log hijackthis
Dernière réponse : dans Sécurité
bonsoir,
j'ai une page de pub qui s'ouvre toutes les 30minutes!!!
j'ai pasé anti virus et ewido mais tjrs le meme probleme.
voici le log hijackthis.
merci pour votre aide - Christelle
Logfile of HijackThis v1.99.1
Scan saved at 21:29:54, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WistitiSoft\Agent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\PSCS\data\sysmon32.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PSCS\data\symserv.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Christelle\Bureau\protection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\WistitiSoft\Agent.exe"
O4 - HKLM\..\Run: [regapp32] C:\WINDOWS\system32\regapp32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC01D91-3FD0-448E-BCEB-9038D8D21C9A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
j'ai une page de pub qui s'ouvre toutes les 30minutes!!!
j'ai pasé anti virus et ewido mais tjrs le meme probleme.
voici le log hijackthis.
merci pour votre aide - Christelle
Logfile of HijackThis v1.99.1
Scan saved at 21:29:54, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WistitiSoft\Agent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\PSCS\data\sysmon32.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PSCS\data\symserv.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Christelle\Bureau\protection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\WistitiSoft\Agent.exe"
O4 - HKLM\..\Run: [regapp32] C:\WINDOWS\system32\regapp32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC01D91-3FD0-448E-BCEB-9038D8D21C9A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Autres pages sur : log hijackthis
Lassé par la pub ? Créez un compte
Bonjour
Un fichier douteux dans ce rapport.
Va sur ce site
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur Parcourir et cherche ce fichier.
C:\WINDOWS\system32\regapp32.exe
Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.
Colle le rapport ici.
Poste aussi ce rapport.
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
Un fichier douteux dans ce rapport.
Va sur ce site
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur Parcourir et cherche ce fichier.
C:\WINDOWS\system32\regapp32.exe
Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.
Colle le rapport ici.
Poste aussi ce rapport.
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
merci pour ton aide
le rapport de f-secure :
09/15/06 22:05:08 [Info]: BlackLight Engine 1.0.46 initialized
09/15/06 22:05:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/15/06 22:05:08 [Note]: 7019 4
09/15/06 22:05:08 [Note]: 7005 0
09/15/06 22:05:11 [Note]: 7006 0
09/15/06 22:05:11 [Note]: 7011 2376
09/15/06 22:05:12 [Note]: 7026 0
09/15/06 22:05:12 [Note]: 7026 0
09/15/06 22:05:16 [Note]: FSRAW library version 1.7.1019
09/15/06 22:07:45 [Note]: 7007 0
le rapport de virus total :
ntiVir 7.2.0.16 09.15.2006 no virus found
Authentium 4.93.8 09.15.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.15.2006 no virus found
BitDefender 7.2 09.15.2006 no virus found
CAT-QuickHeal 8.00 09.15.2006 no virus found
ClamAV devel-20060426 09.15.2006 no virus found
DrWeb 4.33 09.15.2006 no virus found
eTrust-InoculateIT 23.72.126 09.15.2006 no virus found
eTrust-Vet 30.3.3078 09.15.2006 no virus found
Ewido 4.0 09.15.2006 no virus found
Fortinet 2.82.0.0 09.15.2006 no virus found
F-Prot 3.16f 09.15.2006 no virus found
F-Prot4 4.2.1.29 09.15.2006 no virus found
Ikarus 0.2.65.0 09.15.2006 no virus found
Kaspersky 4.0.2.24 09.15.2006 no virus found
McAfee 4853 09.15.2006 no virus found
Microsoft 1.1560 09.15.2006 no virus found
NOD32v2 1.1758 09.15.2006 no virus found
Norman 5.90.23 09.15.2006 no virus found
Panda 9.0.0.4 09.15.2006 no virus found
Sophos 4.09.0 09.15.2006 no virus found
Symantec 8.0 09.15.2006 no virus found
TheHacker 5.9.8.212 09.15.2006 no virus found
UNA 1.83 09.15.2006 no virus found
VBA32 3.11.1 09.14.2006 no virus found
VirusBuster 4.3.7:9 09.15.2006 no virus found
le rapport de f-secure :
09/15/06 22:05:08 [Info]: BlackLight Engine 1.0.46 initialized
09/15/06 22:05:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/15/06 22:05:08 [Note]: 7019 4
09/15/06 22:05:08 [Note]: 7005 0
09/15/06 22:05:11 [Note]: 7006 0
09/15/06 22:05:11 [Note]: 7011 2376
09/15/06 22:05:12 [Note]: 7026 0
09/15/06 22:05:12 [Note]: 7026 0
09/15/06 22:05:16 [Note]: FSRAW library version 1.7.1019
09/15/06 22:07:45 [Note]: 7007 0
le rapport de virus total :
ntiVir 7.2.0.16 09.15.2006 no virus found
Authentium 4.93.8 09.15.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.15.2006 no virus found
BitDefender 7.2 09.15.2006 no virus found
CAT-QuickHeal 8.00 09.15.2006 no virus found
ClamAV devel-20060426 09.15.2006 no virus found
DrWeb 4.33 09.15.2006 no virus found
eTrust-InoculateIT 23.72.126 09.15.2006 no virus found
eTrust-Vet 30.3.3078 09.15.2006 no virus found
Ewido 4.0 09.15.2006 no virus found
Fortinet 2.82.0.0 09.15.2006 no virus found
F-Prot 3.16f 09.15.2006 no virus found
F-Prot4 4.2.1.29 09.15.2006 no virus found
Ikarus 0.2.65.0 09.15.2006 no virus found
Kaspersky 4.0.2.24 09.15.2006 no virus found
McAfee 4853 09.15.2006 no virus found
Microsoft 1.1560 09.15.2006 no virus found
NOD32v2 1.1758 09.15.2006 no virus found
Norman 5.90.23 09.15.2006 no virus found
Panda 9.0.0.4 09.15.2006 no virus found
Sophos 4.09.0 09.15.2006 no virus found
Symantec 8.0 09.15.2006 no virus found
TheHacker 5.9.8.212 09.15.2006 no virus found
UNA 1.83 09.15.2006 no virus found
VBA32 3.11.1 09.14.2006 no virus found
VirusBuster 4.3.7:9 09.15.2006 no virus found
Re
Le fichier douteux est sain.
Blacklight ne trouve rien.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Le fichier douteux est sain.
Blacklight ne trouve rien.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Il se cache bien.
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
-- Redémarre en mode en mode sans échec.
-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
-Poste le rapport qui se trouve ici C:\rapport_clean.txt
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
-- Redémarre en mode en mode sans échec.
-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
-Poste le rapport qui se trouve ici C:\rapport_clean.txt
alors me revoila et voici le rapport :
Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des clefs du registre effectuee..
Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des clefs du registre effectuee..
Re
Rien.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Colle son rapport ici.
Rien.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Colle son rapport ici.
Bonjour
On ne trouve toujours rien, mais il y a ce fichier inconnu qui me gêne.
Va sur ce lien
http://secubox.gateweb.org/mad.php
Clique sur parcourir et cherche ce fichier
C:\WINDOWS\system32\regapp32.exe
Ensuite, dans la case message, tu mets ceci
Page de Pub.
HijackThis propre, sauf ce fichier inconnu.
Virustotal marque "no virus found"
Rien avec Vundofix et BlackLight.
http://www.infos-du-net.com/forum/261140-11-hijackthis
Ils vont analyser le fichier d'une façon plus pointue et cela permettra de voir s'il est infectieux.
Je vais surveiller la réponse sur leur site.
Ensuite, on avise![:gun:]( ":gun:")
On ne trouve toujours rien, mais il y a ce fichier inconnu qui me gêne.
Va sur ce lien
http://secubox.gateweb.org/mad.php
Clique sur parcourir et cherche ce fichier
C:\WINDOWS\system32\regapp32.exe
Ensuite, dans la case message, tu mets ceci
Citation :
BonjourPage de Pub.
HijackThis propre, sauf ce fichier inconnu.
Virustotal marque "no virus found"
Rien avec Vundofix et BlackLight.
http://www.infos-du-net.com/forum/261140-11-hijackthis
Ils vont analyser le fichier d'une façon plus pointue et cela permettra de voir s'il est infectieux.
Je vais surveiller la réponse sur leur site.
Ensuite, on avise
Bonjour
Le fichier va d'abord être analysé.
Mais en attendant, tu vas renommer le fichier
regapp32.exe
en fichier
regapp32.exe.old
Tu auras un message d'alerte, valide.
On le supprimera plus tard si besoin.
Fais aussi ce scan.
Télécharge WinPFind
http://www.bleepingcomputer.com/files/oldtimer/WinPFind...
dezippe le et lance winpfind.exe
clic sur Start Scan et soit patient ca peut durer une demi heure
Poste le rapport
Le fichier va d'abord être analysé.
Mais en attendant, tu vas renommer le fichier
regapp32.exe
en fichier
regapp32.exe.old
Tu auras un message d'alerte, valide.
On le supprimera plus tard si besoin.
Fais aussi ce scan.
Télécharge WinPFind
http://www.bleepingcomputer.com/files/oldtimer/WinPFind...
dezippe le et lance winpfind.exe
clic sur Start Scan et soit patient ca peut durer une demi heure
Poste le rapport
j'ai renomé le fichier et voici le nouveau scan :
(c'est vraiment très sympa de prendre tout ce temps pour m'aider, MERCI)
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 16/09/2006 20:27:16
WinPFind v1.5.0 Folder = C:\Documents and Settings\Christelle\Bureau\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
qoologic 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
SAHAgent 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
UPX! 02/06/2006 22:37:16 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
qoologic 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
SAHAgent 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
UPX! 02/06/2006 22:37:16 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 02/06/2006 22:37:16 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
Checking %System% folder...
UPX! 08/08/2006 18:53:28 635520 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 22/01/2006 17:09:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:00 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:02 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:04 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 18/02/2006 22:13:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 09/04/2006 13:31:22 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 24/08/2001 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 27/06/2006 05:40:02 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 11/09/2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11/09/2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 19/08/2004 17:10:00 1230848 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 19/08/2004 17:09:16 733184 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 19/08/2004 17:09:40 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 28/04/2006 17:38:28 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl ( )
aspack 28/04/2006 19:08:14 120832 C:\WINDOWS\SYSTEM32\TweakUI.exe (Microsoft Corporation)
winsync 24/08/2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
16/09/2006 09:33:04 S 2048 C:\WINDOWS\bootstat.dat ()
16/09/2006 14:49:52 HS 7168 C:\WINDOWS\Thumbs.db ()
09/09/2006 10:36:16 RHS 227 C:\WINDOWS\assembly\Desktop.ini ()
16/09/2006 14:53:04 HS 5120 C:\WINDOWS\ShellNew\Thumbs.db ()
16/09/2006 14:53:38 HS 9216 C:\WINDOWS\system32\Thumbs.db ()
28/07/2006 14:15:48 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
27/07/2006 16:00:50 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
21/07/2006 11:02:48 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
21/08/2006 14:59:30 S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
16/09/2006 09:34:16 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG ()
16/09/2006 20:04:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
16/09/2006 09:34:18 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
16/09/2006 20:28:16 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG ()
16/09/2006 17:29:56 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG ()
14/09/2006 23:12:26 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
23/08/2006 23:23:56 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
23/08/2006 23:23:56 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
23/08/2006 23:23:56 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
23/08/2006 23:23:56 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
23/08/2006 23:23:56 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
23/08/2006 23:23:56 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
21/08/2006 17:35:56 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b49fc6d0-a7a3-4e35-ac4a-19c7fad054ec ()
21/08/2006 17:35:56 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
16/09/2006 09:33:04 H 6 C:\WINDOWS\Tasks\SA.DAT ()
16/09/2006 14:53:06 HS 7168 C:\WINDOWS\Web\Thumbs.db ()
Checking for CPL files...
19/08/2004 17:10:06 71680 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
19/08/2004 17:10:06 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
25/05/2006 09:33:28 3072000 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL (Broadcom Corporation)
19/08/2004 17:10:06 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
19/08/2004 17:10:06 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
09/03/2006 10:24:50 80896 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
19/08/2004 17:10:06 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
19/08/2004 17:10:06 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
24/08/2001 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
19/08/2004 17:10:06 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
24/08/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
19/08/2004 17:10:06 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
24/08/2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
19/08/2004 17:10:06 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
19/08/2004 17:10:06 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
19/08/2004 17:10:06 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
24/08/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
19/08/2004 17:10:06 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
28/04/2006 17:38:28 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl ( )
07/12/2005 10:35:08 47104 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl (Hewlett-Packard Development Company, L.P.)
19/08/2004 17:10:06 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
11/11/2005 13:47:48 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 71680 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
19/08/2004 17:10:06 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
19/08/2004 17:10:06 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 134144 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 70144 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
24/08/2001 14:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
19/08/2004 17:10:06 626176 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
24/08/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
19/08/2004 17:10:06 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
24/08/2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
19/08/2004 17:10:06 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
19/08/2004 17:10:06 118272 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
19/08/2004 17:10:06 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
19/08/2004 17:10:06 305152 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
24/08/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
19/08/2004 17:10:06 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
19/08/2004 17:10:06 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
11/11/2005 13:47:48 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
23/05/2006 12:31:44 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
17/08/2006 16:46:24 1764 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
23/05/2006 14:20:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
Checking files in %USERPROFILE%\Startup folder...
23/05/2006 12:31:44 HS 84 C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
09/09/2006 16:52:28 HS 40 C:\Documents and Settings\Christelle\Application Data\.zreglib ()
23/05/2006 14:20:56 HS 62 C:\Documents and Settings\Christelle\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Bar - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
\\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.fr/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} - 8192 =
\\NEXTID - 8194
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = ()
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()
\\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()
\\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia)
\\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
hpWirelessAssistant - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
ANIWZCSService - C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)
TVPService - C:\Program Files\HP\TVPlay\TVPService.exe (CyberLink Corp.)
PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE (Nokia)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY.exe (Broadcom Corporation)
ExtraFilmHemmaAgent - C:\Program Files\WistitiSoft\Agent.exe ()
regapp32 - C:\WINDOWS\system32\regapp32.exe ()
TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (Yahoo! Inc.)
AnyDVD - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{6C0CE263-E021-43E6-B102-9844771BB21F} - ()
{7AC01D91-3FD0-448E-BCEB-9038D8D21C9A} - 192.168.1.1 (Broadcom 802.11b/g WLAN)
{8CCAE080-0888-469E-8386-2305AE231C64} - ()
{C558E409-9AD9-4C72-8883-4EAC1751DDB2} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)
{FDB6C420-FF67-47E0-A560-A6D794220CA6} - (Carte réseau 1394)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
\000000000005\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000032\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000033\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000034\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000035\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000036\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
(c'est vraiment très sympa de prendre tout ce temps pour m'aider, MERCI)
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 16/09/2006 20:27:16
WinPFind v1.5.0 Folder = C:\Documents and Settings\Christelle\Bureau\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
qoologic 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
SAHAgent 02/06/2006 22:37:16 17775121 C:\WINDOWS\LPT$VPN.475 ()
UPX! 02/06/2006 22:37:16 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
qoologic 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
SAHAgent 02/06/2006 22:37:16 17775121 C:\WINDOWS\VPTNFILE.475 ()
UPX! 02/06/2006 22:37:16 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 02/06/2006 22:37:16 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
Checking %System% folder...
UPX! 08/08/2006 18:53:28 635520 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 22/01/2006 17:09:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:00 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:02 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 22/01/2006 17:10:04 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 18/02/2006 22:13:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 09/04/2006 13:31:22 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 24/08/2001 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 27/06/2006 05:40:02 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 11/09/2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11/09/2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 19/08/2004 17:10:00 1230848 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 19/08/2004 17:09:16 733184 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 19/08/2004 17:09:40 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 28/04/2006 17:38:28 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl ( )
aspack 28/04/2006 19:08:14 120832 C:\WINDOWS\SYSTEM32\TweakUI.exe (Microsoft Corporation)
winsync 24/08/2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
16/09/2006 09:33:04 S 2048 C:\WINDOWS\bootstat.dat ()
16/09/2006 14:49:52 HS 7168 C:\WINDOWS\Thumbs.db ()
09/09/2006 10:36:16 RHS 227 C:\WINDOWS\assembly\Desktop.ini ()
16/09/2006 14:53:04 HS 5120 C:\WINDOWS\ShellNew\Thumbs.db ()
16/09/2006 14:53:38 HS 9216 C:\WINDOWS\system32\Thumbs.db ()
28/07/2006 14:15:48 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
27/07/2006 16:00:50 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
21/07/2006 11:02:48 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
21/08/2006 14:59:30 S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
16/09/2006 09:34:16 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG ()
16/09/2006 20:04:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
16/09/2006 09:34:18 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
16/09/2006 20:28:16 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG ()
16/09/2006 17:29:56 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG ()
14/09/2006 23:12:26 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
23/08/2006 23:23:56 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
23/08/2006 23:23:56 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
23/08/2006 23:23:56 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
23/08/2006 23:23:56 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
23/08/2006 23:23:56 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
23/08/2006 23:23:56 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
21/08/2006 17:35:56 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b49fc6d0-a7a3-4e35-ac4a-19c7fad054ec ()
21/08/2006 17:35:56 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
16/09/2006 09:33:04 H 6 C:\WINDOWS\Tasks\SA.DAT ()
16/09/2006 14:53:06 HS 7168 C:\WINDOWS\Web\Thumbs.db ()
Checking for CPL files...
19/08/2004 17:10:06 71680 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
19/08/2004 17:10:06 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
25/05/2006 09:33:28 3072000 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL (Broadcom Corporation)
19/08/2004 17:10:06 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
19/08/2004 17:10:06 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
09/03/2006 10:24:50 80896 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
19/08/2004 17:10:06 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
19/08/2004 17:10:06 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
24/08/2001 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
19/08/2004 17:10:06 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
24/08/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
19/08/2004 17:10:06 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
24/08/2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
19/08/2004 17:10:06 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
19/08/2004 17:10:06 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
19/08/2004 17:10:06 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
24/08/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
19/08/2004 17:10:06 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
28/04/2006 17:38:28 55296 C:\WINDOWS\SYSTEM32\TweakUI.cpl ( )
07/12/2005 10:35:08 47104 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl (Hewlett-Packard Development Company, L.P.)
19/08/2004 17:10:06 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
11/11/2005 13:47:48 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 71680 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
19/08/2004 17:10:06 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
19/08/2004 17:10:06 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
19/08/2004 17:10:06 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 134144 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
19/08/2004 17:10:06 70144 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
24/08/2001 14:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
19/08/2004 17:10:06 626176 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
24/08/2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
19/08/2004 17:10:06 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
19/08/2004 17:10:06 261120 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
24/08/2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
19/08/2004 17:10:06 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
19/08/2004 17:10:06 118272 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
19/08/2004 17:10:06 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
19/08/2004 17:10:06 305152 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
24/08/2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
19/08/2004 17:10:06 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
19/08/2004 17:10:06 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
11/11/2005 13:47:48 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
23/05/2006 12:31:44 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
17/08/2006 16:46:24 1764 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
23/05/2006 14:20:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
Checking files in %USERPROFILE%\Startup folder...
23/05/2006 12:31:44 HS 84 C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
09/09/2006 16:52:28 HS 40 C:\Documents and Settings\Christelle\Application Data\.zreglib ()
23/05/2006 14:20:56 HS 62 C:\Documents and Settings\Christelle\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Bar - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
\\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.fr/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} - 8192 =
\\NEXTID - 8194
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = ()
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()
\\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()
\\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia)
\\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
hpWirelessAssistant - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
ANIWZCSService - C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)
TVPService - C:\Program Files\HP\TVPlay\TVPService.exe (CyberLink Corp.)
PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE (Nokia)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY.exe (Broadcom Corporation)
ExtraFilmHemmaAgent - C:\Program Files\WistitiSoft\Agent.exe ()
regapp32 - C:\WINDOWS\system32\regapp32.exe ()
TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (Yahoo! Inc.)
AnyDVD - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{6C0CE263-E021-43E6-B102-9844771BB21F} - ()
{7AC01D91-3FD0-448E-BCEB-9038D8D21C9A} - 192.168.1.1 (Broadcom 802.11b/g WLAN)
{8CCAE080-0888-469E-8386-2305AE231C64} - ()
{C558E409-9AD9-4C72-8883-4EAC1751DDB2} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)
{FDB6C420-FF67-47E0-A560-A6D794220CA6} - (Carte réseau 1394)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
\000000000005\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000032\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000033\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000034\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000035\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000036\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus,trojan log hijackthis
- ForumFichier himem voici le log hijackthis
- ForumOrdi qui ram log hijackthis merci
- ForumAide pour fichier log hijackthis
- ForumProbleme trojan log hijackthis
- ForumSuis je infecte - log hijackthis
- ForumQuoi supprimer sur un log hijackthis
- ForumPc infecte, log hijackthis
- ForumInterpretation d'un log hijackthis
- ForumVirus verification de log hijackthis
- Voir plus
