming\Identities 2007-12-09 16:57:14 0 d-------- C:\Users\jack\AppData\Roaming\Macromedia 2007-12-09 10:19:03 0 d-------- C:\Users\jack\AppData\Roaming\Hewlett-Packard 2007-12-09 10:15:40 0 d-------- C:\Program Files\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/07/2007 06:57] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/11/2006 21:57] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [06/06/2007 12:52] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06/06/2007 12:52] "Persistence"="C:\Windows\system32\igfxpers.exe" [06/06/2007 12:52] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [28/03/2007 16:45] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2007 07:57] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 10:54] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 12:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 15:12] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 22:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/07/2007 08:14] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/12/2007 15:59] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [28/09/2006 13:16] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [11/10/2006 12:45] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28/06/2007 05:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 13:35] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BlueSoleil - Raccourci.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2007 15:50:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7824 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-01-06 21:36:36 ------------ et enfin ... 4) extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Édition Familiale Premium (build 6000) Architecture: X86; Language: French CPU 0: Intel® Pentium® Dual CPU T2310 @ 1.46GHz Percentage of Memory in Use: 34% Physical Memory (total/avail): 2037.41 MiB / 1335.89 MiB Pagefile Memory (total/avail): 4294.62 MiB / 3394.56 MiB Virtual Memory (total/avail): 2047.88 MiB / 1916.05 MiB C: is Fixed (NTFS) - 142.12 GiB total, 95.32 GiB free. D: is Fixed (NTFS) - 6.92 GiB total, 2.36 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Système de fichiers installable - 142.12 GiB - C: \PARTITION1 - Système de fichiers installable - 6.92 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FW: ZoneAlarm Firewall v7.1.099.000 (Check Point, LTD.) Disabled AV: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) Disabled AS: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) Disabled AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\jack\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC-DE-JACK ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\jack LOCALAPPDATA=C:\Users\jack\AppData\Local LOGONSERVER=\\PC-DE-JACK NUMBER_OF_PROCESSORS=2 OnlineServices=Services en ligne OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PCBRAND=PRESARIO PLATFORM=MCD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\jack\AppData\Local\Temp TMP=C:\Users\jack\AppData\Local\Temp tvdumpflags=8 USERDOMAIN=PC-de-jack USERNAME=jack USERPART=E: USERPROFILE=C:\Users\jack windir=C:\Windows -- User Profiles --------------------------------------------------------------- jack (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bluesoleil2.6.0.9 Release 070606 --> MsiExec.exe /X{846AC73B-9394-48B9-B941-8F7F472F0047} Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP810 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810 /L0x000c Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ISprtHDza.inf Enregistrement utilisateur de Canon MP810 --> C:\Program Files\Canon\IJEREG\MP810\UNINST.EXE ESU for Microsoft Vista --> MsiExec.exe /X{72B5AE99-C0B6-4DF0-8023-0DED52BC43CF} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Généatique 2007 --> "C:\Program Files\Geneatique2007\unins000.exe" HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045_SprtHDzm\UIU32m.exe -U -ISprtHDzm.inf Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409 HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68} HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP DVD Play 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636} HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.20 G2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5} HP User Guides 0078 --> MsiExec.exe /I{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4} HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8} Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSCU for Microsoft Vista --> MsiExec.exe /I{DCB21DB9-6177-4A7B-B85D-7C081F15A424} muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x040c -removeonly NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly Paint Shop Pro 4.15 SE --> C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG PDF-XChange 3 --> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x040c -removeonly Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72} ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type9889 / Error Event Submitted/Written: 01/06/2008 08:56:16 PM Event ID/Source: 5007 / WerSvc Event Description: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9. Event Record #/Type9888 / Error Event Submitted/Written: 01/06/2008 08:56:11 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante dmhik.exe, version 0.0.0.0, horodatage 0x4759612c, module défaillant dmhik.exe, version 0.0.0.0, horodatage 0x4759612c, code d’exception 0x80000003, décalage d’erreur 0x000111b6, ID du processus 0xe0c, heure de début de l’application 0xdmhik.exe0. Event Record #/Type9882 / Success Event Submitted/Written: 01/06/2008 08:55:48 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type9881 / Success Event Submitted/Written: 01/06/2008 08:55:47 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type9878 / Success Event Submitted/Written: 01/06/2008 08:55:02 PM Event ID/Source: 902 / Software Licensing Service Event Description: Le service de gestion des licences du logiciel a démarré. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type16456 / Error Event Submitted/Written: 01/06/2008 09:06:24 PM Event ID/Source: 7030 / Service Control Manager Event Description: Windows Management Service Event Record #/Type16452 / Error Event Submitted/Written: 01/06/2008 08:58:22 PM Event ID/Source: 7000 / Service Control Manager Event Description: HP Health Check Service%%1053 Event Record #/Type16451 / Error Event Submitted/Written: 01/06/2008 08:58:22 PM Event ID/Source: 7009 / Service Control Manager Event Description: 30000HP Health Check Service Event Record #/Type16443 / Error Event Submitted/Written: 01/06/2008 08:56:17 PM Event ID/Source: 7030 / Service Control Manager Event Description: Windows Management Service Event Record #/Type16191 / Error Event Submitted/Written: 01/06/2008 11:14:01 AM Event ID/Source: 7000 / Service Control Manager Event Description: HP Health Check Service%%1053 -- End of Deckard's System Scanner: finished at 2008-01-06 21:36:36 ------------
- le 6 janvier 2008
- 7 réponses
Analyse d'un log file Hijackthis

yvan dyselynck a posté un sujet dans Analyses et éradication malwares

Bien chers membres du forum, BONNE ANNEE Merci de bien vouloir m'aider à valider ce log afin que je ouisse procéder au nettoyage safe de cette machine. Merci d'avance et meilleures salutations Yvan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:09:37, on 05/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhnet.be/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dmzqw.exe] C:\Windows\system32\dmzqw.exe O4 - HKLM\..\Run: [dmazk.exe] C:\Windows\system32\dmazk.exe O4 - HKLM\..\Run: [dmzlf.exe] C:\Windows\system32\dmzlf.exe O4 - HKLM\..\Run: [dmypd.exe] C:\Windows\system32\dmypd.exe O4 - HKLM\..\Run: [dmtbm.exe] C:\Windows\system32\dmtbm.exe O4 - HKLM\..\Run: [dmhrb.exe] C:\Windows\system32\dmhrb.exe O4 - HKLM\..\Run: [dmrvg.exe] C:\Windows\system32\dmrvg.exe O4 - HKLM\..\Run: [dmoux.exe] C:\Windows\system32\dmoux.exe O4 - HKLM\..\Run: [dmzsx.exe] C:\Windows\system32\dmzsx.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [dmajh.exe] C:\Windows\system32\dmajh.exe O4 - HKLM\..\Run: [dmkyw.exe] C:\Windows\system32\dmkyw.exe O4 - HKLM\..\Run: [dmvre.exe] C:\Windows\system32\dmvre.exe O4 - HKLM\..\Run: [dmttb.exe] C:\Windows\system32\dmttb.exe O4 - HKLM\..\Run: [dmhik.exe] C:\Windows\system32\dmhik.exe O4 - HKLM\..\Run: [dmyci.exe] C:\Windows\system32\dmyci.exe O4 - HKLM\..\Run: [dmobi.exe] C:\Windows\system32\dmobi.exe O4 - HKLM\..\Run: [dmbin.exe] C:\Windows\system32\dmbin.exe O4 - HKLM\..\Run: [dmmuj.exe] C:\Windows\system32\dmmuj.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dmctr.exe] C:\Windows\system32\dmctr.exe O4 - HKLM\..\Run: [dmhze.exe] C:\Windows\system32\dmhze.exe O4 - HKLM\..\Run: [dmeba.exe] C:\Windows\system32\dmeba.exe O4 - HKLM\..\Run: [dmpds.exe] C:\Windows\system32\dmpds.exe O4 - HKLM\..\Run: [dmzdu.exe] C:\Windows\system32\dmzdu.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [dmpyx.exe] C:\Windows\system32\dmpyx.exe O4 - HKLM\..\Run: [dmbgf.exe] C:\Windows\system32\dmbgf.exe O4 - HKLM\..\Run: [dmfei.exe] C:\Windows\system32\dmfei.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: BlueSoleil - Raccourci.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED82545E-837C-4B29-8C42-D26B3E1FA500}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D4BED9-F25F-4AFB-9EFD-8370C6916C02}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{10A6C127-7956-416A-A7E8-7768C8B27664}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmdrx.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11978 bytes
- le 5 janvier 2008
- 7 réponses

Connexion

yvan dyselynck

Compteur de contenus

Inscription

Dernière visite

À propos de yvan dyselynck

Contact Methods

Profile Information

Autres informations

yvan dyselynck's Achievements

Junior Member (3/12)

Réputation sur la communauté

Le portable ne démarre plus après installation d'un nouveau SSD

Analyse d'un log file Hijackthis

Analyse d'un log file Hijackthis

Analyse d'un log file Hijackthis

Zebulon

Outils en ligne

Naviguer