Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Mister H

( RESOLU) rapport HijackThis

Messages recommandés

Bonjour,

Suite à la lenteur de mon pc, j'ai déjà suivi les instructions de Papo pour configurer mes services.

J'ai aussi fait un scan antivir en mode sans échec, qui a trouvé dans le fichier de quarantaine d'Avast Netsky.

J'ai demandé la suppression de ces fichiers, mais cela m'a été refusé.

Je joins mon rapport HijackThis.

si vous pouviez me dire si je suis encore infecté.

Merci.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:51:15, on 16/11/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Compaq\EAB\EabServr.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe

O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards

O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Merci

Modifié par Mister H

Partager ce message


Lien à poster
Partager sur d’autres sites

salut :P

 

Est ce que tu as gardé le rapport d'Antivir? si oui poste le stp.

 

Refais un scan avec hijackthis après avoir fait ceci stp :

 

Renomme le fichier HijackThis.exe en manly.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste.

 

Quand tu parles de lenteur ,tu parles de ton surf sur le net ou de ton pc en général?

 

télécharge WinPFind:

http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip

dezippe le et lance winpfind.exe

clique sur Start Scan et soit patient ca peut prendre du temps.

Poste le rapport stp.

 

Fais un scan en ligne avec Kaspersky WebScanner

Sous Démonstration en ligne" , on t'explique la marche à suivre , et pour lancer le scan il faut sélectionner "Exécuter l'analyse en ligne" .Le scan ne marche que sous Internet Explorer.

On va te demander de télécharger un contôle active x, accepte .

Dans le menu "Choisissez la cible de l'analyse" , sélectionne "Poste de travail".

Le scan va commencer.Poste le rapport qui sera généré stp.

Poste le résultat pour voir si rien ne subsiste sur ton pc

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Note: si les fichiers infectés par Netsky sont confinés dans la quarantaine d'Avast, ils ne sont plus actifs, donc pas d'inquiêtude!

@+

Modifié par charles ingals

Partager ce message


Lien à poster
Partager sur d’autres sites

Merci Charles Ingals :P

 

Malheureusement, je n'ai pas gardé dans le pc de mon mari le rapport d'Antivir :P

 

Pour le reste, c'est en cours, le portable est en scan.

Je pourrras peut-être plustôt renomer HijtjackThis en mister.exe non?, ainsi si un jour je dois scanner mon pc...

Pour la lenteur, il s'agit d'une lenteur d'ouverture, d'éxécution et de fermeture.

 

 

Je te remercie d'avoir bien voulu répondre.

 

Manly

Partager ce message


Lien à poster
Partager sur d’autres sites

Voici le premier rapport,celui de WinPFind:

 

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

 

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Logfile created on: 21/11/2006 15:28:15

WinPFind v1.5.0 Folder = C:\Documents and Settings\PATRICK HUBERT\Mes documents\Mes fichiers reçus\DIVERS\WinPFind\WinPFind\

Microsoft Windows XP (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2600.0000)

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

Checking %SystemDrive% folder...

 

Checking %ProgramFilesDir% folder...

 

Checking %WinDir% folder...

 

Checking %System% folder...

UPX! 25/09/2006 16:45:08 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()

UPX! 9/07/2004 9:47:04 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax ()

aspack 22/07/2005 18:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)

PEC2 28/08/2001 5:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()

PEC2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)

PECompact2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)

PECompact2 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

aspack 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

WSUD 23/08/2001 16:47:42 1166336 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)

WSUD 28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

Umonitor 12/02/2002 22:23:04 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)

UPX! 8/11/2003 11:34:00 36864 C:\WINDOWS\SYSTEM32\RLMPCDec.ax (RadLight)

winsync 28/08/2001 5:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

 

Checking %System%\Drivers folder and sub-folders...

 

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

 

 

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

21/11/2006 15:14:10 S 2048 C:\WINDOWS\bootstat.dat ()

21/11/2006 15:17:54 H 1024 C:\WINDOWS\system32\config\default.LOG ()

21/11/2006 15:15:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()

21/11/2006 15:16:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()

21/11/2006 15:31:54 H 1024 C:\WINDOWS\system32\config\software.LOG ()

21/11/2006 15:17:56 H 1024 C:\WINDOWS\system32\config\system.LOG ()

11/11/2006 17:31:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\eac877f6-6350-46cb-bb7c-58b2666df3c2 ()

11/11/2006 17:31:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()

5/11/2006 22:07:12 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f053281-c4aa-4d77-8166-ce2da8240e2e ()

5/11/2006 22:07:12 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()

10/11/2006 20:35:56 H 6 C:\WINDOWS\Tasks\SA.DAT ()

 

Checking for CPL files...

28/08/2001 5:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)

28/08/2001 5:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)

14/06/2003 16:11:04 237633 C:\WINDOWS\SYSTEM32\btcpl.cpl ()

28/08/2001 5:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)

28/08/2001 5:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)

28/08/2001 5:00:00 296448 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)

28/08/2001 5:00:00 124416 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)

23/08/2001 17:47:50 48640 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)

29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)

12/10/2006 3:10:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)

28/08/2001 5:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)

28/08/2001 5:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)

28/08/2001 5:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)

10/09/2002 9:08:16 110592 C:\WINDOWS\SYSTEM32\nmo.cpl (Nokia Corporation)

28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

28/08/2001 5:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)

28/08/2001 5:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)

26/07/2004 2:42:14 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)

28/08/2001 5:00:00 277504 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)

28/08/2001 5:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)

28/08/2001 5:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)

26/05/2005 4:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)

 

Checking for Downloaded Program Files...

{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - HardwareDetection Control - CodeBase = http://drivers1.free.fr/telecharger.php?id=2&version=

{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab

{BD8667B7-38D8-4C77-B580-18C3E146372C} - Creative Toolbox Plug-in - CodeBase = http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

Checking files in %ALLUSERSPROFILE%\Startup folder...

20/09/2006 21:30:38 1757 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk ()

11/11/2006 16:59:30 681 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk ()

20/09/2001 11:51:38 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

30/06/2004 16:10:00 1740 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk ()

 

Checking files in %ALLUSERSPROFILE%\Application Data folder...

20/09/2001 11:38:22 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

 

Checking files in %USERPROFILE%\Startup folder...

20/09/2001 11:51:38 HS 84 C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

Checking files in %USERPROFILE%\Application Data folder...

20/09/2001 11:38:22 HS 62 C:\Documents and Settings\PATRICK HUBERT\Application Data\desktop.ini ()

29/10/2006 0:26:16 41288 C:\Documents and Settings\PATRICK HUBERT\Application Data\GDIPFONTCACHEV1.DAT ()

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

>>> Internet Explorer Settings <<<

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://desktop.presario.net/scripts/redire...;lc=080c&ac

\\Search Bar - http://search.presario.net/scripts/redirec...rch&ap=b204

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Default_Page_URL - http://www.proximus-interactive.be.htm

\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Local Page - %SystemRoot%\system32\blank.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.google.be/

\\Search Bar - http://home.microsoft.com/search/lobby/search.asp

\\Search Page - http://home.microsoft.com/access/allinone.asp

\\Local Page - C:\WINDOWS\system32\blank.htm

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

 

>>> BHO's <<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

\{0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - CitiEUBrowserHelper Class = C:\WINDOWS\System32\BhoCitEU.dll (Orbiscom Ltd. All rights reserved.)

\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)

\{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - IEHlprObj Class = LineAudio.dll ()

 

>>> Internet Explorer Bars, Toolbars and Extensions <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]

\\NEXTID - 8198

\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Messenger

\\{F2011928-474C-466d-8C33-99B0ED86EEB9} - 8194 =

\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =

\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8196 = @shdoclc.dll,-864

\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Console Java (Sun)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm

\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =

\{F2011928-474C-466d-8C33-99B0ED86EEB9} - ButtonText: Citi Internet Number = C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.)

\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)

 

>>> Approved Shell Extensions (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()

\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()

\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()

\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)

\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()

\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()

\\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = ()

\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - Set Program Access and Defaults = ()

\\{596AB062-B4D2-4215-9F74-E9109B0A8153} - Previous Versions Property Page = ()

\\{9DB7A13C-F208-4981-8353-73CC61AE2783} - Previous Versions = ()

\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)

\\{D3796116-94D3-4009-96D7-51578411CC7D} - Outpost Shell Extension = ()

\\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)

\\{40950107-FEA6-4d53-A65F-B2DCBA57DD58} - Nokia Phone Browser = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll (Nokia)

\\{FBFE7864-D495-41f0-B7DC-4BB601CC295E} - Contact View = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll (Nokia)

\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = ()

\\ - = ()

\\{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\System32\btneighborhood.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

>>> Context Menu Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]

\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

 

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)

 

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]

\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)

\BitDefender Antivirus v7 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()

\BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

 

>>> Column Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

 

>>> Registry Run Keys <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ATIModeChange - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.)

SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

eabconfg.cpl - C:\Program Files\Compaq\EAB\EabServr.exe (Compaq)

srmclean - C:\Cpqs\Scom\srmclean.exe ()

Cpqset - C:\Program Files\compaq\cpqsetup\cpqset.exe ()

CitiINum_French - C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.)

ElbyCheckAnyDVD - C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)

RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

IntelliPoint - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)

avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()

D-Link AirPlus XtremeG - C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)

ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

InCD - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)

DataLayer - C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE (Nokia Mobile Phones Ltd.)

PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE ()

snpstd - C:\WINDOWS\vsnpstd.exe ()

RAM Idle - C:\Program Files\Customizer XP\RAM_2K.exe ()

QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)

SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

CTFMON.EXE - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

>>> Startup Links <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]

C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

>>> MSConfig Disabled Items <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 2

services 0

startup 0

 

 

[All Users Startup Folder Disabled Items]

 

[Current User Startup Folder Disabled Items]

 

>>> User Agent Post Platform <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

>>> AppInit Dll's <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

 

>>> Image File Execution Options <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

\Your Image File Name Here without a path - Debugger = ntsd -d

 

>>> Shell Service Object Delay Load <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)

\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

 

>>> Shell Execute Hooks <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

 

>>> Shared Task Scheduler <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

 

>>> Winlogon <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

\\UserInit = C:\WINDOWS\system32\userinit.exe,

\\Shell = Explorer.exe

\\System =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

\crypt32chain - crypt32.dll = (Microsoft Corporation)

\cryptnet - cryptnet.dll = (Microsoft Corporation)

\cscdll - cscdll.dll = (Microsoft Corporation)

\ScCertProp - wlnotify.dll = (Microsoft Corporation)

\Schedule - wlnotify.dll = (Microsoft Corporation)

\sclgntfy - sclgntfy.dll = (Microsoft Corporation)

\SensLogn - WlNotify.dll = (Microsoft Corporation)

\termsrv - wlnotify.dll = (Microsoft Corporation)

\wlballoon - wlnotify.dll = (Microsoft Corporation)

 

>>> DNS Name Servers <<<

{1358F57A-895A-4B80-94A3-1AE9FA4D5DB1} - ()

{344D726A-AB66-48BA-99F2-2E6AD6524577} - ()

{952445BE-EE08-4E95-858F-C13AA16F5DC2} - (Carte réseau 1394)

{9FC5123C-30F9-4F71-9C25-A312366D84FB} - (D-Link AirPlus DWL-G650 Wireless Cardbus Adapter(rev.C))

{A95B784E-459B-426B-A9C6-627CEE0EB26B} - ()

{B78DEED4-FC12-43AA-88E4-AB520F0D9EDF} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)

 

>>> All Winsock2 Catalogs <<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)

\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

 

>>> Protocol Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]

\ipp - ()

\msdaipp - ()

 

>>> Protocol Filters (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

 

>>> Selected AddOn's <<<

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

le rapport de Kaspersky sera posté dès qu'il sera fait

 

cordialement,

Manly pour son Mister qui travaille

Partager ce message


Lien à poster
Partager sur d’autres sites

voici le rapport KASPERSKY

KASPERSKY ON-LINE SCANNER REPORT

Tuesday, November 21, 2006 5:49:03 PM

Système d'exploitation : Microsoft Windows XP Home Edition, (Build 2600)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 21/11/2006

Enregistrements dans la base antivirus Kaspersky : 229726

Paramètres d'analyse

Analyser avec la base antivirus suivante standard

Analyser les archives vrai

Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail

A:\

C:\

D:\

Statistiques de l'analyse

Total d'objets analysés 44432

Nombre de virus trouvés 1

Nombre d'objets infectés 0 / 0

Nombre d'objets suspects 14

Durée de l'analyse 01:41:49

 

Nom de l'objet infecté Nom du virus Dernière action

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\cert8.db L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\formhistory.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\history.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\key3.db L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\parent.lock L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\search.sqlite L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\urlclassifier2.sqlite L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From mentfamily@wanadoo.fr][Date Tue, 18 Apr 2006 13:28:48 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From infos@tpgmonaco.com][Date Tue, 18 Apr 2006 11:08:21 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From "Nicholas" ][Date Mon, 17 Apr 2006 18:31:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED/[From "Silke" ][Date Tue, 18 Apr 2006 06:37:33 +0400]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm Mail: suspect - 13 ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\Perflib_Perfdata_514.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\~DF948B.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\PATRICK HUBERT\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré

C:\System Volume Information\_restore{0E146069-ED9D-439E-9989-CCF268F6A6C3}\RP202\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat L'objet est verrouillé ignoré

C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

Analyse terminée.

 

 

Donc si jecomprends bien,ily a une "saloperie" dans l'ordi de mon mari.

 

Je refais le rapport Hitjachiks et je le poste ?

 

Merci

Manly pour son mIster

Modifié par Mister H

Partager ce message


Lien à poster
Partager sur d’autres sites
Je refais le rapport Hitjachiks et je le poste

 

Oui stp, en ayant renommé hijackthis.exe au préalable .(comme précisé plus haut)

Je repasse pour lire et analyser ces rapports :P

Partager ce message


Lien à poster
Partager sur d’autres sites

voici le rapport Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 18:27:08, on 21/11/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Compaq\EAB\EabServr.exe

C:\Program Files\Citi Internet Number\CitiINum.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Customizer XP\RAM_2K.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe

C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\HijackThis\MisterH.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe

O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards

O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

voilà, à bientôt

 

Manly, son Mister toujours au boulot

 

ps je ne vois pas de différence avec le fichier renomé.

aurais-je fais une fausse manip?

Modifié par Mister H

Partager ce message


Lien à poster
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×