| Auteur |
Message |
Neurone isolé
Messages: 9
Tutoriaux : 0
|
 Posté le:
Mer 27 Aoû 2008 16:30 Sujet : Question rapport HijackThis suite à infection par Antivirus 2009 |
   |
Bonjour à toutes et à tous!
Désolé, je ne fais pas vraiment dans l'originalité, mais moi aussi j'ai été infecté par Antivirus
2009... (J'utilise windows XP familial)
Je me suis donc renseigné sur les forums existants et j'ai donc:
-1)désinstallé Antivirus 2009 (apparemment ça a fonctionné)
-2)réalisé un scann complet avec Malwarebyte en mode sans échec (resultat: 10 fichiers infectés que
j'ai supprimés)
-3)Réalisé un scann avec HijackThis.
-4)Refait un scann complet avec Malwarebyte (resultat: 0 element infécté)
A l'heure actuelle, tout semble être rentré dans l'ordre (pas
de fenêtres bleues intempestive ou d'empêchement d'accès à internet etc...
L'ennui, c'est que je ne sais pas vraiment comment interpréter le rapport de HijackThis (collé
ci-dessous)...
Y aurait-il SVP parmi vous quelqu'un qui puisse me dire s'il reste
des traces d'infections??? Si oui que dois-je faire???
Merci d'avance!!!
Rapport du scann Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:47, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=Q106&a
mp;bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD
Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless
Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google
Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site
.cab?1201996629421
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.
15.0/ImageUploader5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program
Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD
Plus\USBDeviceService.exe
--
End of file - 9980 bytes |
|
|
   |
|
Geek
AidoAntivirus
Messages: 2470
Tutoriaux : 0
|
| Posté le:
Mer 27 Aoû 2008 18:15 Sujet : Question rapport HijackThis suite à infection par Antivirus 2009 |
|
Bonsoir 
Un peu de lecture pour te faire prendre conscience des lacunes d'avast du moment.
=============
Tu n'as pas de Firewall, c'est la 1ere des protections à installer pour un minimum de sécurité...
Le parefeu windows ne bloque QUE LES ENTREES, il ne bloque
aucune sortie, ce qui fait que lorsque l'on est infecté,
toutes les infos récupérées par les éditeurs de malwares peuvent sortir en douce sans que tu ne les
apercoives, ce qui n'est pas le cas des parefeux suivants, qui bloque les entrées ET les sorties.
Tu DOIS ABSOLUMENT installer un FIREWALL, en voila 4, gratuits et performants :
Zone alarm, parefeu gratuit et performant :
Kerio Personnal Firewall très bon et gratuit aussi :
Jetico, que je n'ai pas testé mais dont j'ai eu de très bons
échos :
Outpost
=============
Je vais avoir besoin d'un petit service, il faudrait que tu envoies un fichier pour analyse plus
approfondie :
Rends-toi sur cette page : http://www.bleepingcomputer.com/submit-malware.php?channel=27
Dans Link to topic where this file was requested: copie ceci
: http://www.aidoforum.com/forum/viewtopic.php?p=264170#264170
Clique sur Parcourir. Navigue dans tes dossiers pour trouver
ce fichier : C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe
Dans le cadre au-dessous de Leave any comments, further information
about this file, or contact information: , copie ceci :
| Code: | Upload demandé par
Synthexe.
O4 - HKCU\..\Run: [Update]
"C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe" |
Clique sur Send File.
Dis moi si le fichier a bien été envoyé.
Merci. 
=============
Rends toi sur ce lien : Virus Total
- Clique sur Parcourir
- Rends toi jusque sur ce fichier si tu le trouves :
C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe
- Clique sur Envoyer le fichier et laisse travailler tant
que "Situation actuelle : en cours d'analyse" est
affiché.
- Il est possible que le fichier soit mis en file
d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra
patienter sans actualiser la page.
- Lorsque l'analyse est terminée ("Situation actuelle:
terminé"), clique sur Formaté
- Une nouvelle fenêtre de ton navigateur va apparaître
- Clique alors sur cette image :
- Fais un clic droit sur la page, et choisis Sélectionner
tout, puis copier
- Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me
communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à
l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
=============
Télécharge OTViewIt sur votre Bureau.
- Ferme toutes les fenêtres de programme, puis lance-le
- Clique sur le bouton Run Scan et laisse le programme tourner sans l'interrompre
- Il va produire deux rapports (logs), l'un d'eux nommé OTViewIt.txt va s'ouvrir dans le Bloc-notes, l'autre nommé Extras sera enregistré sur le Bureau. Envoies ces deux logs en réponse.
- Il faudra peut-être que tu utilises deux messages pour envoyer ces deux logs sur le forum.
=============
Poste le rapport de VirusTotal et celui d'OTViewIt.
Bonne soirée  |
_________________
Anti-Malware Powa
 |
|
 |
|
Neurone isolé
Messages: 9
Tutoriaux : 0
|
| Posté le:
Mer 27 Aoû 2008 23:18 Sujet : Question rapport HijackThis suite à infection par Antivirus 2009 |
|
Bonsoir Synthexe, et merci pour ta réactivité et la clarté de tes explications!
J'ai installé et configuré Kerio personal, j'ignorais que le firewall de windows ne marchait que
dans un sens...
Alors concernant le reste des tâches, ça s'annonce plus complexe. Avant de poster ce message sur le
forum, j'avais envoyé le rapport à un pote informaticien qui m'avait recommandé de supprimer le
fameux fichier C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe. Je l'ai donc effacé et naturellement
j'ai vidé la corbeille.
Cependant après suppression, je m'etonnais de toujours le voir apparaitre dans le rapport de
HijackThis... Pas cool donc. 
Donc je ne peux pas lancer les 2 analyses que tu m'as demandées. Par contre j'ai fait tourner
OTViewIt, et voici les 2 logs qu'il m'a sortis:
OTViewIT.txt
OTViewIt logfile created on: 28/08/2008 00:00:18 - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Julien\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1013,98 Mb Total Physical Memory | 614,39 Mb Available Physical Memory | 60,59% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85,87 Gb Total Space | 3,97 Gb Free Space | 4,62% Space Free | Partition Type: NTFS
Drive D: | 6,27 Gb Total Space | 0,45 Gb Free Space | 7,16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC179091529018
Current User Name: Julien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
===== Processes - Non-Microsoft Only =====
[07/19/2008 04:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
[07/19/2008 04:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
[02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Fichiers
communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[02/03/2008 01:42 AM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
[11/03/2005 01:25 AM | 00,098,304 | ---- | M] (Intel Corporation) -
C:\WINDOWS\system32\igfxtray.exe
[11/03/2005 01:22 AM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[11/03/2005 01:26 AM | 00,118,784 | ---- | M] (Intel Corporation) -
C:\WINDOWS\system32\igfxpers.exe
[10/20/2005 04:15 PM | 00,102,400 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD
Plus\DetectorApp.exe
[11/11/2005 09:04 AM | 00,761,945 | ---- | M] (Synaptics, Inc.) - C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
[11/16/2005 06:30 PM | 00,503,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[02/17/2005 09:11 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\HP
Software Update\hpwuSchd2.exe
[12/12/2005 09:39 PM | 00,094,208 | ---- | M] (CyberLink Corp.) - C:\Program
Files\HP\QuickPlay\QPService.exe
[12/19/2005 11:44 AM | 01,368,064 | ---- | M] (Sunbelt Software) - C:\Program Files\Sunbelt
Software\Personal Firewall 4\kpf4ss.exe
[12/07/2005 08:56 PM | 00,409,600 | ---- | M] (Hewlett-Packard ) - C:\Program Files\HPQ\Quick Launch
Buttons\eabservr.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe
[07/19/2008 04:38 PM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashDisp.exe
[02/24/2008 05:34 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program
Files\iTunes\iTunesHelper.exe
[02/03/2008 01:42 AM | 00,125,624 | ---- | M] (Google) - C:\Program Files\Google\Google
Updater\GoogleUpdater.exe
[11/13/2007 07:57 PM | 02,359,296 | ---- | M] (OpenOffice.org) - C:\Program Files\OpenOffice.org
2.3\program\soffice.exe
[11/13/2007 07:57 PM | 02,510,848 | ---- | M] (OpenOffice.org) - C:\Program Files\OpenOffice.org
2.3\program\soffice.bin
[10/23/2005 08:46 AM | 00,069,632 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
[09/24/2005 10:42 AM | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[10/20/2005 04:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD
Plus\USBDeviceService.exe
[11/28/2005 07:07 PM | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[12/19/2005 11:43 AM | 02,617,344 | ---- | M] (Sunbelt Software) - C:\Program Files\Sunbelt
Software\Personal Firewall 4\kpf4gui.exe
[07/19/2008 04:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
[07/23/2008 04:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program
Files\iPod\bin\iPodService.exe
[12/19/2005 11:43 AM | 02,617,344 | ---- | M] (Sunbelt Software) - C:\Program Files\Sunbelt
Software\Personal Firewall 4\kpf4gui.exe
[10/21/2005 06:48 PM | 00,483,414 | R--- | M] () - C:\Program Files\HPQ\Shared\HpqToaster.exe
[08/27/2008 11:57 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and
Settings\Julien\Bureau\OTViewIt.exe
===== Win32 Services - Non-Microsoft Only =====
(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Fichiers
communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 04:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 04:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 04:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 04:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
(dmadmin) Service d'administration du Gestionnaire de disque logique [On_Demand | Stopped]
[08/05/2004 10:00 AM | 00,225,280 | ---- | M] (Microsoft Corp., Veritas Software) -
C:\WINDOWS\system32\dmadmin.exe
(gusvc) Google Updater Service [Auto | Running]
[02/03/2008 01:42 AM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
(hpqwmi) HP WMI Interface [On_Demand | Stopped]
[06/14/2005 07:29 PM | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Program Files\HPQ\Shared\hpqwmi.exe
(hpqwmiex) hpqwmiex [Auto | Running]
[11/28/2005 07:07 PM | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[10/22/2004 01:24 PM | 00,073,728 | ---- | M] (Macrovision Corporation) - C:\Program Files\Fichiers
communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
(iPod Service) Service de l'iPod [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program
Files\iPod\bin\iPodService.exe
(KPF4) Sunbelt Kerio Personal Firewall 4 [Auto | Running]
[12/19/2005 11:44 AM | 01,368,064 | ---- | M] (Sunbelt Software) - C:\Program Files\Sunbelt
Software\Personal Firewall 4\kpf4ss.exe
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[10/23/2005 08:46 AM | 00,069,632 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
(USBDeviceService) USBDeviceService [Auto | Running]
[10/20/2005 04:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD
Plus\USBDeviceService.exe
===== Driver Services - Non-Microsoft Only =====
(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 04:32 PM | 00,026,944 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aavmker4.sys
(AliIde) AliIde [Boot | Running]
[08/17/2001 04:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -
C:\WINDOWS\system32\drivers\aliide.sys
(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 04:37 PM | 00,020,560 | ---- | M] (ALWIL Software) -
C:\WINDOWS\system32\drivers\aswFsBlk.sys
(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 04:37 PM | 00,094,416 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswmon2.sys
(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 04:33 PM | 00,023,152 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswRdr.sys
(aswSP) avast! Self Protection [System | Running]
[07/19/2008 04:35 PM | 00,078,416 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswSP.sys
(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 04:32 PM | 00,042,912 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswTdi.sys
(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[08/18/2005 10:22 AM | 00,056,648 | ---- | M] (Broadcom Corporation.) -
C:\WINDOWS\system32\drivers\btwusb.sys
(dmboot) dmboot [Disabled | Stopped]
[08/05/2004 10:00 AM | 00,800,256 | ---- | M] (Microsoft Corp., Veritas Software) -
C:\WINDOWS\system32\drivers\dmboot.sys
(dmio) dmio [Disabled | Stopped]
[08/05/2004 10:00 AM | 00,154,496 | ---- | M] (Microsoft Corp., Veritas Software) -
C:\WINDOWS\system32\drivers\dmio.sys
(dmload) dmload [Disabled | Stopped]
[08/05/2004 10:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -
C:\WINDOWS\system32\drivers\dmload.sys
(E100B) Intel(R) PRO Network Connection Driver [On_Demand | Running]
[11/03/2005 10:31 AM | 00,157,696 | ---- | M] (Intel Corporation) -
C:\WINDOWS\system32\drivers\e100b325.sys
(eabfiltr) eabfiltr [System | Running]
[05/05/2005 08:04 PM | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\WINDOWS\system32\drivers\eabfiltr.sys
(eabusb) eabusb [On_Demand | Stopped]
[05/05/2005 08:04 PM | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\WINDOWS\system32\drivers\EabUsb.sys
(fwdrv) Firewall Driver [System | Running]
[12/15/2005 06:13 PM | 00,274,432 | ---- | M] (Sunbelt Software) -
C:\WINDOWS\system32\drivers\fwdrv.sys
(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) -
C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
(GenPort) GenPort [Auto | Stopped]
[12/23/1998 08:20 PM | 00,006,112 | ---- | M] () - C:\WINDOWS\System32\drivers\genport.sys
(GenPort2) GenPort2 [Auto | Running]
[12/23/1998 09:23 PM | 00,006,112 | ---- | M] () - C:\WINDOWS\System32\drivers\genport2.sys
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [On_Demand |
Running]
[11/22/2005 09:55 PM | 00,506,880 | ---- | M] (Conexant Systems Inc.) -
C:\WINDOWS\system32\drivers\CHDAud.sys
(HDAudBus) Pilote de bus Microsoft UAA pour High Definition Audio [On_Demand | Running]
[01/08/2005 03:07 AM | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -
C:\WINDOWS\system32\drivers\Hdaudbus.sys
(HSFHWAZL) HSFHWAZL [On_Demand | Running]
[08/22/2005 02:06 AM | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -
C:\WINDOWS\system32\drivers\HSFHWAZL.sys
(HSF_DPV) HSF_DPV [On_Demand | Running]
[08/22/2005 02:07 AM | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -
C:\WINDOWS\system32\drivers\HSF_DPV.sys
(ialm) ialm [On_Demand | Running]
[11/03/2005 01:50 AM | 01,353,820 | ---- | M] (Intel Corporation) -
C:\WINDOWS\system32\drivers\ialmnt5.sys
(iaStor) Intel AHCI Controller [Boot | Running]
[10/13/2005 03:07 AM | 00,874,240 | ---- | M] (Intel Corporation) -
C:\WINDOWS\system32\drivers\iaStor.sys
(khips) Kerio HIPS Driver [System | Running]
[12/15/2005 06:01 PM | 00,081,920 | ---- | M] () - C:\WINDOWS\system32\drivers\khips.sys
(mdmxsdk) mdmxsdk [Auto | Running]
[03/16/2004 09:04 PM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys
(Mvc25U870_VID_1262&PID_25FD) HP Webcam 1000 [On_Demand | Stopped]
[11/30/2005 08:34 AM | 00,050,560 | ---- | M] (Micro Vision Co.,Ltd) -
C:\WINDOWS\system32\drivers\Mvc25U870.sys
(Ptilink) Pilote de liaison parallèle directe [On_Demand | Running]
[08/05/2004 10:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -
C:\WINDOWS\system32\drivers\ptilink.sys
(PxHelp20) PxHelp20 [Boot | Running]
[04/25/2005 12:03 PM | 00,020,640 | ---- | M] (Sonic Solutions) -
C:\WINDOWS\system32\drivers\pxhelp20.sys
(rimmptsk) rimmptsk [On_Demand | Running]
[11/16/2005 06:28 AM | 00,028,928 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimmptsk.sys
(rimsptsk) rimsptsk [On_Demand | Running]
[11/01/2005 03:54 AM | 00,051,584 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimsptsk.sys
(rismxdp) Ricoh xD-Picture Card Driver [On_Demand | Running]
[11/01/2005 04:08 AM | 00,308,992 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rixdptsk.sys
(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 12:25 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited,
and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys
(SMCIRDA) Pilote de périphérique SMC IrCC Miniport [On_Demand | Stopped]
[08/24/2001 03:21 AM | 00,036,937 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys
(SONYPVU1) Pilote de filtrage Sony USB (SONYPVU1) [On_Demand | Stopped]
[08/17/2001 10:56 PM | 00,007,552 | ---- | M] (Sony Corporation) -
C:\WINDOWS\system32\drivers\SONYPVU1.SYS
(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[11/11/2005 08:50 AM | 00,191,936 | ---- | M] (Synaptics, Inc.) -
C:\WINDOWS\system32\drivers\SynTP.sys
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [On_Demand | Running]
[12/17/2005 02:17 PM | 01,428,096 | ---- | M] (Intel® Corporation) -
C:\WINDOWS\system32\drivers\w39n51.sys
(winachsf) winachsf [On_Demand | Running]
[08/22/2005 02:06 AM | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -
C:\WINDOWS\system32\drivers\HSF_CNXT.sys
===== Run Keys =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 04:38 PM | 00,078,008 |
---- | M] (ALWIL Software)
"Cpqset" = C:\Program Files\HPQ\Default Settings\cpqset.exe [05/18/2005 08:29 PM |
00,233,534 | ---- | M] ()
"DetectorApp" = C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
[10/20/2005 04:15 PM | 00,102,400 | ---- | M] ()
"eabconfg.cpl" = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start [12/07/2005
08:56 PM | 00,409,600 | ---- | M] (Hewlett-Packard )
"High Definition Audio Property Page Shortcut" = CHDAudPropShortcut.exe [11/22/2005 09:55
PM | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HP Software Update" = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [02/17/2005
09:11 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"hpWirelessAssistant" = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless
Assistant.exe [11/16/2005 06:30 PM | 00,503,808 | ---- | M] (Hewlett-Packard Development Company,
L.P.)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [11/03/2005 01:22 AM | 00,077,824 | ---- | M]
(Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [11/03/2005 01:26 AM | 00,118,784 | ---- |
M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [11/03/2005 01:25 AM | 00,098,304 | ---- |
M] (Intel Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM
| 00,267,048 | ---- | M] (Apple Inc.)
"QPService" = "C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 09:39 PM
| 00,094,208 | ---- | M] (CyberLink Corp.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"RecGuard" = C:\Windows\SMINST\RecGuard.exe [10/11/2005 08:23 PM | 01,187,840 | ---- | M]
()
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [11/11/2005 09:04 AM |
00,761,945 | ---- | M] (Synaptics, Inc.)
"TkBellExe" = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"
-osboot [02/24/2008 05:34 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avi Player" = "C:\Program Files\Avi Player\AviPlayer.exe" hmw File not found
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[11/04/2007 11:02 AM | 00,068,856 | ---- | M] (Google Inc.)
"Update" = "C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\update.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
===== Startup Folders =====
[All Users Startup Folder - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
[09/24/2005 11:39 AM | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP
Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[12/14/2004 04:44 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and
Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[02/03/2008 01:42 AM | 00,125,624 | ---- | M] (Google) - C:\Documents and Settings\All Users\Menu
Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk = C:\Program Files\Google\Google
Updater\GoogleUpdater.exe
[Julien Startup Folder - C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage]
[08/17/2007 10:57 PM | 00,393,216 | ---- | M] () - C:\Documents and Settings\Julien\Menu
Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org
2.3\program\quickstart.exe
===== BHO's =====
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 01:56 AM | 00,063,136 | ---- | M] (Adobe Systems
Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [02/24/2008 05:35 PM |
00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems,
Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key
does not exist or could not be opened.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [02/05/2008 09:03 PM | 02,436,160 | R--- | M] (Google Inc.)
c:\Program Files\Google\GoogleToolbar1.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [02/03/2008 01:42 AM | 00,654,320 | ---- | M] (Google
Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
===== Toolbars =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [02/05/2008 09:03 PM | 02,436,160 | R--- | M] (Google Inc.) c:\Program
Files\Google\GoogleToolbar1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [02/05/2008 09:03 PM | 02,436,160 | R--- | M] (Google Inc.) c:\Program
Files\Google\GoogleToolbar1.dll
"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key
does not exist or could not be opened.
===== Policies =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
===== Desktop Components =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "Ma page d'accueil"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
===== Shared Task Scheduler =====
===== AppInit_Dlls =====
===== Lsa Authentication Packages =====
===== Lsa Security Packages =====
===== Authorized Applications List =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainP
rofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/05/2004 10:00 AM |
00,142,336 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows
Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows
Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standar
dProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/05/2004 10:00 AM |
00,142,336 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Services en ligne\AOL\waol.exe" = C:\Program Files\Services en
ligne\AOL\waol.exe File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows
Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows
Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe
[02/04/2008 12:43 AM | 00,219,952 | ---- | M] ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet
Explorer\iexplore.exe [06/23/2008 11:21 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program
Files\Real\RealPlayer\realplay.exe [02/24/2008 05:34 PM | 00,214,560 | ---- | M] (RealNetworks,
Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008
10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe
[02/05/2007 06:35 PM | 25,370,152 | ---- | M] (Skype Technologies S.A.)
"C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe" = C:\Program
Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe [12/19/2005 11:43 AM | 02,617,344 | ---- | M]
(Sunbelt Software)
===== HKLM Winlogon Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 03:22 PM | 01,037,312 | ---- | M] (Microsoft Corporation)
C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/05/2004 10:00 AM | 00,025,088 | ---- | M]
(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/05/2004 10:00 AM | 00,515,584 | ---- | M] (Microsoft Corporation)
C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 06:56 PM | 08,510,976 | ---- | M] (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/05/2004 10:00 AM | 00,305,152 | ---- | M]
(Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
===== User's Winlogon Settings =====
===== Winlogon Notify Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [11/03/2005 01:21 AM | 00,135,168 | ---- | M]
(Intel Corporation)
===== Safeboot Options =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
===== Disabled MsConfig Items =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0
===== DNS Name Servers =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0CCDABFB-42CA-4899-
9A89-33069409F6AA}]
Servers: | Description:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2F8210DA-D685-4C05-
B2F8-DE1BB7A9C6FF}]
Servers: | Description: Carte réseau 1394
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{57568E5B-26E7-4E1C-
BE03-F78472953F6B}]
Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{CFFD96C8-A9CC-4B40-
9941-1F34A781710A}]
Servers: | Description: Intel(R) PRO/100 VE Network Connection
===== CDRom AutoRun Settings =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
===== Autorun Files on Drives =====
AUTOEXEC.BAT []
[07/27/2001 11:07 PM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]
Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 03:01 PM | 00,000,053 | -HS- | M] () D:\Autorun.inf [ FAT32 ]
===== MountPoints2 =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e398f4f-d65b-11
dc-9d0f-00163607b543}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e398f4f-d65b-11
dc-9d0f-00163607b543}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:56 PM | 08,510,976 | ---- | M]
(Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e398f4f-d65b-11
dc-9d0f-00163607b543}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d557e6-3722-11
dd-9d97-00163607b543}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d557e6-3722-11
dd-9d97-00163607b543}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:56 PM | 08,510,976 | ---- | M]
(Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d557e6-3722-11
dd-9d97-00163607b543}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5a1cbf1-dc6d-11
dc-9d16-00163607b543}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5a1cbf1-dc6d-11
dc-9d16-00163607b543}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:56 PM | 08,510,976 | ---- | M]
(Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5a1cbf1-dc6d-11
dc-9d16-00163607b543}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec450830-2feb-11
dd-9d89-00163607b543}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec450830-2feb-11
dd-9d89-00163607b543}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:56 PM | 08,510,976 | ---- | M]
(Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec450830-2feb-11
dd-9d89-00163607b543}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
"" = AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
"" = &Exécution automatique
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\c
ommand]
"" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:56 PM | 08,510,976 | ---- | M]
(Microsoft Corporation)
===== Hosts File =====
HOSTS File = (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
[Files/Folders - Created Within 90 days]
[08/27/2008 04:29 PM | 10,633,09312 | -HS- | C] () - C:\hiberfil.sys
[07/06/2008 04:35 PM | 00,217,118 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/06/2008 04:35 PM | 00,764,868 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/06/2008 04:35 PM | 01,197,294 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/06/2008 04:33 PM | 00,000,000 | -H-- | C] () -
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[06/01/2008 11:08 AM | 00,020,560 | ---- | C] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswFsBlk.sys
[06/01/2008 11:08 AM | 00,078,416 | ---- | C] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswSP.sys
[07/06/2008 04:33 PM | ---D | C] - C:\WINDOWS\System32\drivers\UMDF
[08/26/2008 06:12 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) -
C:\WINDOWS\System32\drivers\mbam.sys
[08/26/2008 06:12 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) -
C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[7 C:\WINDOWS\System32\*.tmp files]
[06/09/2008 08:34 PM | ---D | C] - C:\WINDOWS\System32\Adobe
[07/06/2008 04:33 PM | ---D | C] - C:\WINDOWS\System32\LogFiles
[08/18/2008 07:36 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\java.exe
[08/18/2008 07:36 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\javaw.exe
[08/18/2008 07:36 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\javaws.exe
[08/27/2008 09:57 PM | 00,004,212 | -H-- | C] () - C:\WINDOWS\System32\zllictbl.dat
[2 C:\WINDOWS\*.tmp files]
[08/26/2008 05:56 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\nsreg.dat
[08/26/2008 06:20 PM | ---D | C] - C:\WINDOWS\pss
[08/26/2008 08:44 PM | ---D | C] - C:\WINDOWS\BDOSCAN8
[08/27/2008 09:55 PM | ---D | C] - C:\WINDOWS\Internet Logs
[07/08/2008 06:39 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Zylom
[07/16/2008 08:14 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/26/2008 06:12 PM | ---D | C] - C:\Documents and Settings\All Users\Application
Data\Malwarebytes
[08/27/2008 09:57 PM | ---D | C] - C:\Documents and Settings\All Users\Application
Data\MailFrontier
[08/25/2008 04:26 PM | ---D | C] - C:\Documents and Settings\Julien\Application Data\dvdcss
[08/26/2008 05:56 PM | ---D | C] - C:\Documents and Settings\Julien\Application Data\Mozilla
[08/26/2008 06:12 PM | ---D | C] - C:\Documents and Settings\Julien\Application Data\Malwarebytes
[08/26/2008 05:56 PM | ---D | C] - C:\Documents and Settings\Julien\Local Settings\Application
Data\Mozilla
[06/20/2008 12:12 AM | 00,027,403 | ---- | C] () - C:\Documents and Settings\Julien\Mes
documents\bleu.odt
[06/24/2008 11:23 PM | R--D | C] - C:\Documents and Settings\Julien\Mes documents\Ma musique
[07/16/2008 08:14 PM | 00,001,740 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Adobe
Reader 7.0.lnk
[08/26/2008 05:56 PM | 00,001,602 | ---- | C] () - C:\Documents and Settings\All
Users\Bureau\Mozilla Firefox.lnk
[07/06/2008 04:34 PM | 00,000,782 | ---- | C] () - C:\Documents and Settings\Julien\Bureau\Windows
Media Player.lnk
[08/26/2008 06:10 PM | 02,085,144 | ---- | C] (Malwarebytes Corporation
) - C:\Documents and Settings\Julien\Bureau\mbam-setup.exe
[08/26/2008 08:26 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and
Settings\Julien\Bureau\HJTInstall.exe
[08/26/2008 08:27 PM | 00,001,734 | ---- | C] () - C:\Documents and
Settings\Julien\Bureau\HijackThis.lnk
[08/27/2008 11:54 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and
Settings\Julien\Bureau\OTViewIt.exe
[07/16/2008 08:14 PM | 00,001,757 | ---- | C] () - C:\Documents and Settings\All Users\Menu
Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
[07/06/2008 04:34 PM | ---D | C] - C:\Program Files\Windows Media Connect 2
[08/26/2008 05:56 PM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/26/2008 06:12 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/26/2008 08:27 PM | ---D | C] - C:\Program Files\Trend Micro
[08/27/2008 10:37 PM | ---D | C] - C:\Program Files\Sunbelt Software
[Files/Folders - Modified Within 90 days]
[06/04/2008 07:02 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt17.sqm
[06/04/2008 07:02 AM | 00,000,268 | -H-- | M] () - C:\sqmdata17.sqm
[06/05/2008 01:38 AM | 00,000,172 | -H-- | M] () - C:\sqmdata19.sqm
[06/05/2008 01:38 AM | 00,000,172 | -H-- | M] () - C:\sqmnoopt19.sqm
[06/05/2008 09:07 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt00.sqm
[06/05/2008 09:07 PM | 00,000,268 | -H-- | M] () - C:\sqmdata00.sqm
[06/05/2008 12:51 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt18.sqm
[06/05/2008 12:51 AM | 00,000,268 | -H-- | M] () - C:\sqmdata18.sqm
[06/20/2008 05:14 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[06/20/2008 05:14 PM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[07/04/2008 07:02 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt02.sqm
[07/04/2008 07:02 PM | 00,000,268 | -H-- | M] () - C:\sqmdata02.sqm
[08/18/2008 11:21 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt03.sqm
[08/18/2008 11:21 PM | 00,000,268 | -H-- | M] () - C:\sqmdata03.sqm
[08/19/2008 04:14 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt04.sqm
[08/19/2008 04:14 PM | 00,000,268 | -H-- | M] () - C:\sqmdata04.sqm
[08/27/2008 04:28 PM | 00,000,216 | RHS- | M] () - C:\boot.ini
[08/27/2008 10:37 PM | ---D | M] - C:\Config.Msi
[08/27/2008 10:37 PM | ---D | M] - C:\Program Files
[08/27/2008 10:38 PM | 00,000,044 | ---- | M] () - C:\XP_TV.ini
[08/27/2008 10:38 PM | 00,001,085 | -HS- | M] () - C:\hpqp.ini
[08/27/2008 10:38 PM | 10,633,09312 | -HS- | M] () - C:\hiberfil.sys
[08/27/2008 10:38 PM | ---D | M] - C:\WINDOWS
[07/06/2008 04:33 PM | 00,000,000 | -H-- | M] () -
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[07/06/2008 04:33 PM | ---D | M] - C:\WINDOWS\System32\drivers\UMDF
[07/19/2008 04:32 PM | 00,026,944 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 04:32 PM | 00,042,912 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 04:33 PM | 00,023,152 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 04:35 PM | 00,078,416 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 04:37 PM | 00,020,560 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 04:37 PM | 00,094,416 | ---- | M] (ALWIL Software) -
C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:05 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) -
C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:05 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) -
C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[7 C:\WINDOWS\System32\*.tmp files]
[06/09/2008 08:34 PM | ---D | M] - C:\WINDOWS\System32\Adobe
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) -
C:\WINDOWS\System32\javaws.exe
[07/06/2008 04:33 PM | ---D | M] - C:\WINDOWS\System32\LogFiles
[07/06/2008 08:18 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[07/06/2008 08:18 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[07/08/2008 11:07 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[07/19/2008 04:30 PM | 00,094,392 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 04:43 PM | 01,163,960 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/18/2008 07:15 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 05:06 PM | 00,003,121 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/27/2008 04:30 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/27/2008 09:59 PM | 00,004,212 | -H-- | M] () - C:\WINDOWS\System32\zllictbl.dat
[08/27/2008 10:02 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 10:38 PM | ---D | M] - C:\WINDOWS\System32\drivers
[2 C:\WINDOWS\*.tmp files]
[07/06/2008 04:34 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[07/06/2008 08:17 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/18/2008 11:22 PM | ---D | M] - C:\WINDOWS\ie7updates
[08/18/2008 11:24 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/18/2008 11:24 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/26/2008 05:56 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/26/2008 06:20 PM | ---D | M] - C:\WINDOWS\pss
[08/26/2008 08:44 PM | ---D | M] - C:\WINDOWS\Downloaded Program Files
[08/26/2008 08:50 PM | ---D | M] - C:\WINDOWS\BDOSCAN8
[08/27/2008 03:58 PM | ---D | M] - C:\WINDOWS\Help
[08/27/2008 04:28 PM | 00,000,507 | ---- | M] () - C:\WINDOWS\win.ini
[08/27/2008 09:56 PM | -H-D | M] - C:\WINDOWS\inf
[08/27/2008 10:37 PM | -HSD | M] - C:\WINDOWS\Installer
[08/27/2008 10:38 PM | 00,000,277 | ---- | M] () - C:\WINDOWS\system.ini
[08/27/2008 10:38 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 10:38 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/27/2008 10:38 PM | ---D | M] - C:\WINDOWS\Internet Logs
[08/27/2008 10:38 PM | ---D | M] - C:\WINDOWS\system32
[08/27/2008 10:40 PM | ---D | M] - C:\WINDOWS\Temp
[08/27/2008 11:57 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/27/2008 06:00 PM | 00,000,424 | ---- | M] () - C:\WINDOWS\tasks\Norton Security Scan.job
[08/27/2008 10:38 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[07/08/2008 06:39 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Zylom
[07/16/2008 08:14 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/26/2008 06:12 PM | ---D | M] - C:\Documents and Settings\All Users\Application
Data\Malwarebytes
[08/27/2008 09:57 PM | ---D | M] - C:\Documents and Settings\All Users\Application
Data\MailFrontier
[08/27/2008 11:46 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
Updater
[07/07/2008 11:27 PM | ---D | M] - C:\Documents and Settings\Julien\Application Data\uTorrent
[07/16/2008 08:15 PM | ---D | M] - C:\Documents and Settings\Julien\Application Data\AdobeUM
[08/25/2008 04:26 PM | ---D | M] - C:\Documents and Settings\Julien\Application Data\dvdcss
[08/26/2008 05:56 PM | ---D | M] - C:\Documents and Settings\Julien\Application Data\Mozilla
[08/26/2008 06:12 PM | ---D | M] - C:\Documents and Settings\Julien\Application Data\Malwarebytes
[08/27/2008 10:38 PM | ---D | M] - C:\Documents and Settings\Julien\Application
Data\OpenOffice.org2
[07/19/2008 09:27 PM | ---D | M] - C:\Documents and Settings\Julien\Local Settings\Application
Data\Adobe
[08/21/2008 05:03 PM | 00,097,280 | ---- | M] () - C:\Documents and Settings\Julien\Local
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/26/2008 05:18 PM | ---D | M] - C:\Documents and Settings\Julien\Local Settings\Application
Data\Microsoft
[08/26/2008 05:56 PM | ---D | M] - C:\Documents and Settings\Julien\Local Settings\Application
Data\Mozilla
[08/27/2008 10:37 PM | 04,848,332 | -H-- | M] () - C:\Documents and Settings\Julien\Local
Settings\Application Data\IconCache.db
[08/27/2008 10:38 PM | ---D | M] - C:\Documents and Settings\Julien\Local Settings\Application
Data\ApplicationHistory
[06/02/2008 10:00 PM | ---D | M] - C:\Documents and Settings\Julien\Mes documents\Mes fichiers
reçus
[06/21/2008 01:21 AM | 00,027,403 | ---- | M] () - C:\Documents and Settings\Julien\Mes
documents\bleu.odt
[06/24/2008 11:24 PM | R--D | M] - C:\Documents and Settings\Julien \Mes documents\Ma musique
[07/02/2008 09:17 PM | R--D | M] - C:\Documents and Settings\Julien\Mes documents\Mes vidéos
[07/06/2008 11:54 PM | ---D | M] - C:\Documents and Settings\Julien\Mes documents\Downloads
[08/21/2008 09:21 PM | R--D | M] - C:\Documents and Settings\Julien\Mes documents\Favoris
[08/23/2008 08:24 PM | R--D | M] - C:\Documents and Settings\Julien\Mes documents\Mes images
[08/27/2008 09:42 PM | 00,000,582 | ---- | M] () - C:\Documents and Settings\Julien\Mes
documents\Mes dossiers de partage.lnk
[07/16/2008 08:14 PM | 00,001,740 | ---- | M] () - C:\Documents and Settings\All Users\Bureau\Adobe
Reader 7.0.lnk
[08/26/2008 05:56 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All
Users\Bureau\Mozilla Firefox.lnk
[06/16/2008 09:47 PM | ---D | M] - C:\Documents and Settings\Julien\Bureau\Musique juillet
[07/06/2008 08:20 PM | 00,000,782 | ---- | M] () - C:\Documents and Settings\Julien\Bureau\Windows
Media Player.lnk
[08/26/2008 06:10 PM | 02,085,144 | ---- | M] (Malwarebytes Corporation
) - C:\Documents and Settings\Julien\Bureau\mbam-setup.exe
[08/26/2008 08:26 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and
Settings\Julien\Bureau\HJTInstall.exe
[08/26/2008 08:27 PM | 00,001,734 | ---- | M] () - C:\Documents and
Settings\Julien\Bureau\HijackThis.lnk
[08/27/2008 11:57 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and
Settings\Julien\Bureau\OTViewIt.exe
[07/16/2008 08:14 PM | 00,001,757 | ---- | M] () - C:\Documents and Settings\All Users\Menu
Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
[08/22/2008 06:00 PM | ---D | M] - C:\Program Files\Fichiers communs\Symantec Shared
< End of report >
et le second, Extras.txt
OTViewIt Extras logfile created on: 28/08/2008 00:00:18 - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Julien\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1013,98 Mb Total Physical Memory | 614,39 Mb Available Physical Memory | 60,59% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85,87 Gb Total Space | 3,97 Gb Free Space | 4,62% Space Free | Partition Type: NTFS
Drive D: | 6,27 Gb Total Space | 0,45 Gb Free Space | 7,16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
===== File Associations =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -
===== Uninstall List =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 B3
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{58C62A8E-E628-4822-A0F2-BBE10329D53F}" = HP User Guides 0009
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language
Pack
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A990EAA7-8941-4621-BC27-4F16261D3180}" = Sunbelt Kerio Personal Firewall
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1036-7B44-A70000000000}" = Adobe Reader 7.0 - Français
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B087B0C3-F595-485A-B86B-73326BA8693A}" = OpenOffice.org 2.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C1B16956-0D81-4DDA-9B29-BDDB683102F0}" = Microsoft LifeChat
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast!" = avast! Antivirus
"Bagpipe Player" = Bagpipe Player
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_qta30a0k" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"KB873333" = Correctif Windows XP - KB873333
"KB873339" = Correctif Windows XP - KB873339
"KB883667" = Correctif Windows XP - KB883667
"KB884575" = Correctif Windows XP - KB884575
"KB885250" = Correctif Windows XP - KB885250
"KB885464" = Correctif Windows XP - KB885464
"KB885835" = Correctif Windows XP - KB885835
"KB885836" = Correctif Windows XP - KB885836
"KB885855" = Correctif Windows XP - KB885855
"KB885884" = Correctif Windows XP - KB885884
"KB886185" = Correctif Windows XP - KB886185
"KB887472" = Correctif Windows XP - KB887472
"KB888113" = Correctif Windows XP - KB888113
"KB888239" = Correctif Windows XP - KB888239
"KB888302" = Correctif Windows XP - KB888302
"KB888402" = Correctif Windows XP - KB888402
"KB889673" = Correctif Windows XP - KB889673
"KB890046" = Mise à jour de sécurité pour Windows XP (KB890046)
"KB890859" = Correctif Windows XP - KB890859
"KB891781" = Correctif Windows XP - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB892559" = Correctif Windows XP - KB892559
"KB893066" = Mise à jour de sécurité pour Windows XP (KB893066)
"KB893756" = Mise à jour de sécurité pour Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Mise à jour pour Windows XP (KB894391)
"KB896256" = Correctif pour Windows XP (KB896256)
"KB896358" = Mise à jour de sécurité pour Windows XP (KB896358)
"KB896422" = Mise à jour de sécurité pour Windows XP (KB896422)
"KB896423" = Mise à jour de sécurité pour Windows XP (KB896423)
"KB896428" = Mise à jour de sécurité pour Windows XP (KB896428)
"KB896727" = Mise à jour pour Windows XP (KB896727)
"KB898461" = Mise à jour pour Windows XP (KB898461)
"KB899587" = Mise à jour de sécurité pour Windows XP (KB899587)
"KB899591" = Mise à jour de sécurité pour Windows XP (KB899591)
"KB900485" = Mise à jour pour Windows XP (KB900485)
"KB900725" = Mise à jour de sécurité pour Windows XP (KB900725)
"KB901017" = Mise à jour de sécurité pour Windows XP (KB901017)
"KB901214" = Mise à jour de sécurité pour Windows XP (KB901214)
"KB902400" = Mise à jour de sécurité pour Windows XP (KB902400)
"KB903235" = Mise à jour de sécurité pour Windows XP (KB903235)
"KB905414" = Mise à jour de sécurité pour Windows XP (KB905414)
"KB905749" = Mise à jour de sécurité pour Windows XP (KB905749)
"KB908519" = Mise à jour de sécurité pour Windows XP (KB908519)
"KB908531" = Mise à jour pour Windows XP (KB908531)
"KB910437" = Mise à jour pour Windows XP (KB910437)
"KB911280" = Mise à jour pour Windows XP (KB911280)
"KB911562" = Mise à jour de sécurité pour Windows XP (KB911562)
"KB911564" = Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
"KB911927" = Mise à jour de sécurité pour Windows XP (KB911927)
"KB913580" = Mise à jour de sécurité pour Windows XP (KB913580)
"KB914388" = Mise à jour de sécurité pour Windows XP (KB914388)
"KB914389" = Mise à jour de sécurité pour Windows XP (KB914389)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916595" = Mise à jour pour Windows XP (KB916595)
"KB918118" = Mise à jour de sécurité pour Windows XP (KB918118)
"KB918439" = Mise à jour de sécurité pour Windows XP (KB918439)
"KB919007" = Mise à jour de sécurité pour Windows XP (KB919007)
"KB920213" = Mise à jour de sécurité pour Windows XP (KB920213)
"KB920670" = Mise à jour de sécurité pour Windows XP (KB920670)
"KB920683" = Mise à jour de sécurité pour Windows XP (KB920683)
"KB920685" = Mise à jour de sécurité pour Windows XP (KB920685)
"KB920872" = Mise à jour pour Windows XP (KB920872)
"KB921503" = Mise à jour de sécurité pour Windows XP (KB921503)
"KB922582" = Mise à jour pour Windows XP (KB922582)
"KB922819" = Mise à jour de sécurité pour Windows XP (KB922819)
"KB923191" = Mise à jour de sécurité pour Windows XP (KB923191)
"KB923414" = Mise à jour de sécurité pour Windows XP (KB923414)
"KB923689" = Mise à jour de sécurité pour Windows XP (KB923689)
"KB923723" = Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
"KB923980" = Mise à jour de sécurité pour Windows XP (KB923980)
"KB924270" = Mise à jour de sécurité pour Windows XP (KB924270)
"KB924667" = Mise à jour de sécurité pour Windows XP (KB924667)
"KB925398_WMP64" = Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
"KB925902" = Mise à jour de sécurité pour Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Mise à jour de sécurité pour Windows XP (KB926255)
"KB926436" = Mise à jour de sécurité pour Windows XP (KB926436)
"KB927779" = Mise à jour de sécurité pour Windows XP (KB927779)
"KB927802" = Mise à jour de sécurité pour Windows XP (KB927802)
"KB927891" = Mise à jour pour Windows XP (KB927891)
"KB928255" = Mise à jour de sécurité pour Windows XP (KB928255)
"KB928843" = Mise à jour de sécurité pour Windows XP (KB928843)
"KB929123" = Mise à jour de sécurité pour Windows XP (KB929123)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB930178" = Mise à jour de sécurité pour Windows XP (KB930178)
"KB930916" = Mise à jour pour Windows XP (KB930916)
"KB931261" = Mise à jour de sécurité pour Windows XP (KB931261)
"KB931784" = Mise à jour de sécurité pour Windows XP (KB931784)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB932168" = Mise à jour de sécurité pour Windows XP (KB932168)
"KB932823-v3" = Mise à jour pour Windows XP (KB932823-v3)
"KB933729" = Mise à jour de sécurité pour Windows XP (KB933729)
"KB935839" = Mise à jour de sécurité pour Windows XP (KB935839)
"KB935840" = Mise à jour de sécurité pour Windows XP (KB935840)
"KB936021" = Mise à jour de sécurité pour Windows XP (KB936021)
"KB936357" = Mise à jour pour Windows XP (KB936357)
"KB936782_WMP10" = Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
"KB936782_WMP11" = Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
"KB938828" = Mise à jour pour Windows XP (KB938828)
"KB938829" = Mise à jour de sécurité pour Windows XP (KB938829)
"KB939683" = Correctif pour Lecteur Windows Media 11 (KB939683)
"KB941202" = Mise à jour de sécurité pour Windows XP (KB941202)
"KB941568" = Mise à jour de sécurité pour Windows XP (KB941568)
"KB941569" = Mise à jour de sécurité pour Windows XP (KB941569)
"KB941644" = Mise à jour de sécurité pour Windows XP (KB941644)
"KB941693" = Mise à jour de sécurité pour Windows XP (KB941693)
"KB942615-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
"KB942763" = Mise à jour pour Windows XP (KB942763)
"KB943055" = Mise à jour de sécurité pour Windows XP (KB943055)
"KB943460" = Mise à jour de sécurité pour Windows XP (KB943460)
"KB943485" = Mise à jour de sécurité pour Windows XP (KB943485)
"KB944533-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
"KB944653" = Mise à jour de sécurité pour Windows XP (KB944653)
"KB945553" = Mise à jour de sécurité pour Windows XP (KB945553)
"KB946026" = Mise à jour de sécurité pour Windows XP (KB946026)
"KB946648" = Mise à jour de sécurité pour Windows XP (KB946648)
"KB947864-IE7" = Correctif pour Windows Internet Explorer 7 (KB947864)
"KB948590" = Mise à jour de sécurité pour Windows XP (KB948590)
"KB948881" = Mise à jour de sécurité pour Windows XP (KB948881)
"KB950749" = Mise à jour de sécurité pour Windows XP (KB950749)
"KB950759-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
"KB950760" = Mise à jour de sécurité pour Windows XP (KB950760)
"KB950762" = Mise à jour de sécurité pour Windows XP (KB950762)
"KB950974" = Mise à jour de sécurité pour Windows XP (KB950974)
"KB951066" = Mise à jour de sécurité pour Windows XP (KB951066)
"KB951072-v2" = Mise à jour pour Windows XP (KB951072-v2)
"KB951376" = Mise à jour de sécurité pour Windows XP (KB951376)
"KB951376-v2" = Mise à jour de sécurité pour Windows XP (KB951376-v2)
"KB951698" = Mise à jour de sécurité pour Windows XP (KB951698)
"KB951748" = Mise à jour de sécurité pour Windows XP (KB951748)
"KB952287" = Correctif pour Windows XP (KB952287)
"KB952954" = Mise à jour de sécurité pour Windows XP (KB952954)
"KB953838-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
"KB953839" = Mise à jour de sécurité pour Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Video Edit Magic 4_is1" = Video Edit Magic 4.3
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
===== Uninstall List =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
===== Winsock2 Catalogs =====
===== Protocol Defaults =====
===== Protocol Defaults =====
===== Protocol Handlers =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]
===== Protocol Filters =====
< End of report >
J'espère que ça pourra quand même t'être utile...
Merci d'avance |
|
|
|
|
|
Messages: 6243
Tutoriaux : 0
|
| Posté le:
Jeu 28 Aoû 2008 11:32 Sujet : Question rapport HijackThis suite à infection par Antivirus 2009 |
|
hello,
en attendant le retour de @Synthexe
je ne vois pas le rapport de :
Virus Total ? 
Edit// j'ai compris pourquoi en relecture !
| Citation: | | Je l'ai donc effacé et naturellement j'ai vidé la corbeille.
|
\\fin d'Edit
tu as bien désinstallé 
C:\Program Files\Alwil Software\Avast4 ? et remplacé par
Antivir ?
Poste le rapport Antivir.
|
_________________
*** je n'ai pas la prétention de résoudre vos soucis, mais juste celle de vous aider à les résoudre
 |
|
|
|
Neurone isolé
Messages: 9
Tutoriaux : 0
|
| Posté le:
Ven 29 Aoû 2008 17:28 Sujet : Question rapport HijackThis suite à infection par Antivirus 2009 |
|
Hello Winx!
Voici les 2 rapports que tu m'as demandé. Le premier est celui d'antivir, le second celui de
Highjackthis, réalisé apres le scann d'antivir qui au passage a trouvé 3 virus et 2 suspicious pgms
(je les ai mis en quarantaine tous les 5)
Rapport
antivir:
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 16:49
Scanning for 1582544 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC179091529018
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 14:42:55
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 2008-08-24 14:43:16
ANTIVIR3.VDF : 7.0.6.91 191488 Bytes 2008-08-29 14:43:18
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 2008-08-29 14:43:38
AESCN.DLL : 8.1.0.23 119156 Bytes 2008-08-29 14:43:36
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-08-29 14:43:35
AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-08-29 14:43:34
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 2008-08-29 14:43:31
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 2008-08-29 14:43:30
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-08-29 14:43:24
AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-08-29 14:43:23
AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-08-29 14:43:21
AECORE.DLL : 8.1.1.8 172406 Bytes 2008-08-29 14:43:20
AEBB.DLL : 8.1.0.1 53617 Bytes 2008-08-29 14:43:19
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-29 14:43:18
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition
classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 16:49
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LifeChat.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'eabservr.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet
Files\Content.IE5\XQT7NNL4\aupload[1].htm
[DETECTION] Is the Trojan horse TR/Dldr.FraudLoa.NC
[NOTE] The file was moved to '492811c3.qua'!
C:\Program Files\PPStream\XP_SP2_tcpPatch.exe
[DETECTION] Is the Trojan horse TR/WinCrash.E
[NOTE] The file was moved to '491718a5.qua'!
C:\quarantaine\index[1].htm.Vir.0
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '491c1958.qua'!
C:\quarantaine\index[2].htm.Vir
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '491c195d.qua'!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP126\A0024322.exe
[DETECTION] Is the Trojan horse TR/WinCrash.E
[NOTE] The file was moved to '48e81c77.qua'!
Begin scan in 'D:\' <HP_RECOVER>
End of the scan: vendredi 29 août 2008 18:11
Used time: 1:21:41 min
The scan has been done completely.
10290 Scanning directories
664236 Files were scanned
3 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
664233 Files not concerned
10704 Archives were scanned
2 Warnings
5 Notes
Rapport
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:55, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\test\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\ | | |
