Sujet Précédent Sujet Suivant

Rapport HijackThis - PC infecté?

Résolu
Simon65 Messages postés 123 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Voilà, un rapport HijackThis. Je voudrais savoir si mon PC est infecté ou si il y a d'autres "problèmes", Merci d'avance...

-----------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:35:30, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\j5231530.exe
C:\WINDOWS\system32\iowdmbit.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Documents and Settings\Simon2\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSCFG16.EXE
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\jpfizdxuk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Nexon\NexonPlug\NexonPlug.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Nexon\NexonPlug\NMService.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0233D1D6-E00D-4C45-BF14-485759765168} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49A52FB3-C18A-42C2-ABA2-C2C530DFC186} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\bpbjkbjr.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqnkh.dll
O2 - BHO: (no name) - {72FBFEF0-22B5-4543-B2A7-070D59F5AF33} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8720D7EB-9B71-44C9-81E3-E70BCDBF11BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\dxprnccm.dll
O2 - BHO: (no name) - {CFDD1DC3-57B7-437F-A19E-3D41EAAA81DC} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FEE8C7F8-8AA4-479F-8316-D745B8996ACf} - C:\WINDOWS\system32\feugifom.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [aaobmqkwy] c:\windows\system32\aaobmqkwy.exe aaobmqkwy
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Pro Evolution Soccer 6
O4 - HKLM\..\Run: [Windows Services] "C:\Program Files\svchosts.exe"
O4 - HKLM\..\Run: [ahmtfblmsj] c:\windows\system32\ahmtfblmsj.exe ahmtfblmsj
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\lbrhqmxg.dll",realset
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pense-Bête] C:\Program Files\Pense-bete\pb79e.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Yodm3D] C:\DOCUME~1\Simon2\LOCALS~1\Temp\Rar$EX00.765\Yodm3D.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [NexonPlug] C:\Nexon\NexonPlug\NexonPlug.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User '?')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [nwexaids] c:\windows\system32\nwexaids.exe nwexaids (User '?')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [adukjryept] c:\windows\system32\adukjryept.exe adukjryept (User '?')
O4 - HKUS\S-1-5-21-2967341047-2792766042-927986627-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - S-1-5-21-2967341047-2792766042-927986627-1010 Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe (User '?')
O4 - S-1-5-21-2967341047-2792766042-927986627-1010 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: awtqnkh - C:\WINDOWS\SYSTEM32\awtqnkh.dll
O20 - Winlogon Notify: iifdddb - C:\WINDOWS\
O20 - Winlogon Notify: jkhhi - C:\WINDOWS\system32\jkhhi.dll
O20 - Winlogon Notify: vtstt - C:\WINDOWS\
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j5231530.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\iowdmbit.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

86 réponses

Précédent
Réponse 41 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

il y en avait dans tous les coins !

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\ehbtbx.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

fais la même chose avec :

C:\WINDOWS\system32\irdzyp.exe
C:\WINDOWS\system32\fsuekpphd.exe
C:\WINDOWS\system32\waekvln.exe
C:\WINDOWS\system32\qbqamgu.exe
C:\WINDOWS\system32\rfelfu.exe
C:\WINDOWS\system32\ulnyohh.exe
C:\WINDOWS\system32\ozvmkaj.exe

Refais tourner navilog option 1

Remets un log Hijackthis.
@+
0
Réponse 42 / 86
Simon65 Messages postés 123 Statut Membre 1
 
C:\WINDOWS\system32\ehbtbx.exe :

AhnLab-V3 2007.7.21.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.4
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.22 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 (Suspicious) - DNAScan
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found

F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5079 2007.07.20 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.22 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.4
Additional information
File size: 254976 bytes
MD5: 33f1c7900c06831d047f9009458cdc95
SHA1: 9b0fa5c23c5c05a159170f4e74ce014107da1440

Voila je sais pas trop ce qu'il faut mettre alors j'ai tout mis.

---------------------------------------------------------------------------------------------

C:\WINDOWS\system32\irdzyp.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.21.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.4
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 (Suspicious) - DNAScan
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5079 2007.07.20 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.4
Additional information
File size: 284160 bytes
MD5: 71cfdc0ba415beafb4170609ef2bd020
SHA1: 898cde1a6b94db548dfe221d21db91781a43df4a

----------------------------------------------------------------------------------

C:\WINDOWS\system32\fsuekpphd.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.4
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 (Suspicious) - DNAScan
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5079 2007.07.20 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.4
Additional information
File size: 280064 bytes
MD5: ea7c960ea045b8d5ff3961128e79aa37
SHA1: cafd1f8138412b55fd75633685d5baf2e40b362a

----------------------------------------------------------------------------------------------

C:\WINDOWS\system32\waekvln.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.4
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 (Suspicious) - DNAScan
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.4
Additional information
File size: 281088 bytes
MD5: 4a8ad4122c90501252e0c607ee404a3c
SHA1: 2058beca035a7061f54b80121b076543fc2985a8

---------------------------------------------------------------------------------

C:\WINDOWS\system32\qbqamgu.exe

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.4
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 (Suspicious) - DNAScan
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.4
Additional information
File size: 272896 bytes
MD5: 164ecb7a4069080c923625db9c1cab4a
SHA1: d113dcc590481215c3d9d109e10e22e6beff13f1

---------------------------------------------------------------------------------------

C:\WINDOWS\system32\rfelfu.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.1
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 no virus found
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 Adware/NaviPromo
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.1
Additional information
File size: 451072 bytes
MD5: 30782d5dad2d05287616cffed537fe5c
SHA1: f4620b53be78d91dff7679d27a6aba1c0b1e2349

------------------------------------------------------------------------------

C:\WINDOWS\system32\ulnyohh.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.1
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 no virus found
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 Suspicious file
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.1
Additional information
File size: 408064 bytes
MD5: a7ad2acfa108fe43171907128736468b
SHA1: ac3fca86c0b21f25002d94beef67a98f6c0a8d42

----------------------------------------------------------------------------------------

C:\WINDOWS\system32\ozvmkaj.exe :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.24.0 2007.07.23 no virus found
AntiVir 7.4.0.44 2007.07.23 ADSPY/Navipromo.LH.1
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.23 no virus found
AVG 7.5.0.476 2007.07.22 no virus found
BitDefender 7.2 2007.07.23 no virus found
CAT-QuickHeal 9.00 2007.07.23 no virus found
ClamAV devel-20070416 2007.07.23 no virus found
DrWeb 4.33 2007.07.23 no virus found
eSafe 7.0.15.0 2007.07.22 no virus found
eTrust-Vet 31.1.5002 2007.07.23 no virus found
Ewido 4.0 2007.07.23 no virus found
FileAdvisor 1 2007.07.23 no virus found
Fortinet 2.91.0.0 2007.07.23 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.23 no virus found
Ikarus T3.1.1.8 2007.07.23 no virus found
Kaspersky 4.0.2.24 2007.07.23 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.23 no virus found
NOD32v2 2414 2007.07.23 no virus found
Norman 5.80.02 2007.07.23 no virus found
Panda 9.0.0.4 2007.07.23 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.23 Trojan.Skintrim
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.23 no virus found
Webwasher-Gateway 6.0.1 2007.07.23 Ad-Spyware.Navipromo.LH.1
Additional information
File size: 404992 bytes
MD5: a9a92ac2a659871990d5b12e1310574d
SHA1: 1055f357f320476dabcd8ceec61000f79e27a121

-------------------------------------------------------------------------Rapport Navilog :

Search Navipromo version 2.0.5 commencé le 23/07/2007 à 20:11:18,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Simon2\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/23/07 at 20:11:28.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..........................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/23/07 at 20:17:03 (return code = 0).

*** Recherche fichiers ***

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :
*
**
C:\WINDOWS\system32\ehbtbx.dat trouvé !
C:\WINDOWS\system32\ozvmkaj.dat trouvé !
***
****
*****
******
*******
********

3)Recherche Certificats :

*** Analyse Terminé le 23/07/2007 à 20:18:26,78 ***

--------------------------------------------------------------------------Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:20:07, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Documents and Settings\Simon2\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 43 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 3 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en italique ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\irdzyp.exe
C:\WINDOWS\system32\fsuekpphd.exe
C:\WINDOWS\system32\waekvln.exe
C:\WINDOWS\system32\qbqamgu.exe
C:\WINDOWS\system32\rfelfu.exe
C:\WINDOWS\system32\ulnyohh.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

@+
0
Réponse 44 / 86
Simon65 Messages postés 123 Statut Membre 1
 
-------------------------------------------------------------Rapport OtMoveIt :

C:\WINDOWS\system32\irdzyp.exe moved successfully.
C:\WINDOWS\system32\fsuekpphd.exe moved successfully.
C:\WINDOWS\system32\waekvln.exe moved successfully.
C:\WINDOWS\system32\qbqamgu.exe moved successfully.
C:\WINDOWS\system32\rfelfu.exe moved successfully.
C:\WINDOWS\system32\ulnyohh.exe moved successfully.

Created on 07/24/2007 09:16:07

-------------------------------------------------------------Rapport Navilog :

Clean Navipromo version 2.0.5 commencé le 24/07/2007 à 9:05:38,82

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique
sans prise en charge résultats Blacklight

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\Simon2\Application Data ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Simon2\Local Settings\Temp effectué !

*** Sauvegarde du registre vers dossier Backupnavi***

sauvegarde du registre réalise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche et Suppression Heuristique :

*
**
C:\WINDOWS\System32\ehbtbx.dat trouvé !
Copie C:\WINDOWS\system32\ehbtbx.dat réalise avec succes !
C:\WINDOWS\system32\ehbtbx.dat supprimé !

C:\WINDOWS\System32\ozvmkaj.dat trouvé !
Copie C:\WINDOWS\system32\ozvmkaj.dat réalise avec succes !
C:\WINDOWS\system32\ozvmkaj.dat supprimé !

***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :

*** Nettoyage termine le 24/07/2007 à 9:08:20,73 ***

Tu m'as pas demandé de le poster le rapport Navilog mais je le poste au cas ou...

Merci...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu as bien fait pour le rapport.

Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit. Si tu dois faire ça, tu le fais le moins longtemsp possible, déconnecté du Net sauf la durée du téléchargement)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 30 days
- Autoplay settings
- Suspicious files

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
@+
0
Réponse 46 / 86
Simon65 Messages postés 123 Statut Membre 1
 
Re,

-------------------------------------------------------Rapport SuspectFile :

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 24/07/2007
Time: 10:10:43

Output limited to:
-Recent files
-Autoplay settings (autorun.inf)
-Suspicious Files

===================== Recent files (60 days old)=====================

----- recent files in C:\
27/05/2007 13:26:39 268 byte 58 days old -- sqmdata06.sqm
28/05/2007 16:56:48 4158 byte 57 days old -- nsf452.tmp
03/06/2007 18:24:53 244 byte 51 days old -- sqmnoopt04.sqm
03/06/2007 18:31:13 244 byte 51 days old -- sqmnoopt05.sqm
09/06/2007 20:12:42 244 byte 45 days old -- sqmnoopt06.sqm
09/06/2007 20:12:42 268 byte 45 days old -- sqmdata07.sqm
10/06/2007 08:13:22 244 byte 44 days old -- sqmnoopt07.sqm
12/06/2007 19:40:55 244 byte 42 days old -- sqmnoopt08.sqm
12/06/2007 19:58:46 244 byte 42 days old -- sqmnoopt09.sqm
13/06/2007 14:15:48 136 byte 41 days old -- sqmnoopt10.sqm
13/06/2007 20:21:18 268 byte 41 days old -- sqmdata08.sqm
13/06/2007 20:21:18 244 byte 41 days old -- sqmnoopt11.sqm
15/06/2007 16:23:03 268 byte 39 days old -- sqmdata09.sqm
15/06/2007 16:23:03 244 byte 39 days old -- sqmnoopt12.sqm
16/06/2007 14:58:48 244 byte 38 days old -- sqmnoopt13.sqm
16/06/2007 20:23:20 268 byte 38 days old -- sqmdata10.sqm
16/06/2007 20:23:20 244 byte 38 days old -- sqmnoopt14.sqm
17/06/2007 20:43:55 244 byte 37 days old -- sqmnoopt15.sqm
17/06/2007 20:43:55 268 byte 37 days old -- sqmdata11.sqm
21/06/2007 19:48:06 244 byte 33 days old -- sqmnoopt16.sqm
26/06/2007 17:24:17 244 byte 28 days old -- sqmnoopt17.sqm
28/06/2007 07:53:37 244 byte 26 days old -- sqmnoopt18.sqm
29/06/2007 14:58:30 244 byte 25 days old -- sqmnoopt19.sqm
29/06/2007 14:58:35 244 byte 25 days old -- sqmnoopt00.sqm
29/06/2007 14:58:39 244 byte 25 days old -- sqmnoopt01.sqm
01/07/2007 16:37:08 268 byte 23 days old -- sqmdata12.sqm
01/07/2007 16:37:08 244 byte 23 days old -- sqmnoopt02.sqm
01/07/2007 22:07:09 268 byte 23 days old -- sqmdata13.sqm
01/07/2007 22:07:09 244 byte 23 days old -- sqmnoopt03.sqm
09/07/2007 19:25:30 (DIR) 0 byte 15 days old -- Nexon
19/07/2007 15:47:59 (DIR) 0 byte 5 days old -- Downloads
20/07/2007 15:32:28 (DIR) 0 byte 4 days old -- temp
20/07/2007 15:40:45 (DIR) 0 byte 4 days old -- Python22
20/07/2007 19:43:11 (DIR) 0 byte 4 days old -- Config.Msi
23/07/2007 11:38:06 774 byte 1 days old -- rapport_clean.txt
23/07/2007 11:53:45 (DIR) 0 byte 1 days old -- QooBox
23/07/2007 12:10:43 2000 byte 1 days old -- ComboFix-quarantined-files.txt
23/07/2007 12:11:08 12847 byte 1 days old -- ComboFix.txt
23/07/2007 12:11:21 (DIR) 0 byte 1 days old -- ComboFix
23/07/2007 16:58:03 1397 byte 1 days old -- rapport.txt
23/07/2007 17:06:01 296 byte 1 days old -- boot.ini
23/07/2007 17:07:23 (DIR) 0 byte 1 days old -- System Volume Information
23/07/2007 20:19:56 (DIR) 0 byte 1 days old -- Program Files
24/07/2007 09:03:05 (DIR) 0 byte 0 days old -- WINDOWS
24/07/2007 09:06:48 1509949440 byte 0 days old -- pagefile.sys
24/07/2007 09:06:50 (DIR)1005113344 byte 0 days old -- hiberfil.sys
24/07/2007 09:08:20 1612 byte 0 days old -- cleannavi.txt
24/07/2007 09:16:07 (DIR) 0 byte 0 days old -- _OTMoveIt
24/07/2007 10:10:42 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
13/06/2007 12:30:36 (DIR) 0 byte 41 days old -- $hf_mig$
13/06/2007 20:17:52 (DIR) 0 byte 41 days old -- ie7updates
17/06/2007 00:11:58 51200 byte 37 days old -- nircmd.exe
18/06/2007 19:22:53 (DIR) 0 byte 36 days old -- Help
18/06/2007 19:22:54 (DIR) 0 byte 36 days old -- SoftwareDistribution
22/06/2007 20:26:55 (DIR) 0 byte 32 days old -- PrefsLM01
22/06/2007 20:26:55 (DIR) 0 byte 32 days old -- prefTransLM20
23/06/2007 18:16:09 (DIR) 0 byte 31 days old -- BricoPacks
23/06/2007 18:26:28 3888054 byte 31 days old -- BricoPack Wallpaper.bmp
23/06/2007 18:26:47 90382 byte 31 days old -- BricoPackUninst.cmd
23/06/2007 18:26:47 90382 byte 31 days old -- BricoPackUninst.txt
23/06/2007 18:26:49 3479 byte 31 days old -- BricoPackFoldersDelete.cmd
23/06/2007 18:53:22 (DIR) 0 byte 31 days old -- Media
23/06/2007 18:53:23 (DIR) 0 byte 31 days old -- Cursors
03/07/2007 20:22:32 1900 byte 21 days old -- WININIT.INI
09/07/2007 11:10:22 (DIR) 0 byte 15 days old -- Fonts
09/07/2007 13:13:17 246512 byte 15 days old -- nmconew.dll
19/07/2007 17:46:00 (DIR) 0 byte 5 days old -- WinSxS
19/07/2007 18:16:27 (DIR) 0 byte 5 days old -- Microsoft.NET
20/07/2007 00:47:22 109056 byte 4 days old -- catchme.exe
20/07/2007 14:53:19 (DIR) 0 byte 4 days old -- pss
20/07/2007 16:04:06 (DIR) 0 byte 4 days old -- assembly
20/07/2007 18:26:24 (DIR) 0 byte 4 days old -- Debug
20/07/2007 18:43:01 (DIR) 0 byte 4 days old -- Installer
23/07/2007 10:10:04 0 byte 1 days old -- Sti_Trace.log
23/07/2007 11:35:04 (DIR) 0 byte 1 days old -- Downloaded Program Files
23/07/2007 11:35:07 0 byte 1 days old -- setuperr.log
23/07/2007 11:55:41 (DIR) 0 byte 1 days old -- erdnt
23/07/2007 16:54:56 (DIR) 0 byte 1 days old -- Tasks
23/07/2007 16:58:11 240 byte 1 days old -- setupact.log
23/07/2007 17:06:01 707 byte 1 days old -- win.ini
23/07/2007 17:06:01 227 byte 1 days old -- system.ini
23/07/2007 19:27:09 13679 byte 1 days old -- setupapi.log
23/07/2007 19:27:09 (DIR) 0 byte 1 days old -- inf
24/07/2007 09:06:03 2580 byte 0 days old -- SchedLgU.Txt
24/07/2007 09:06:54 2048 byte 0 days old -- bootstat.dat
24/07/2007 09:07:15 50 byte 0 days old -- wiaservc.log
24/07/2007 09:07:17 40854 byte 0 days old -- WindowsUpdate.log
24/07/2007 09:07:21 159 byte 0 days old -- wiadebug.log
24/07/2007 09:07:23 0 byte 0 days old -- 0.log
24/07/2007 09:08:28 (DIR) 0 byte 0 days old -- Temp
24/07/2007 09:16:07 (DIR) 0 byte 0 days old -- system32
24/07/2007 10:10:12 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
12/07/2007 04:22:00 1055 byte 12 days old -- jinstall-6u2.inf

----- recent files in C:\WINDOWS\system\
20/07/2007 19:42:07 185 byte 4 days old -- hpsysdrv.DAT

----- recent files in C:\WINDOWS\system32\
01/06/2007 08:20:30 51568 byte 53 days old -- sirenacm.dll
01/06/2007 19:15:57 1101139 byte 53 days old -- brduoqpl.ini
02/06/2007 18:17:35 715105 byte 52 days old -- ttstv.tmp
09/06/2007 07:47:08 971092 byte 45 days old -- ajxbufdb.ini
09/06/2007 14:51:45 453 byte 45 days old -- uvvwa.ini
09/06/2007 20:12:49 931783 byte 45 days old -- qrqss.ini
10/06/2007 18:47:27 4136 byte 44 days old -- jupdate-1.6.0_01-b06.log
12/06/2007 08:35:06 943808 byte 42 days old -- gitworcu.ini
12/06/2007 08:36:01 943746 byte 42 days old -- ywlkevgi.ini
12/06/2007 18:26:58 943808 byte 42 days old -- ydglibsi.ini
13/06/2007 15:24:10 (DIR) 0 byte 41 days old -- DirectX
13/06/2007 17:35:16 404992 byte 41 days old -- ozvmkaj.exe
13/06/2007 20:21:25 923616 byte 41 days old -- fhkmp.ini
16/06/2007 11:17:11 921830 byte 38 days old -- iqdqfeua.ini
16/06/2007 20:23:21 926116 byte 38 days old -- efhkj.ini
17/06/2007 07:21:50 921950 byte 37 days old -- ikxustjl.ini
17/06/2007 20:44:02 935450 byte 37 days old -- hhhkj.ini
18/06/2007 19:21:25 898823 byte 36 days old -- apmmfgxu.ini
19/06/2007 13:12:15 405 byte 35 days old -- oslbognt.ini
19/06/2007 19:22:33 525 byte 35 days old -- xdbtpcvb.ini
20/06/2007 16:28:40 645 byte 34 days old -- yhliktyg.ini
21/06/2007 19:26:07 909322 byte 33 days old -- ncbefmuh.ini
22/06/2007 12:25:47 908512 byte 32 days old -- wdvnuoxm.ini
22/06/2007 13:13:29 908574 byte 32 days old -- nukestlt.ini
22/06/2007 14:27:58 908695 byte 32 days old -- yswjwbur.ini
22/06/2007 18:26:35 914525 byte 32 days old -- juxrrnnk.ini
23/06/2007 12:01:02 914587 byte 31 days old -- xihqamgl.ini
23/06/2007 18:53:20 (DIR) 0 byte 31 days old -- usmt
23/06/2007 18:53:24 (DIR) 0 byte 31 days old -- dllcache
23/06/2007 18:54:10 914587 byte 31 days old -- onffqirk.ini
25/06/2007 16:18:05 914587 byte 29 days old -- abnylddo.ini
26/06/2007 17:24:59 923710 byte 28 days old -- nvesxecn.ini
27/06/2007 08:59:16 917819 byte 27 days old -- tjeohaoh.ini
27/06/2007 11:17:41 917956 byte 27 days old -- nmshhqbu.ini
28/06/2007 09:57:27 16256984 byte 26 days old -- MRT.exe
29/06/2007 13:44:33 959937 byte 25 days old -- cmdnmvay.ini
30/06/2007 19:05:51 999627 byte 24 days old -- xoefnhfv.ini
01/07/2007 10:25:47 999747 byte 23 days old -- bqmodces.ini
01/07/2007 16:53:52 254976 byte 23 days old -- ehbtbx.exe
01/07/2007 17:04:17 999867 byte 23 days old -- qoaybjam.ini
02/07/2007 09:16:44 959936 byte 22 days old -- dmyyeoco.ini
02/07/2007 16:54:48 999565 byte 22 days old -- ioeljlbu.ini
02/07/2007 17:00:20 999566 byte 22 days old -- niarkgbr.ini
04/07/2007 17:53:04 (DIR) 0 byte 20 days old -- CatRoot
04/07/2007 17:54:28 (DIR) 0 byte 20 days old -- DRVSTORE
05/07/2007 08:43:19 1051662 byte 19 days old -- mxhhwwxn.ini
06/07/2007 08:03:42 1051901 byte 18 days old -- fvdoifch.ini
06/07/2007 17:02:44 1052021 byte 18 days old -- ammkcaws.ini
06/07/2007 17:03:41 1053727 byte 18 days old -- uwihghls.ini
07/07/2007 08:11:04 2102237 byte 17 days old -- vwabkxtr.ini
07/07/2007 08:12:17 2097365 byte 17 days old -- ivpwdgiu.ini
07/07/2007 15:31:53 1054387 byte 17 days old -- haddgxnb.ini
08/07/2007 09:08:02 1167648 byte 16 days old -- ssjfxppp.ini
08/07/2007 09:08:22 1178444 byte 16 days old -- rffbmpnq.ini
09/07/2007 07:56:04 1177093 byte 15 days old -- hpggpmae.ini
09/07/2007 07:57:22 1184703 byte 15 days old -- ronqtxxj.ini
09/07/2007 23:15:26 552 byte 15 days old -- d3d8caps.dat
10/07/2007 08:31:21 419976 byte 14 days old -- FNTCACHE.DAT
12/07/2007 01:22:00 135168 byte 12 days old -- java.exe
12/07/2007 01:22:04 135168 byte 12 days old -- javaw.exe
12/07/2007 02:22:36 69632 byte 12 days old -- javacpl.cpl
12/07/2007 02:22:38 139264 byte 12 days old -- javaws.exe
12/07/2007 13:17:56 664 byte 12 days old -- d3d9caps.dat
19/07/2007 17:47:02 487870 byte 5 days old -- perfh00C.dat
19/07/2007 17:47:02 84060 byte 5 days old -- perfc00C.dat
19/07/2007 17:47:02 70836 byte 5 days old -- perfc009.dat
19/07/2007 17:47:02 420372 byte 5 days old -- perfh009.dat
19/07/2007 17:47:02 1038358 byte 5 days old -- PerfStringBackup.INI
19/07/2007 17:59:18 3121 byte 5 days old -- CONFIG.NT
20/07/2007 18:26:24 (DIR) 0 byte 4 days old -- LogFiles
20/07/2007 18:42:55 5071 byte 4 days old -- jupdate-1.6.0_02-b06.log
22/07/2007 10:54:52 (DIR) 0 byte 2 days old -- FxsTmp
22/07/2007 18:39:27 279552 byte 2 days old -- swreg.exe
23/07/2007 11:57:49 (DIR) 0 byte 1 days old -- config
23/07/2007 12:07:09 (DIR) 0 byte 1 days old -- drivers
23/07/2007 16:54:57 1438 byte 1 days old -- tmp.reg
23/07/2007 16:54:57 0 byte 1 days old -- tmp.txt
23/07/2007 17:07:23 (DIR) 0 byte 1 days old -- Restore
23/07/2007 19:27:07 (DIR) 0 byte 1 days old -- CatRoot2
24/07/2007 09:07:40 1158 byte 0 days old -- wpa.dbl

----- recent files in C:\WINDOWS\system32\drivers\
30/05/2007 14:10:42 10872 byte 55 days old -- AvgAsCln.sys
13/06/2007 15:24:55 163644 byte 41 days old -- secdrv.sys
23/07/2007 11:59:56 (DIR) 0 byte 1 days old -- etc

----- recent files in C:\WINDOWS\temp\
24/07/2007 09:07:02 16384 byte 0 days old -- Perflib_Perfdata_614.dat
24/07/2007 09:07:13 16384 byte 0 days old -- Perflib_Perfdata_474.dat
24/07/2007 09:07:51 409 byte 0 days old -- WGANotify.settings
24/07/2007 10:09:47 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
09/06/2007 15:38:36 (DIR) 0 byte 45 days old -- uTorrent
13/06/2007 15:16:09 (DIR) 0 byte 41 days old -- Sega
13/06/2007 15:32:01 (DIR) 0 byte 41 days old -- KONAMI
14/06/2007 17:21:30 (DIR) 0 byte 40 days old -- Internet Explorer
19/06/2007 13:11:15 (DIR) 0 byte 35 days old -- Windows Media Player
22/06/2007 20:26:27 (DIR) 0 byte 32 days old -- LM Version-2.0R03-PC-F
23/06/2007 18:13:20 (DIR) 0 byte 31 days old -- Movie Maker
23/06/2007 18:53:22 (DIR) 0 byte 31 days old -- Outlook Express
24/06/2007 16:16:38 (DIR) 0 byte 30 days old -- UberIcon
29/06/2007 15:29:55 (DIR) 0 byte 25 days old -- Spybot - Search & Destroy
04/07/2007 17:53:03 (DIR) 0 byte 20 days old -- Windows Live
04/07/2007 17:54:27 (DIR) 0 byte 20 days old -- MSN Messenger
05/07/2007 09:24:42 (DIR) 0 byte 19 days old -- Microsoft CAPICOM 2.1.0.2
06/07/2007 13:20:45 (DIR) 0 byte 18 days old -- WarRock
08/07/2007 15:21:21 (DIR) 0 byte 16 days old -- CamStudio
09/07/2007 12:10:49 (DIR) 0 byte 15 days old -- Nexon
19/07/2007 14:24:27 1308216 byte 5 days old -- Scanner.exe
19/07/2007 14:59:55 (DIR) 0 byte 5 days old -- Xfire
19/07/2007 15:55:32 (DIR) 0 byte 5 days old -- DAEMON Tools
20/07/2007 15:32:04 (DIR) 0 byte 4 days old -- Winamp
20/07/2007 15:38:50 (DIR) 0 byte 4 days old -- PPMate
20/07/2007 15:40:10 (DIR) 0 byte 4 days old -- InstallShield Installation Information
20/07/2007 16:04:04 (DIR) 0 byte 4 days old -- OpenOffice.org 2.0
20/07/2007 16:09:10 (DIR) 0 byte 4 days old -- Google
20/07/2007 16:48:42 (DIR) 0 byte 4 days old -- Yahoo!
20/07/2007 16:48:53 (DIR) 0 byte 4 days old -- CCleaner
20/07/2007 17:03:55 (DIR) 0 byte 4 days old -- Sunbelt Software
20/07/2007 17:38:11 (DIR) 0 byte 4 days old -- backups
20/07/2007 18:42:08 (DIR) 0 byte 4 days old -- Fichiers communs
20/07/2007 18:42:55 (DIR) 0 byte 4 days old -- Java
23/07/2007 08:13:39 (DIR) 0 byte 1 days old -- Grisoft
23/07/2007 11:44:19 (DIR) 0 byte 1 days old -- Mozilla Firefox
23/07/2007 19:27:09 (DIR) 0 byte 1 days old -- Windows Live Safety Center
23/07/2007 20:20:07 11148 byte 1 days old -- hijackthis.log
24/07/2007 09:08:21 (DIR) 0 byte 0 days old -- Navilog1
24/07/2007 09:55:06 (DIR) 0 byte 0 days old -- eMule

----- recent files in C:\Program Files\Fichiers communs\
13/06/2007 20:21:03 (DIR) 0 byte 41 days old -- System
20/07/2007 15:42:33 (DIR) 0 byte 4 days old -- Real
20/07/2007 16:05:27 (DIR) 0 byte 4 days old -- Sonic Shared
20/07/2007 18:42:08 (DIR) 0 byte 4 days old -- Java

----- recent files in C:\Documents and Settings\Simon2\Application Data\
22/06/2007 19:30:02 (DIR) 0 byte 32 days old -- Lavasoft
20/07/2007 15:42:11 (DIR) 0 byte 4 days old -- Real
20/07/2007 15:42:52 (DIR) 0 byte 4 days old -- Shareaza
20/07/2007 15:45:08 (DIR) 0 byte 4 days old -- HPQ
20/07/2007 15:45:09 (DIR) 0 byte 4 days old -- InstallShield
20/07/2007 15:45:53 (DIR) 0 byte 4 days old -- OpenOffice.org2
20/07/2007 15:47:43 (DIR) 0 byte 4 days old -- Sony
20/07/2007 19:17:30 (DIR) 0 byte 4 days old -- Screenshot Sender
21/07/2007 10:38:55 (DIR) 0 byte 3 days old -- Microsoft
21/07/2007 10:39:01 1110 byte 3 days old -- wklnhst.dat
21/07/2007 16:21:29 (DIR) 0 byte 3 days old -- uTorrent
21/07/2007 18:37:07 (DIR) 0 byte 3 days old -- Help
23/07/2007 08:01:45 (DIR) 0 byte 1 days old -- Xfire
23/07/2007 08:14:03 (DIR) 0 byte 1 days old -- Grisoft

----- recent files in C:\DOCUME~1\Simon2\LOCALS~1\Temp\
24/07/2007 09:08:27 (DIR) 0 byte 0 days old -- WPDNSE
24/07/2007 09:09:08 (DIR) 0 byte 0 days old -- flashgot.2ndrreir.default
24/07/2007 09:23:33 1436 byte 0 days old -- wmplog00.sqm
24/07/2007 09:23:42 (DIR) 0 byte 0 days old -- WASCC9D.tmp
24/07/2007 09:23:48 1020 byte 0 days old -- ~ROMFN_00000D60
24/07/2007 09:25:42 16384 byte 0 days old -- ~DF6BD4.tmp
24/07/2007 09:25:43 16384 byte 0 days old -- ~DF5DD9.tmp
24/07/2007 09:25:57 491520 byte 0 days old -- ~DF6B9F.tmp
24/07/2007 09:25:57 491520 byte 0 days old -- ~DF5DC7.tmp
24/07/2007 09:40:56 (DIR) 0 byte 0 days old -- MessengerCache
24/07/2007 09:54:00 (DIR) 0 byte 0 days old -- ~nsu.tmp
24/07/2007 10:08:23 1436 byte 0 days old -- wmplog01.sqm
24/07/2007 10:10:03 (DIR) 0 byte 0 days old -- nsg1E.tmp
24/07/2007 10:10:03 16384 byte 0 days old -- ~DF8792.tmp

===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)

-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000024

Autorun is enabled on:
DRIVE_UNKNOWN = True
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = False
DRIVE_FIXED = True
DRIVE_REMOTE = True
DRIVE_CDROM = False
DRIVE_RAMDISK = True
RESERVED = True

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

### C:\Program Files\HP\Digital Imaging\data\CD\AUTORUN.INF
OPEN=AUTO_RUN.EXE

### C:\Program Files\HP\Digital Imaging\data\slideshow\AUTORUN.INF
open=hpqSShow.exe
label=SlideShow

### C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\autorun.inf
[C32]
Product=Hid
SetupGlue=1
PdiOffset=..\HID\hpzpdi14.exe
GhoulOffset=..\HID\hpzghl14.exe
PinOffset=..\HID\hpzpin14.exe
[C32.Dot4Usb]
SetupGlue=1
[C32.Dot4Usb HPZ12]
SetupGlue=1
[C32.Image]
SetupGlue=0
[C32.Printer]
SetupGlue=0
[Dot4PMLWrapper]
Open=drivers\dot4\wrapper\wrapper.exe
open=setup.exe
[Version]
CDGuid={33D6CC28-9F75-4d1b-A11D-98895B3A3729}
SoftwareGuid=
InfrastructureDatabaseList=hphmdl08.dat
LanguagesInthisCD=ENU,FRA,ITA,DEU,ELL,ESN,PTB,NLD,RUS,NOB,DAN
DefaultLanguageInThisRelease=ENU
DIVISION=HPH
ICE_REV=08
FIRST_IO_REVISION=15
LAST_IO_REVISION=15
VCD_FILEVER=14
Manufacturer=HP
RegistryManufacturer=Hewlett-Packard
ProductSeries=Photosmart Printer Series
Pre-Install=%ProgramFiles%%Manufacturer%
SilentInstall=No
InvalidPathCharacters=$%#&,
PreloadICEEngineToGUIDFolder=%sourcepath%hpzprl01.dat
PreloadRecoveryMechanism=%sourcepath%hpzprl02.dat
PreloadRestingPad=%sourcepath%hpzprl03.dat
UI_03=Yes
UI_20=Yes
UI_21=Yes
UI_25=No
UI_30=Yes
UI_50=Yes
UI_80=swreinstall & nodeviceconnected
UI_250=No
UI_260=Yes
NetworkFinishUI=Yes
NetworkWelcomeUI=Yes
RegistryRebootLocation=DigitalImaging\Install
PreloadICEEngineToInstallDir=%sourcepath%hpqprl01.dat
PreloadMarsToUninstallFolder=%sourcepath%hpqprl03.dat
Provider=Hewlett-Packard
FIRST_CA_REVISION=8
LAST_CA_REVISION=8
ProductFinishEvent=somestring
UsingDeviceDiscovery=Yes
RunAfterReboot=Yes
AutorunID=1
PreloadDatFileList=hphprl08.dat
networkinstall=%sourcepath%Setup\hpznet01.exe
ConnectivityPlugin=%sourcepath%Setup\hpzdui01.exe
MinInstallTime=15
MaxInstallTime=30
MaxInstallDirLength=64
IEFIX=NoFix
AddPrintDrivers=hphapd08.dat
UI_90=Yes
UI_280=No
ProductFinishedEvent=somestring
ShortcutCheckbox=Yes
410=1
490=1
500=1
DriverVer=06/01/2005, 8.1.0.12
[Strings]
%Preload%=%InstallDir%Digital Imaging\%CDGuid%\
%ICETemp%=%ProgramFiles%%ICETempInPF%\
%ICETempInPF%=%Manufacturer%\Temp\%CDGuid%
%Recovery%=%ICETemp%
%RecoveryInPF%=%ICETempInPF%
%ProductScrubberDatfile%=hphscr08.dat
%autorunlocation%=.
%setupName%=hpzsetup.exe
%MSIRollbackDatFile%=hpzmsirb.dat
%CUEVersion%=5.3
%CUEDivision%=hpq
%DeviceManagementGUID%={F2075322-392C-466e-83DF-EA60A13B8EB3}
%DeviceManagement_ICE_REV%=01
%DeviceFunctionGUID%={349F25FE-D3D2-49e9-96C8-AB45BD71E05A}
%DeviceFunction_ICE_REV%=02
%CreativeProjectsContentGUID%={EBE188EE-A7BF-46e3-A4AD-B9ED7E737BC4}
%CreativeProjectsContent_ICE_REV%=03
%DocumentViewerGUID%={90BD92EA-CFE7-4783-97A9-5EF0CBF6CBA9}
%DocumentViewer_ICE_REV%=04
%eSupportGUID%={129F934F-59CC-4461-8F09-204FEEC78FFF}
%eSupport_ICE_REV%=05
%CustomerExperienceGUID%={798101B1-24F9-4a07-8152-65F3A3A9BC31}
%CustomerExperience_ICE_REV%=06
%RemotePrintGUID%={A61FF77A-CF6A-456d-8ED1-395A3FA982A1}
%RemotePrint_ICE_REV%=08
%FullDPAppGUID%={1A65E29E-5BAF-4452-A111-3290AED6BDBC}
%FullDPApp_ICE_REV%=09
%DeviceManagementc2GUID%={3B0B4BE6-FBDC-4b97-9A26-98F8893E3BF6}
%DeviceFunctionc2GUID%={0B7AD97E-CDB1-4ee0-8320-B798ED7922A1}
%DivisionName%=Photosmart
%PrinterModels%=330,380,420,470,7800,8000,8200
%printerLangFolder%=%lang%
[SUI.OPTIN]
Qualifier=%LangQualifier%
LaunchBase=%sourcepath%setup\
1=hpzgat01.exe -on -gate MARS -f %datfile%
[SUI.OPTOUT]
Qualifier=%LangQualifier%
LaunchBase=%sourcepath%setup\
1=hpzgat01.exe -off -gate MARS -f %datfile%
[SUI]
Opt-In_Default=OFF
[LanguageMap]
0x0409=enu
0x0404=cht
0x0804=chs
0x0405=csy
0x0406=dan
0x0407=deu
0x0408=ell
0x040a=esn
0x040b=fin
0x040c=fra
0x040e=hun
0x0410=ita
0x0411=jpn
0x0412=kor
0x0413=nld
0x0414=nob
0x0415=plk
0x0416=ptb
0x0419=rus
0x041d=sve
0x041f=trk
0x0c04=cht
0x1004=chs
0x1404=cht
0x0813=nld
0x0809=enu
0x0c09=enu
0x1009=enu
0x1409=enu
0x1809=enu
0x1c09=enu
0x2009=enu
0x2409=enu
0x2809=enu
0x2c09=enu
0x080c=fra
0x0c0c=fra
0x100c=fra
0x140c=fra
0x180c=fra
0x0456=esn
0x0807=deu
0x0c07=deu
0x1007=deu
0x1407=deu
0x0810=ita
0x0812=kor
0x0c0a=esn
0x080a=esn
0x100a=esn
0x140a=esn
0x180a=esn
0x1c0a=esn
0x200a=esn
0x240a=esn
0x280a=esn
0x2c0a=esn
0x300a=esn
0x340a=esn
0x380a=esn
0x3c0a=esn
0x400a=esn
0x440a=esn
0x480a=esn
0x4c0a=esn
0x500a=esn
0x042d=esn
0x0403=esn
0x081d=sve
0x0422=rus
0x0816=ptb
0x040d=heb
0x041e=xxx
0x0401=ara
0x0801=ara
0x0c01=ara
0x1001=ara
0x1401=ara
0x1801=ara
0x1c01=ara
0x2001=ara
0x2401=ara
0x2801=ara
0x2c01=ara
0x3001=ara
0x3401=ara
0x3801=ara
0x3c01=ara
0x4001=ara
[TwoLetterLanguageMap]
ara=ar
cht=zh
chs=zh
csy=cs
dan=da
deu=de
ell=el
enu=en
esn=es
fin=fi
fra=fr
heb=he
hun=hu
ita=it
jpn=ja
kor=ko
nld=nl
nob=no
plk=pl
ptb=pt
rus=ru
sve=sv
trk=tr
[PreInstalls]
1=Kahuna1
2=Kahuna2
3=Kahuna3
4=Kahuna4
5=Kahuna5
6=Kahuna6
7=Kahuna7
[PreInstalls.Kahuna1]
CDGUID={5D22B85D-6503-4c4d-8BE1-D5CD9E0F5181}
1={7AB63E68-A8E2-49EF-A575-CCEC39F66312}
2={45B6180B-DCAB-4093-8EE8-6164457517F0}
[PreInstalls.Kahuna2]
CDGUID={5D32B85D-6503-4c4d-8BE1-D5CD9E0F5181}
1={45B6180B-DCAB-4093-8EE8-6164457517F0}
2={19E1E220-E757-43bd-AC1A-EC095CB8A667}
3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}
[PreInstalls.Kahuna3]
CDGUID={C6C44651-7C66-4b11-92E8-17565D3D22DD}
1={45B6180B-DCAB-4093-8EE8-6164457517F0}
2={15B9DC72-73F9-4d99-9E28-848D66DA8D99}
3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}
4={0FABD3D7-3036-4e78-B29D-58957ADB0A12}
[PreInstalls.Kahuna4]
CDGUID={5E1494D4-3562-4FFB-B35C-600F80F6934C}
1={45B6180B-DCAB-4093-8EE8-6164457517F0}
2={15B9DC72-73F9-4d99-9E28-848D66DA8D99}
3={A1062847-0846-427A-92A1-BB8251A91E91}
[PreInstalls.Kahuna5]
CDGUID={0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}
1={A1062847-0846-427A-92A1-BB8251A91E91}
2={4C04DF1B-6A39-4299-9DD1-1FA60000266E}
3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
[PreInstalls.Kahuna6]
CDGUID={D0420D64-8D33-4374-A2B2-9225C7925CA6}
1={A1062847-0846-427A-92A1-BB8251A91E91}
2={4C04DF1B-6A39-4299-9DD1-1FA60000266E}
3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
[PreInstalls.Kahuna7]
CDGUID={32498B7B-E1F3-4ad5-A23B-F26414E94BE0}
1={342C7C88-D335-4bc2-8CF1-281857629CE2}
2={ABA2B37F-AB88-486e-870A-52454A23FEE0}
3={BA2D9411-DBB4-43e4-9421-780413650A67}
[SystemRequirements]
Overide=No
AdminRightRequired=1
RunIfFailureAsynch=
RunIfFailureSynch=
RunIfFailureSynchTimeout=
RunIfWarningAsynch=
RunIfWarningSynch=
RunIfWarningSynchTimeout=
SectionList=FullBuckets
OSList=410,490,500,501
MaxOS=
MinCPU=5
RecCPU=5
MinRAM=115
RecRAM=115
MinSysDisk=600
RecSysDisk=600
MinDisk=600
RecDisk=600
MinDisplay=800x600
RecDisplay=800x600
MinColors=16
RecColors=16
MinSP=0
RecSP=0
MinIE=5.00.3314.2101
RecIE=5.00.3314.2101
MinUsbReady=0
RecUsbReady=0
MinMHz=233
RecMHz=233
MinCPUText=Pentium II
RecCPUText=Pentium II
BlockCPU=0x14**,0x15**
BlockProductTypeList=2
[SystemRequirements.Min]
TurnCueOn=%sourcepath%setup\hpzgat01.exe -gate CUE -on
TurnCueOff=%sourcepath%setup\hpzgat01.exe -gate CUE -off
SysReqPlugIn=%sourcepath%setup\hpzchk01.exe
AdminRightRequired=1
SectionList=ExpressBuckets
Express=Yes
AlwaysShowOption=Yes
OSList=410,490,500,501
MaxOS=
MinCPU=5
RecCPU=5
MinRAM=56
RecRAM=56
MinSysDisk=200
RecSysDisk=200
MinDisk=200
RecDisk=200
MinDisplay=800x600
RecDisplay=800x600
MinColors=16
RecColors=16
MinIE=5.00.3314.2101
RecIE=5.00.3314.2101
MinMHz=233
RecMHz=233
MinCPUText=Pentium II
RecCPUText=Pentium II
BlockCPU=0x14**,0x15**
[OSBlock.400]
launchbase=Setup\
1=hpzchk01.exe
[Run1]
launchbase=%sourcepath%Setup\
Qualifier=%OS%
1=hpzpnp01.exe
2=hpzpsc01.exe -OSUP
3=hpzrein01.exe
4=hpzwup01.exe
5=hpzshl01.exe -m ICEPreShield,HPSecurity,DelayedReboot
6=hpzopt01.exe
[Run2]
launchbase=%sourcepath%Setup\
1=hpzpsc01.exe -m LegoWB -CPE
2=hpzpsc01.exe -m Verde80 -CPE
3=hpzshl01.exe -m Printer,MassStorage,PDPNull
4=[run.setrecovery]
5=hpznop01.exe -m Version -set ShortCutCheckBox=No -gateoncmdline drvreinst
6=hpzsui01.exe
[Run3]
launchbase=%sourcepath%Setup\
qualifier=%OS%
1=hpzwis01.exe
2=hpzpnp01.exe -clean
3=hpzprl01.exe -m PreloadICEEngineToGUIDFolder
4=hpzarp01.exe -add PSPrinter
5=hpzprl01.exe -m PreloadDatFileList
6=hpzprl01.exe -m PreloadRestingPad
7=hpzwrp01.exe -m Dot4PMLWrapper
8=hpzpnp01.exe -clean
9=HPZmsi01.exe -m Cam
10=hpzpnp01.exe -clean
11=hpzdui01.exe
12=hpzpnp01.exe -clean
13=hpztim01.exe -gate CUE
14=Hpzshl01.exe -m HPQTRA08
15=Hpzshl01.exe -m CloseIZApps -gate CUE
16=hpznfx01.exe -gate CUE
17=hpzmsi01.exe -list PRODUCT
18=[run.commitproduct]
19=[FullBuckets]
20=[ExpressBuckets]
21=[run.commitfull]
22=hpzarp01.exe
23=hpzprl01.exe -inf -m PreloadDatFileList
24=hpzwis01.exe -fixME
25=hpzpnp01.exe -clean
26=%sourcepath%util\ccc\fixerr1714.exe
[Uninstall]
launchbase=%sourcepath%Setup\
1=hpzscr01.exe -datfile %ProductScrubberDatfile% -forcereboot
[Prescrub.CPE]
launchbase=%sourcepath%Setup\
SkipOnReinstall=SW
[MSI.FX]
Filename=netfx.msi
RefCount=No
Logfilename=%Temp%hpzFx_Log.txt
CopyToTemp=netfx.msi,netfx1.cab
[MSI.FXLangPack]
Filename=Langpacks\%lang%\langpack.msi
RefCount=No
Logfilename=%Temp%hpzFx%lang%_Log.txt
CopyToTemp=Langpacks\%lang%\langpack.msi,Langpacks\%lang%\langpac1.cab
[MSI.FXLangPack.0x9]
Filename=None.msi
RefCount=No
UI=No
CopyToTemp=
IgnoreReturnCode=Yes
[MSI.FXLangPack.0x1]
Filename=None.msi
RefCount=No
UI=No
CopyToTemp=
IgnoreReturnCode=Yes
[MSI.FXLangPack.0xd]
Filename=None.msi
RefCount=No
UI=Yes
CopyToTemp=
IgnoreReturnCode=Yes
[NetFx]
1=StopMSIService
2=Core
3=LangPack
[NetFx.StopMSIService]
1=%sourcepath%setup\hpzwis01.exe -stop
[NetFx.Core]
RegValueToLookFor=OCM
RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
RegValueShouldBeEqualTo=1
1=%sourcepath%setup\hpzmsi01.exe -m FX
[NetFx.LangPack]
Qualifier=%PrimaryLangQualifier%
RegValueToLookFor=OCM
RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\%langid%
RegValueShouldBeEqualTo=1
1=%sourcepath%setup\hpzmsi01.exe -m FXLangPack
[NetFx.LangPack.0x9]
1=%sourcepath%setup\hpznop01.exe
[NetFx.LangPack.0xa]
RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\3082
[Setup.Text]
hpznfx01.exe=Installing Microsoft .NET Framework
hpzdxs01.exe=Installing Microsoft DirectX 9.0
HPZpsc01.exe=Searching for installed applications
HPZchk01.exe=Checking System Requirements
HPZwis01.exe=Updating Windows Installer Service
HPZpnp01.exe=Waiting for Plug and Play
HPZscr01.exe=Uninstalling
HPZwrp01.exe=Installing Additional Software
HPZarp01.exe=Creating Add/Remove Programs entries
HPZrcv01.exe=Setting Recovery Point
HPZdui01.exe=Connecting device
HPZshl01.exe=Inspecting system
HPZopt01.exe=Waiting for user input
HPZsui01.exe=Waiting for user input
HPZrein01.exe=Waiting for user input
HPZtim01.exe=Waiting for user input
[Setup.Text.0x804]
hpznfx01.exe=ÕýÔÚ°²×° Microsoft .NET Framework
hpzdxs01.exe=ÕýÔÚ°²×° Microsoft DirectX 9.0
HPZpsc01.exe=²éÕÒÒÑ°²×°µÄÓ¦ÓóÌÐò
HPZchk01.exe=¼ì²éϵͳÐèÇó
HPZwis01.exe=¸üРWindows Installer ·þÎñ
HPZpnp01.exe=¼ì²éÓ²¼þ
HPZscr01.exe=жÔØ
HPZwrp01.exe=°²×°ÆäËûÈí¼þ
HPZarp01.exe=´´½¨¡°Ìí¼Ó/ɾ³ý³ÌÐò¡±ÏîÄ¿
HPZrcv01.exe=ÉèÖû¹Ô­µã
HPZdui01.exe=Á¬½ÓÉ豸
HPZshl01.exe=¼ì²éϵͳ
HPZopt01.exe=µÈ´ýÓû§ÊäÈë
HPZsui01.exe=µÈ´ýÓû§ÊäÈë
HPZrein01.exe=µÈ´ýÓû§ÊäÈë
HPZtim01.exe=µÈ´ýÓû§ÊäÈë
[Setup.Text.0x404]
hpznfx01.exe=¦w¸Ë Microsoft .NET Framework
hpzdxs01.exe=¦w¸Ë Microsoft DirectX 9.0
HPZpsc01.exe=·j´M¤w¦w¸ËªºÀ³¥Îµ{¦¡
HPZchk01.exe=Àˬd¨t²Î»Ý¨D
HPZwis01.exe=¤É¯Å Windows Installer ªA°È
HPZpnp01.exe=ÀˬdµwÅé
HPZscr01.exe=¸Ñ°£¦w¸Ë¤¤
HPZwrp01.exe=¦w¸Ë¨ä¥L³nÅé
HPZarp01.exe=«Ø¥ß·s¼W/²¾°£µ{¦¡¶µ¥Ø
HPZrcv01.exe=³]©w­×´_ÂI
HPZdui01.exe=³s±µ¸Ë¸m
HPZshl01.exe=°»´ú¨t²Î
HPZopt01.exe=µ¥«Ý¨Ï¥ÎªÌ¿é¤J
HPZsui01.exe=µ¥«Ý¨Ï¥ÎªÌ¿é¤J
HPZrein01.exe=µ¥«Ý¨Ï¥ÎªÌ¿é¤J
HPZtim01.exe=µ¥«Ý¨Ï¥ÎªÌ¿é¤J
[Setup.Text.0x5]
hpznfx01.exe=Instaluje se Microsoft .NET Framework
hpzdxs01.exe=Instaluje se Microsoft DirectX 9.0
HPZpsc01.exe=Vyhledávání nainstalovaných aplikací
HPZchk01.exe=Kontrola požadavkù na systém
HPZwis01.exe=Aktualizace služby Windows Installer
HPZpnp01.exe=Kontrola hardwaru
HPZscr01.exe=Odinstalace
HPZwrp01.exe=Instalace dalšího softwaru
HPZarp01.exe=Vytváøení položek v panelu Pøidat nebo odebrat programy
HPZrcv01.exe=Nastavení bodu obnovení
HPZdui01.exe=Pøipojení zaøízení
HPZshl01.exe=Kontrola systému
HPZopt01.exe=Èekání na vstup od uživatele
HPZsui01.exe=Èekání na vstup od uživatele
HPZrein01.exe=Èekání na vstup od uživatele
HPZtim01.exe=Èekání na vstup od uživatele
[Setup.Text.0x6]
hpznfx01.exe=Installerer Microsoft .NET Framework
hpzdxs01.exe=Installerer Microsoft DirectX 9.0
HPZpsc01.exe=Søger efter allerede installerede programmer
HPZchk01.exe=Undersøger systemkrav
HPZwis01.exe=Opdaterer tjenesten Windows Installer
HPZpnp01.exe=Undersøger hardware
HPZscr01.exe=Fjerner
HPZwrp01.exe=Installerer yderligere software
HPZarp01.exe=Opretter poster i Tilføj/fjern programmer
HPZrcv01.exe=Indstiller gendannelsespunkt
HPZdui01.exe=Tilslutter enhed
HPZshl01.exe=Undersøger system
HPZopt01.exe=Venter på brugerinput
HPZsui01.exe=Venter på brugerinput
HPZrein01.exe=Venter på brugerinput
HPZtim01.exe=Venter på brugerinput
[Setup.Text.0x7]
hpznfx01.exe=Microsoft .NET Framework wird installiert
hpzdxs01.exe=Microsoft DirectX 9.0 wird installiert
HPZpsc01.exe=Installierte Anwendungen werden gesucht
HPZchk01.exe=Systemanforderungen werden geprüft
HPZwis01.exe=Windows-Installationsdienst wird aktualisiert
HPZpnp01.exe=Hardware wird geprüft
HPZscr01.exe=Deinstallieren
HPZwrp01.exe=Weitere Software wird installiert
HPZarp01.exe=Einträge zum Hinzufügen/Entfernen von Programmen werden erstellt
HPZrcv01.exe=Wiederherstellungsdaten werden gespeichert
HPZdui01.exe=Gerät wird verbunden
HPZshl01.exe=System wird untersucht
HPZopt01.exe=Warten auf Benutzereingabe
HPZsui01.exe=Warten auf Benutzereingabe
HPZrein01.exe=Warten auf Benutzereingabe
HPZtim01.exe=Warten auf Benutzereingabe
[Setup.Text.0x8]
hpznfx01.exe=ÅãêáôÜóôáóç Microsoft .NET Framework
hpzdxs01.exe=ÅãêáôÜóôáóç Microsoft DirectX 9.0
HPZpsc01.exe=ÁíáæÞôçóç åãêáôåóôçìÝíùí åöáñìïãþí
HPZchk01.exe=¸ëåã÷ïò ôùí áðáéôÞóåùí ôïõ óõóôÞìáôïò
HPZwis01.exe=ÁíáâÜèìéóç ôçò õðçñåóßáò Windows Installer
HPZpnp01.exe=¸ëåã÷ïò õëéêïý
HPZscr01.exe=ÊáôÜñãçóç åãêáôÜóôáóçò
HPZwrp01.exe=ÅãêáôÜóôáóç ðñüóèåôïõ ëïãéóìéêïý
HPZarp01.exe=Äçìéïõñãßá êáôá÷ùñÞóåùí ãéá ôçí åöáñìïãÞ "Ðñïóèáöáßñåóç ÐñïãñáììÜôùí"
HPZrcv01.exe=Ïñéóìüò óçìåßïõ áíÜêôçóçò
HPZdui01.exe=Óýíäåóç óõóêåõÞò
HPZshl01.exe=ÅîÝôáóç óõóôÞìáôïò
HPZopt01.exe=ÁíáìïíÞ åéóáãùãÞò áðü ôï ÷ñÞóôç
HPZsui01.exe=ÁíáìïíÞ åéóáãùãÞò áðü ôï ÷ñÞóôç
HPZrein01.exe=ÁíáìïíÞ åéóáãùãÞò áðü ôï ÷ñÞóôç
HPZtim01.exe=ÁíáìïíÞ åéóáãùãÞò áðü ôï ÷ñÞóôç
[Setup.Text.0x9]
hpznfx01.exe=Installing Microsoft .NET Framework
hpzdxs01.exe=Installing Microsoft DirectX 9.0
HPZpsc01.exe=Searching for installed applications
HPZchk01.exe=Checking System Requirements
HPZwis01.exe=Updating Windows Installer Service
HPZpnp01.exe=Checking hardware
HPZscr01.exe=Uninstalling
HPZwrp01.exe=Installing Additional Software
HPZarp01.exe=Creating Add/Remove Programs entries
HPZrcv01.exe=Setting Recovery Point
HPZdui01.exe=Connecting device
HPZshl01.exe=Inspecting system
HPZopt01.exe=Waiting for user input
HPZsui01.exe=Waiting for user input
HPZrein01.exe=Waiting for user input
HPZtim01.exe=Waiting for user input
[Setup.Text.0xa]
hpznfx01.exe=Instalando Microsoft .NET Framework
hpzdxs01.exe=Instalando Microsoft DirectX 9.0
HPZpsc01.exe=Buscando aplicaciones instaladas
HPZchk01.exe=Comprobando los requisitos del sistema
HPZwis01.exe=Actualizando el servicio Windows Installer
HPZpnp01.exe=Comprobando el hardware
HPZscr01.exe=Desinstalando
HPZwrp01.exe=Instalando software adicional
HPZarp01.exe=Creando entradas para Agregar o quitar programas
HPZrcv01.exe=Estableciendo punto de recuperación
HPZdui01.exe=Conectando dispositivo
HPZshl01.exe=Inspeccionando el sistema
HPZopt01.exe=Esperando datos del usuario
HPZsui01.exe=Esperando datos del usuario
HPZrein01.exe=Esperando datos del usuario
HPZtim01.exe=Esperando datos del usuario
[Setup.Text.0xb]
hpznfx01.exe=Ohjelma asentaa Microsoft .NET Framework -ohjelmaa
hpzdxs01.exe=Ohjelma asentaa Microsoft DirectX 9.0 -ohjelmaa
HPZpsc01.exe=Etsitään asennettuja sovelluksia
HPZchk01.exe=Tarkastetaan järjestelmävaatimuksia
HPZwis01.exe=Päivitetään Windows Installer -palvelua
HPZpnp01.exe=Tarkastetaan laitteistoa
HPZscr01.exe=Asennusta poistetaan
HPZwrp01.exe=Asennetaan muita ohjelmia
HPZarp01.exe=Luodaan Lisää tai poista sovellus -ikkunan tietoja
HPZrcv01.exe=Määritetään palautuspistettä
HPZdui01.exe=Kytketään laitetta
HPZshl01.exe=Tarkastetaan järjestelmää
HPZopt01.exe=Odotetaan käyttäjän syötettä
HPZsui01.exe=Odotetaan käyttäjän syötettä
HPZrein01.exe=Odotetaan käyttäjän syötettä
HPZtim01.exe=Odotetaan käyttäjän syötettä
[Setup.Text.0xc]
hpznfx01.exe=Installation de Microsoft .NET Framework
hpzdxs01.exe=Installation de Microsoft DirectX 9.0
HPZpsc01.exe=Recherche des applications installées
HPZchk01.exe=Vérification de la configuration système requise
HPZwis01.exe=Mise à jour du service Windows Installer
HPZpnp01.exe=Vérification du matériel
HPZscr01.exe=Désinstallation
HPZwrp01.exe=Installation de logiciel supplémentaire
HPZarp01.exe=Création d'entrées dans la boîte de dialogue Ajout/Suppression de programmes
HPZrcv01.exe=Définition du point de récupération
HPZdui01.exe=Connexion du périphérique
HPZshl01.exe=Inspection du système
HPZopt01.exe=Attente d'une intervention de l'utilisateur
HPZsui01.exe=Attente d'une intervention de l'utilisateur
HPZrein01.exe=Attente d'une intervention de l'utilisateur
HPZtim01.exe=Attente d'une intervention de l'utilisateur
[Setup.Text.0xe]
hpznfx01.exe=Microsoft .NET Framework telepítése
hpzdxs01.exe=Microsoft DirectX 9.0 telepítése
HPZpsc01.exe=Telepített alkalmazások keresése
HPZchk01.exe=Rendszerkövetelmények ellenõrzése
HPZwis01.exe=Windows telepítõszolgáltatás frissítése
HPZpnp01.exe=Hardver ellenõrzése
HPZscr01.exe=Eltávolítás
HPZwrp01.exe=További programok telepítése
HPZarp01.exe=Elem létrehozása a Programok telepítése/törlése részben
HPZrcv01.exe=Helyreállítási pont beállítása
HPZdui01.exe=Kapcsolódás az eszközhöz
HPZshl01.exe=Rendszer elemzése
HPZopt01.exe=Várakozás felhasználói adatbevitelre
HPZsui01.exe=Várakozás felhasználói adatbevitelre
HPZrein01.exe=Várakozás felhasználói adatbevitelre
HPZtim01.exe=Várakozás felhasználói adatbevitelre
[Setup.Text.0x10]
hpznfx01.exe=Installazione di Microsoft .NET Framework
hpzdxs01.exe=Installazione di Microsoft DirectX 9.0
HPZpsc01.exe=Ricerca delle applicazioni installate
HPZchk01.exe=Verifica dei requisiti di sistema
HPZwis01.exe=Aggiornamento del servizio Windows Installer
HPZpnp01.exe=Verifica dell'hardware
HPZscr01.exe=Disinstallazione
HPZwrp01.exe=Installazione del software supplementare
HPZarp01.exe=Creazione delle voci di Installazione applicazioni
HPZrcv01.exe=Impostazione del punto di ripristino
HPZdui01.exe=Collegamento della periferica
HPZshl01.exe=Analisi del sistema
HPZopt01.exe=Attesa input utente
HPZsui01.exe=Attesa input utente
HPZrein01.exe=Attesa input utente
HPZtim01.exe=Attesa input utente
[Setup.Text.0x11]
hpznfx01.exe=Microsoft .NET Framework ‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ä‚¢‚Ü‚·
hpzdxs01.exe=Microsoft DirectX 9.0 ‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ä‚¢‚Ü‚·
HPZpsc01.exe=ƒCƒ“ƒXƒg[ƒ‹‚³‚ê‚Ä‚¢‚éƒAƒvƒŠƒP[ƒVƒ‡ƒ“‚ðŒŸõ‚µ‚Ä‚¢‚Ü‚·
HPZchk01.exe=ƒVƒXƒeƒ€•K—vðŒ‚̃`ƒFƒbƒN’†
HPZwis01.exe=Windows ƒCƒ“ƒXƒg[ƒ‰ ƒT[ƒrƒX‚ÌXV’†
HPZpnp01.exe=ƒn[ƒhƒEƒFƒA‚̃`ƒFƒbƒN’†
HPZscr01.exe=ƒAƒ“ƒCƒ“ƒXƒg[ƒ‹’†
HPZwrp01.exe=‚»‚Ì‘¼‚̃\ƒtƒgƒEƒFƒA‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ä‚¢‚Ü‚·
HPZarp01.exe=’ljÁ^휃vƒƒOƒ‰ƒ€ ƒGƒ“ƒgƒŠ‚ð쬂µ‚Ä‚¢‚Ü‚·
HPZrcv01.exe=‰ñ•œƒ|ƒCƒ“ƒg‚ÌÝ’è’†
HPZdui01.exe=ƒfƒoƒCƒX‚ÌÚ‘±’†
HPZshl01.exe=ƒVƒXƒeƒ€ŒŸ¸’†
HPZopt01.exe=ƒ†[ƒU[‚©‚ç‚Ì“ü—Í‚ð‘Ò‚Á‚Ä‚¢‚Ü‚·
HPZsui01.exe=ƒ†[ƒU[‚©‚ç‚Ì“ü—Í‚ð‘Ò‚Á‚Ä‚¢‚Ü‚·
HPZrein01.exe=ƒ†[ƒU[‚©‚ç‚Ì“ü—Í‚ð‘Ò‚Á‚Ä‚¢‚Ü‚·
HPZtim01.exe=ƒ†[ƒU[‚©‚ç‚Ì“ü—Í‚ð‘Ò‚Á‚Ä‚¢‚Ü‚·
[Setup.Text.0x12]
hpznfx01.exe=Microsoft .NET Framework ¼³Ä¡
hpzdxs01.exe=Microsoft DirectX 9.0 ¼³Ä¡
HPZpsc01.exe=¼³Ä¡ÇÑ ÀÀ¿ë ÇÁ·Î±×·¥À» ã´Â Áß
HPZchk01.exe=½Ã½ºÅÛ ¿ä±¸ »çÇ× È®ÀÎ Áß
HPZwis01.exe=Windows ¼³Ä¡ ¼­ºñ½º ¾÷µ¥ÀÌÆ®ÇÏ´Â Áß
HPZpnp01.exe=Çϵå¿þ¾î¸¦ °Ë»çÇÏ´Â Áß
HPZscr01.exe=Á¦°Å Áß
HPZwrp01.exe=Ãß°¡ ¼ÒÇÁÆ®¿þ¾î ¼³Ä¡ Áß
HPZarp01.exe=ÇÁ·Î±×·¥ Ç׸ñ Ãß°¡/Á¦°Å ¸¸µå´Â Áß
HPZrcv01.exe=º¹±¸ Æ÷ÀÎÆ® ¼³Á¤ Áß
HPZdui01.exe=ÀåÄ¡ ¿¬°á Áß
HPZshl01.exe=½Ã½ºÅÛ °Ë»ç Áß
HPZopt01.exe=»ç¿ëÀÚ ÀÔ·Â ´ë±â Áß
HPZsui01.exe=»ç¿ëÀÚ ÀÔ·Â ´ë±â Áß
HPZrein01.exe=»ç¿ëÀÚ ÀÔ·Â ´ë±â Áß
HPZtim01.exe=»ç¿ëÀÚ ÀÔ·Â ´ë±â Áß
[Setup.Text.0x13]
hpznfx01.exe='Microsoft .NET Framework' installeren
hpzdxs01.exe='Microsoft DirectX 9.0' installeren
HPZpsc01.exe=Bezig met zoeken naar geïnstalleerde toepassingen
HPZchk01.exe=Bezig met controleren van systeemvereisten
HPZwis01.exe=Bezig met bijwerken van Windows Installer-service
HPZpnp01.exe=Bezig met controleren van hardware
HPZscr01.exe=Bezig met ongedaan maken van installatie
HPZwrp01.exe=Bezig met installeren van aanvullende software
HPZarp01.exe=Bezig met aanmaken van items voor Software
HPZrcv01.exe=Bezig met maken van herstelpunt
HPZdui01.exe=Bezig met aansluiten van apparaat
HPZshl01.exe=Bezig met systeemcontrole
HPZopt01.exe=Wachten op invoer van gebruiker
HPZsui01.exe=Wachten op invoer van gebruiker
HPZrein01.exe=Wachten op invoer van gebruiker
HPZtim01.exe=Wachten op invoer van gebruiker
[Setup.Text.0x14]
hpznfx01.exe=Installerer 'Microsoft .NET Framework'
hpzdxs01.exe=Installerer 'Microsoft DirectX 9.0'
HPZpsc01.exe=Søker etter installerte programmer
HPZchk01.exe=Kontrollerer systemkrav
HPZwis01.exe=Oppdaterer Windows-installeringstjeneste
HPZpnp01.exe=Kontrollerer maskinvare
HPZscr01.exe=Avinstallerer
HPZwrp01.exe=Installerer tilleggsprogramvare
HPZarp01.exe=Oppretter oppføringer for Legg til / fjern programmer
HPZrcv01.exe=Angir gjenopprettingspunkt
HPZdui01.exe=Kobler til enhet
HPZshl01.exe=Inspiserer system
HPZopt01.exe=Venter på brukerinndata
HPZsui01.exe=Venter på brukerinndata
HPZrein01.exe=Venter på brukerinndata
HPZtim01.exe=Venter på brukerinndata
[Setup.Text.0x15]
hpznfx01.exe=Instalacja 'Microsoft .NET Framework'
hpzdxs01.exe=Instalacja 'Microsoft DirectX 9.0'
HPZpsc01.exe=Trwa wyszukiwanie zainstalowanych aplikacji
HPZchk01.exe=Trwa sprawdzanie wymagañ systemowych
HPZwis01.exe=Trwa aktualizowanie us³ugi Instalator Windows
HPZpnp01.exe=Trwa sprawdzanie sprzêtu
HPZscr01.exe=Trwa odinstalowywanie
HPZwrp01.exe=Trwa instalowanie dodatkowego oprogramowania
HPZarp01.exe=Trwa tworzenie wpisów aplikacji Dodaj/Usuñ programy
HPZrcv01.exe=Trwa ustawianie punktu odzyskiwania danych
HPZdui01.exe=Trwa pod³¹czanie urz¹dzenia
HPZshl01.exe=Trwa inspekcja systemu
HPZopt01.exe=Trwa oczekiwanie na wprowadzenie danych przez u¿ytkownika
HPZsui01.exe=Trwa oczekiwanie na wprowadzenie danych przez u¿ytkownika
HPZrein01.exe=Trwa oczekiwanie na wprowadzenie danych przez u¿ytkownika
HPZtim01.exe=Trwa oczekiwanie na wprowadzenie danych przez u¿ytkownika
[Setup.Text.0x16]
hpznfx01.exe=Instalando o Microsoft .NET Framework
hpzdxs01.exe=Instalando o Microsoft DirectX 9.0
HPZpsc01.exe=Procurando aplicativos instalados
HPZchk01.exe=Verificando exigências do sistema
HPZwis01.exe=Atualizando o serviço Windows Installer
HPZpnp01.exe=Verificando hardware
HPZscr01.exe=Desinstalando
HPZwrp01.exe=Instalando software adicional
HPZarp01.exe=Criando entradas em Adicionar ou Remover Programas
HPZrcv01.exe=Definindo ponto de recuperação
HPZdui01.exe=Conectando dispositivo
HPZshl01.exe=Inspecionando sistema
HPZopt01.exe=Aguardando entrada do usuário
HPZsui01.exe=Aguardando entrada do usuário
HPZrein01.exe=Aguardando entrada do usuário
HPZtim01.exe=Aguardando entrada do usuário
[Setup.Text.0x19]
hpznfx01.exe=Óñòàíîâêà Microsoft .NET Framework
hpzdxs01.exe=Óñòàíîâêà Microsoft DirectX 9.0
HPZpsc01.exe=Ïîèñê óñòàíîâëåííûõ ïðèëîæåíèé
HPZchk01.exe=Ïðîâåðêà òðåáîâàíèé ê ñèñòåìå
HPZwis01.exe=Îáíîâëåíèå ñëóæáû óñòàíîâêè Windows
HPZpnp01.exe=Ïðîâåðêà àïïàðàòíîãî îáåñïå÷åíèÿ
HPZscr01.exe=Óäàëåíèå
HPZwrp01.exe=Óñòàíîâêà äîïîëíèòåëüíîãî ïðîãðàììíîãî îáåñïå÷åíèÿ
HPZarp01.exe=Ñîçäàíèå çàïèñåé â îêíå Óñòàíîâêà è óäàëåíèå ïðîãðàìì
HPZrcv01.exe=Óñòàíîâêà òî÷êè âîññòàíîâëåíèÿ
HPZdui01.exe=Ñîåäèíåíèå ñ óñòðîéñòâîì
HPZshl01.exe=Ïðîâåðêà ñèñòåìû
HPZopt01.exe=Îæèäàíèå äåéñòâèé ïîëüçîâàòåëÿ
HPZsui01.exe=Îæèäàíèå äåéñòâèé ïîëüçîâàòåëÿ
HPZrein01.exe=Îæèäàíèå äåéñòâèé ïîëüçîâàòåëÿ
HPZtim01.exe=Îæèäàíèå äåéñòâèé ïîëüçîâàòåëÿ
[Setup.Text.0x1d]
hpznfx01.exe=Installerar Microsoft .NET Framework
hpzdxs01.exe=Installerar Microsoft DirectX 9.0
HPZpsc01.exe=Söker efter installerade program
HPZchk01.exe=Kontrollerar systemkrav
HPZwis01.exe=Uppdaterar tjänsten Windows Installer
HPZpnp01.exe=Kontrollerar maskinvara
HPZscr01.exe=Avinstallerar
HPZwrp01.exe=Installerar ytterligare programvara
HPZarp01.exe=Skapa poster för Lägg till/Ta bort program
HPZrcv01.exe=Skapar återställningspunkt
HPZdui01.exe=Ansluter enhet
HPZshl01.exe=Kontrollerar system
HPZopt01.exe=Väntar på användarindata
HPZsui01.exe=Väntar på användarindata
HPZrein01.exe=Väntar på användarindata
HPZtim01.exe=Väntar på användarindata
[Setup.Text.0x1f]
hpznfx01.exe=Microsoft .NET Framework Yükleniyor
hpzdxs01.exe=Microsoft DirectX 9.0 Yükleniyor
HPZpsc01.exe=Yüklü uygulamalar aranýyor
HPZchk01.exe=Sistem Gereksinimleri Kontrol Ediliyor
HPZwis01.exe=Windows Yükleyici Hizmeti Güncelleþtiriliyor
HPZpnp01.exe=Donaným kontrol ediliyor
HPZscr01.exe=Yükleme kaldýrýlýyor
HPZwrp01.exe=Ek Yazýlým Yükleniyor
HPZarp01.exe=Program Ekle/Kaldýr giriþleri oluþturuluyor
HPZrcv01.exe=Geri Dönüþ Noktasý Ayarlanýyor
HPZdui01.exe=Aygýt baðlanýyor
HPZshl01.exe=Sistem denetleniyor
HPZopt01.exe=Kullanýcý giriþi bekleniyor
HPZsui01.exe=Kullanýcý giriþi bekleniyor
HPZrein01.exe=Kullanýcý giriþi bekleniyor
HPZtim01.exe=Kullanýcý giriþi bekleniyor
[MSI]
Launchbase=msiexec.exe
InstallDir=%ProgramFiles%%Manufacturer%\
[MSI.SelfInstallingPortMonitor]
InstallDir=%System%
Filename=%sourcepath%setup\SIPM\HP_Standard_Port_Monitor.msi
RefCount=No
UI=No
IgnoreNewerVersion=No
SkipIfSilent=No
SkipOnReinstall=DRV
Logfilename=%Temp%%DIVISION%MSI_PortMonitor.log
TRANSFORMS=SIPM\%langid%.MST
[Recovery.LogAnalysis]
CollectLogs=Yes
[Recovery.Startup]
1=%Recovery%setup\hpzrcv01.exe -f ..\%autorunName% -recover
[Recovery.Recover]
1=%Recovery%setup\hpzscr01.exe -datfile .\%ProductScrubberDatfile% -d MsiUninstaller -unattended -forcereboot
[Recovery.SetupQuit]
launchbase=%sourcepath%Setup\
1=hpzrcv01.exe -unsetrecovery
[Uninstall.ERROR_FAILURE_CLEANUP]
launchbase=%sourcepath%Setup\
1=hpzrcv01.exe -recover -logs
2=hpzscr01.exe -datfile %ProductScrubberDatfile% -latest -d MsiUninstaller -unattended
[Recovery.MSIOnly.Startup]
1=%recovery%setup\hpzrcv01.exe -f ..\%autorunName% -recover MSIOnly -logs
[Recovery.MSIOnly.Recover]
SWOnly=Yes
1=%recovery%setup\hpzscr01.exe -datfile %MsiRollbackDatFile% -unattended -forcereboot
[Recovery.MSIOnly.Error_Failure_Cleanup]
1=hpzrcv01.exe -recover MSIOnly -logs
[Run.SetRecovery]
launchbase=%sourcepath%setup\
1=hpzprl01.exe -m PreloadRecoveryMechanism
2=hpzrcv01.exe -setrecovery
[Run.CommitProduct]
launchbase=%sourcepath%setup\
1=hpzmsi01.exe -commit
2=..\%setupName% -commitGuid %CDGuid%
3=hpzrcv01.exe -setrecovery MSIOnly
[Run.CommitFull]
launchbase=%sourcepath%setup\
1=hpzmsi01.exe -commit
2=hpzrcv01.exe -unsetrecovery
[FilesThatForceReboot]
1=mscoree.dll
2=MICROS~1.NET\FRAMEW~1\V11~1.432
3=Microsoft.NET\Framework\v1.1.4322
[WUP]
SecondsToWaitForConnection=30
SecondsToWaitForDownloadComplete=600
[Shield.ICEPreShield]
1=SynTPEnh
2=QTTask
3=.NETUninstall
4=CommonAdminTools
5=MsiExec
6=PlugPlay
7=LocalSoftware
8=LocalSystem
9=EnumRegKey
10=Config.Msi
11=ICE RegKey
12=ClassesRoot
13=softpubDll
14=wintrustDll
15=initpkiDll
16=dssenhDll
17=rsaenhDll
18=gpkcspDll
19=sccbaseDll
20=slbcspDll
21=cryptdlgDll
22=DevicePathRegValue
[Shield.DevicePathRegValue.501]
Manufacturer=Microsoft
IssueType=RegData
Condition=Missing
Action=Autofix
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Value=DevicePath
BlockIfFail=Yes
Data=%SystemRoot%\inf
ReplaceWith=%SystemRoot%\inf
Type=EXPAND_SZ
[Shield.DevicePathRegValue.500]
Manufacturer=Microsoft
IssueType=RegData
Condition=Missing
Action=Autofix
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Value=DevicePath
BlockIfFail=Yes
Data=%SystemRoot%\inf
ReplaceWith=%SystemRoot%\inf
Type=EXPAND_SZ
[Shield.DevicePathRegValue.490]
Manufacturer=Microsoft
IssueType=RegData
Condition=Missing
Action=Autofix
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Value=DevicePath
BlockIfFail=Yes
Data=%windows%inf
ReplaceWith=%Windows%inf
[Shield.DevicePathRegValue.410]
Manufacturer=Microsoft
IssueType=RegData
Condition=Missing
Action=Autofix
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Value=DevicePath
BlockIfFail=Yes
Data=%windows%inf
ReplaceWith=%Windows%inf
[Shield.CloseIZApps]
1=hpqselsk
2=hpqcopy
3=hpqgalry
4=hpqiscfg
5=hpqimvac
6=hpqpos
7=hpqvapa
[Shield.SynTPEnh]
IssueType=Process
MaxVersion=0x0005000000000893
MinVersion=0x0005000000000893
Manufacturer=HP
Action=Autofix
BlockIfFail=Yes
[Shield.QTTask]
IssueType=Process
MaxVersion=0x0006000100000000
MinVersion=0x0000000000000000
Manufacturer=Apple
Action=Autofix
BlockIfFail=Yes
[Shield..NETUninstall]
IssueType=RebootFile
Manufacturer=Microsoft
Action=Autofix
1=mscoree.dll
2=MICROS~1.NET\FRAMEW~1\V11~1.432
3=Microsoft.NET\Framework\v1.1.4322
Return=Reboot
BlockIfFail=No
[Shield.CommonAdminTools]
Manufacturer=Microsoft
IssueType=RegData
Condition=Contains
Action=Autofix
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Value=Common Administrative Tools
Data=<Common Administrative Tools>.All Users\
ReplaceWith=%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools
Type=EXPAND_SZ
BlockIfFail=Yes
[Shield.MsiExec]
IssueType=Service
ServiceName=MSIServer
Manufacturer=Microsoft
Action=FIX
Condition=DISABLED
DisplayName=Windows Installer
BlockIfFail=Yes
[Shield.PlugPlay]
IssueType=Service
ServiceName=PlugPlay
Manufacturer=Microsoft
Action=FIX
Condition=STOPPED
DisplayName=Plug and Play
BlockIfFail=Yes
[Shield.LocalSoftware.500]
Manufacturer=Microsoft
IssueType=RegKey
Action=Autofix
Condition=NotWriteable
Key=HKEY_LOCAL_MACHINE\SOFTWARE
DisplayName=LocalSoftware
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
CheckCreatedKey=Yes
[Shield.LocalSoftware.501]
Manufacturer=Microsoft
IssueType=RegKey
Action=Autofix
Condition=NotWriteable
Key=HKEY_LOCAL_MACHINE\SOFTWARE
DisplayName=LocalSoftware
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
CheckCreatedKey=Yes
[Shield.LocalSystem.500]
Manufacturer=Microsoft
IssueType=RegKey
Action=Autofix
Condition=NotWriteable
Key=HKEY_LOCAL_MACHINE\SYSTEM
DisplayName=LocalSystem
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
[Shield.LocalSystem.501]
Manufacturer=Microsoft
IssueType=RegKey
Action=Autofix
Condition=NotWriteable
Key=HKEY_LOCAL_MACHINE\SYSTEM
DisplayName=LocalSystem
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
[Shield.EnumRegKey.500]
IssueType=RegKey
Manufacturer=Microsoft
DisplayName=Enum
Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
Condition=NotWriteable
Action=AutoFix
BlockIfFail=Yes
Recurse=Yes
OverwriteDacl=Yes
CheckAccess=SystemAccess
SetAccess=SystemAccess
Timeout=10
[Shield.EnumRegKey.501]
IssueType=RegKey
Manufacturer=Microsoft
DisplayName=Enum
Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
Condition=NotWriteable
Action=AutoFix
BlockIfFail=Yes
Recurse=Yes
OverwriteDacl=Yes
CheckAccess=SystemAccess
SetAccess=SystemAccess
Timeout=10
[Shield.Config.Msi]
IssueType=Folder
Manufacturer=Microsoft Corporation
FolderName=%WindowsDrive%Config.Msi
Action=AUTOFIX
Condition=~EXIST
HIDDEN=Y
[Shield.ICE RegKey]
IssueType=RegKey
Manufacturer=HP
DisplayName=ICE
Key=HKEY_LOCAL_MACHINE\SOFTWARE\ICE
Condition=NotWriteable
Action=Autofix
BlockIfFail=Yes
Recurse=Yes
OverwriteDacl=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
Timeout=10
[Shield.ClassesRoot.500]
IssueType=RegKey
Manufacturer=Microsoft
DisplayName=HKEY_CLASSES_ROOT
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes
Condition=NotWriteable
Action=Autofix
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
CheckCreatedKey=Yes
[Shield.ClassesRoot.501]
IssueType=RegKey
Manufacturer=Microsoft
DisplayName=HKEY_CLASSES_ROOT
Key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes
Condition=NotWriteable
Action=Autofix
BlockIfFail=Yes
Recurse=No
OverwriteDacl=No
SetOnlyIfInvalid=Yes
CheckAccess=CommonSidList
SetAccess=CommonSidList
CheckCreatedKey=Yes
[Shield.hpqselsk.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqselsk.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqcopy.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqcopy.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqgalry.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqgalry.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqiscfg.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Instant Share
BlockIfFail=Yes
[Shield.hpqiscfg.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Instant Share
BlockIfFail=Yes
[Shield.hpqimvac.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqimvac.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqpos.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqpos.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqvapa.410]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.hpqvapa.490]
IssueType=Process
Manufacturer=HP
Action=FIX
Condition=Exist
DisplayName=HP Image Zone
BlockIfFail=Yes
[Shield.DXQVPFix]
1=QVP32
[Shield.QVP32]
Manufacturer=Microsoft
IssueType=RegData
Condition=Contains
Action=Autofix
Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value=DXDllRegExe
Data=dxdllreg.exe
ReplaceWith=%system%dxdllreg.exe
BlockIfFail=Yes
[Shield.CompositeDev]
1=USBInf
2=certclas
3=USBCCGP
[Shield.USBCheck]
1=USBInf
2=USBPrint
3=USBStor
4=USBScan
5=NTPrint
6=certclas
7=USBCCGP
[Shield.Printer]
1=PrintSpooler
2=ReadOnlyPNFs
3=USBPrint
4=NTPrint
5=certclas
6=PrintCoinstaller
8=LegoRegKey
9=LegoRegData
[Shield.PnP.Printer]
1=USBPrint
[Shield.MassStorage]
1=Roxio
2=USBStor
3=certclas
4=hpusbfd
6=USBCCGP
[Shield.PnP.MassStorage]
1=USBStor
[Shield.Scanner]
1=ReadOnlyPNFs
2=USBScan
3=certclas
5=USBCCGP
[Shield.PnP.Scanner]
1=USBScan
[Shield.Camera]
1=ReadOnlyPNFs
2=certclas
[Shield.PnPFiles]
1=USBInf
2=certclas
3=USBCCGP
[Shield.USBInf.410]
DisplayName=USB.inf
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=%windows%system32\drivers\usbhub.sys
SectionToInstall=UniversalHCD.Dev
MinVersion=0
DriverSysMinVersion=4000A000007CE
Manufacturer=Microsoft
[Shield.USBInf.490]
DisplayName=USB.inf
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=%windows%system32\drivers\usbhub.sys
SectionToInstall=UniversalHCD.Dev
MinVersion=0
DriverSysMinVersion=4005A0BB80000
Manufacturer=Microsoft
[Shield.USBCCGP.490]
DisplayName=USB.inf
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=%windows%system32\drivers\usbccgp.sys
SectionToInstall=StandardHub.Dev
MinVersion=0
DriverSysMinVersion=4005A0BB80000
Manufacturer=Microsoft
[Shield.USBInf.500]
DisplayName=USB
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=usbhub.sys
SectionToInstall=Composite.Dev.NT
MinVersion=5000008870001
DriverSysMinVersion=5000008850001
Manufacturer=Microsoft
[Shield.USBInf.501]
DisplayName=USB
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=usbccgp.sys
SectionToInstall=Composite.Dev.NT
MinVersion=500010A280000
DriverSysMinVersion=500010A280000
Manufacturer=Microsoft
[Shield.USBPrint.490]
DisplayName=USBPrint
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usb.inf
DriverSysName=%windows%system32\drivers\usbprint.sys
SectionToInstall=UniversalHCD.Dev
MinVersion=0
DriverSysMinVersion=4005A0BB80000
Manufacturer=Microsoft
[Shield.USBPrint.500]
DisplayName=USBPrint
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usbprint.inf
DriverSysName=usbprint.sys
SectionToInstall=USBPRINT_Inst.NT
MinVersion=5000008870001
DriverSysMinVersion=5000008740001
Manufacturer=Microsoft
[Shield.USBPrint.501]
DisplayName=USBPrint
IssueType=SystemDriver
Condition=~Exists
DriverInfName=usbprint.inf
DriverSysName=usbprint.sys
SectionToInstall=USBPRINT_Inst.NT
MinVersion=500010A280000
DriverSysMinVersion=500010A280000
Manufacturer=Microsoft
[Shield.NTPrint.500]
DisplayName=NTPrint
IssueType=SystemDriver
Condition=~Exists
DriverInfName=ntprint.inf
DriverSysName=
SectionToInstall=
MinVersion=0
Manufacturer=Microsoft
[Shield.NTPrint.501]
DisplayName=NTPrint
IssueType=SystemDriver
Condition=~Exists
DriverInfName=ntprint.inf
DriverSysName=
SectionToInstall=
MinVersion=0
Manufacturer=Microsoft
[Shield.certclas.500]
DisplayName=Certclas.inf
IssueType=SystemDriver
Condition=~Exists
DriverInf
0
Réponse 47 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Relance le programme Suspects Files.
* Coche uniquement cette case, décoche tout le reste :

- Recent Files,

règle la sur 120 jours

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

@+
0
Réponse 48 / 86
Simon65 Messages postés 123 Statut Membre 1
 
------------------------------------------------------------Rapport SuspectFile

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 24/07/2007
Time: 12:50:08

Output limited to:
-Recent files

===================== Recent files (120 days old)=====================

----- recent files in C:\
29/03/2007 16:12:00 268 byte 117 days old -- sqmdata19.sqm
29/03/2007 17:01:37 268 byte 117 days old -- sqmdata00.sqm
06/04/2007 09:16:02 232 byte 109 days old -- sqmdata01.sqm
06/04/2007 09:20:37 232 byte 109 days old -- sqmdata02.sqm
06/04/2007 09:25:48 268 byte 109 days old -- sqmdata03.sqm
07/04/2007 08:30:41 (DIR) 0 byte 108 days old -- Documents and Settings
28/04/2007 13:17:57 268 byte 87 days old -- sqmdata04.sqm
12/05/2007 18:57:56 232 byte 73 days old -- sqmdata05.sqm
21/05/2007 19:40:31 137878 byte 64 days old -- TempPic.bmp
27/05/2007 13:26:39 268 byte 58 days old -- sqmdata06.sqm
28/05/2007 16:56:48 4158 byte 57 days old -- nsf452.tmp
03/06/2007 18:24:53 244 byte 51 days old -- sqmnoopt04.sqm
03/06/2007 18:31:13 244 byte 51 days old -- sqmnoopt05.sqm
09/06/2007 20:12:42 268 byte 45 days old -- sqmdata07.sqm
09/06/2007 20:12:42 244 byte 45 days old -- sqmnoopt06.sqm
10/06/2007 08:13:22 244 byte 44 days old -- sqmnoopt07.sqm
12/06/2007 19:40:55 244 byte 42 days old -- sqmnoopt08.sqm
12/06/2007 19:58:46 244 byte 42 days old -- sqmnoopt09.sqm
13/06/2007 14:15:48 136 byte 41 days old -- sqmnoopt10.sqm
13/06/2007 20:21:18 268 byte 41 days old -- sqmdata08.sqm
13/06/2007 20:21:18 244 byte 41 days old -- sqmnoopt11.sqm
15/06/2007 16:23:03 268 byte 39 days old -- sqmdata09.sqm
15/06/2007 16:23:03 244 byte 39 days old -- sqmnoopt12.sqm
16/06/2007 14:58:48 244 byte 38 days old -- sqmnoopt13.sqm
16/06/2007 20:23:20 244 byte 38 days old -- sqmnoopt14.sqm
16/06/2007 20:23:20 268 byte 38 days old -- sqmdata10.sqm
17/06/2007 20:43:55 268 byte 37 days old -- sqmdata11.sqm
17/06/2007 20:43:55 244 byte 37 days old -- sqmnoopt15.sqm
21/06/2007 19:48:06 244 byte 33 days old -- sqmnoopt16.sqm
26/06/2007 17:24:17 244 byte 28 days old -- sqmnoopt17.sqm
28/06/2007 07:53:37 244 byte 26 days old -- sqmnoopt18.sqm
29/06/2007 14:58:30 244 byte 25 days old -- sqmnoopt19.sqm
29/06/2007 14:58:35 244 byte 25 days old -- sqmnoopt00.sqm
29/06/2007 14:58:39 244 byte 25 days old -- sqmnoopt01.sqm
01/07/2007 16:37:08 268 byte 23 days old -- sqmdata12.sqm
01/07/2007 16:37:08 244 byte 23 days old -- sqmnoopt02.sqm
01/07/2007 22:07:09 268 byte 23 days old -- sqmdata13.sqm
01/07/2007 22:07:09 244 byte 23 days old -- sqmnoopt03.sqm
19/07/2007 15:47:59 (DIR) 0 byte 5 days old -- Downloads
20/07/2007 15:32:28 (DIR) 0 byte 4 days old -- temp
20/07/2007 15:40:45 (DIR) 0 byte 4 days old -- Python22
20/07/2007 19:43:11 (DIR) 0 byte 4 days old -- Config.Msi
23/07/2007 11:38:06 774 byte 1 days old -- rapport_clean.txt
23/07/2007 11:53:45 (DIR) 0 byte 1 days old -- QooBox
23/07/2007 12:10:43 2000 byte 1 days old -- ComboFix-quarantined-files.txt
23/07/2007 12:11:08 12847 byte 1 days old -- ComboFix.txt
23/07/2007 12:11:21 (DIR) 0 byte 1 days old -- ComboFix
23/07/2007 16:58:03 1397 byte 1 days old -- rapport.txt
23/07/2007 17:06:01 296 byte 1 days old -- boot.ini
23/07/2007 17:07:23 (DIR) 0 byte 1 days old -- System Volume Information
24/07/2007 09:06:48 1509949440 byte 0 days old -- pagefile.sys
24/07/2007 09:06:50 (DIR)1005113344 byte 0 days old -- hiberfil.sys
24/07/2007 09:08:20 1612 byte 0 days old -- cleannavi.txt
24/07/2007 09:16:07 (DIR) 0 byte 0 days old -- _OTMoveIt
24/07/2007 11:17:45 (DIR) 0 byte 0 days old -- Program Files
24/07/2007 11:22:44 (DIR) 0 byte 0 days old -- WINDOWS
24/07/2007 11:24:27 (DIR) 0 byte 0 days old -- Nexon
24/07/2007 12:50:07 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
07/04/2007 08:22:08 (DIR) 0 byte 108 days old -- SxsCaPendDel
07/04/2007 15:52:19 (DIR) 0 byte 108 days old -- pchealth
10/04/2007 19:27:37 44 byte 105 days old -- pp80.INI
12/04/2007 03:08:10 (DIR) 0 byte 103 days old -- msagent
14/04/2007 20:39:50 (DIR) 0 byte 101 days old -- security
15/04/2007 17:39:50 20 byte 100 days old -- powerplayer.ini
15/04/2007 17:40:45 384 byte 100 days old -- psnetwork.ini
22/04/2007 10:42:32 1039000 byte 93 days old -- setupapi.log.0.old
22/04/2007 12:29:03 (DIR) 0 byte 93 days old -- Registration
22/04/2007 16:11:58 737280 byte 93 days old -- iun6002.exe
22/04/2007 22:12:35 74240 byte 93 days old -- ST6UNST.EXE
22/04/2007 22:12:37 1413120 byte 93 days old -- Setupbaby.exe
23/04/2007 17:52:41 (DIR) 0 byte 92 days old -- Downloaded Installations
17/05/2007 10:10:32 (DIR) 0 byte 68 days old -- twain_32
17/05/2007 10:11:56 113061 byte 68 days old -- hpoins07.dat
13/06/2007 12:30:36 (DIR) 0 byte 41 days old -- $hf_mig$
13/06/2007 20:17:52 (DIR) 0 byte 41 days old -- ie7updates
17/06/2007 00:11:58 51200 byte 37 days old -- nircmd.exe
18/06/2007 19:22:53 (DIR) 0 byte 36 days old -- Help
18/06/2007 19:22:54 (DIR) 0 byte 36 days old -- SoftwareDistribution
22/06/2007 20:26:55 (DIR) 0 byte 32 days old -- prefTransLM20
22/06/2007 20:26:55 (DIR) 0 byte 32 days old -- PrefsLM01
23/06/2007 18:16:09 (DIR) 0 byte 31 days old -- BricoPacks
23/06/2007 18:26:28 3888054 byte 31 days old -- BricoPack Wallpaper.bmp
23/06/2007 18:26:47 90382 byte 31 days old -- BricoPackUninst.cmd
23/06/2007 18:26:47 90382 byte 31 days old -- BricoPackUninst.txt
23/06/2007 18:26:49 3479 byte 31 days old -- BricoPackFoldersDelete.cmd
23/06/2007 18:53:22 (DIR) 0 byte 31 days old -- Media
23/06/2007 18:53:23 (DIR) 0 byte 31 days old -- Cursors
03/07/2007 20:22:32 1900 byte 21 days old -- WININIT.INI
09/07/2007 11:10:22 (DIR) 0 byte 15 days old -- Fonts
09/07/2007 13:13:17 246512 byte 15 days old -- nmconew.dll
19/07/2007 17:46:00 (DIR) 0 byte 5 days old -- WinSxS
19/07/2007 18:16:27 (DIR) 0 byte 5 days old -- Microsoft.NET
20/07/2007 00:47:22 109056 byte 4 days old -- catchme.exe
20/07/2007 14:53:19 (DIR) 0 byte 4 days old -- pss
20/07/2007 16:04:06 (DIR) 0 byte 4 days old -- assembly
20/07/2007 18:26:24 (DIR) 0 byte 4 days old -- Debug
20/07/2007 18:43:01 (DIR) 0 byte 4 days old -- Installer
23/07/2007 10:10:04 0 byte 1 days old -- Sti_Trace.log
23/07/2007 11:35:04 (DIR) 0 byte 1 days old -- Downloaded Program Files
23/07/2007 11:55:41 (DIR) 0 byte 1 days old -- erdnt
23/07/2007 16:54:56 (DIR) 0 byte 1 days old -- Tasks
23/07/2007 17:06:01 707 byte 1 days old -- win.ini
23/07/2007 17:06:01 227 byte 1 days old -- system.ini
23/07/2007 19:27:09 (DIR) 0 byte 1 days old -- inf
24/07/2007 09:06:03 2580 byte 0 days old -- SchedLgU.Txt
24/07/2007 09:06:54 2048 byte 0 days old -- bootstat.dat
24/07/2007 09:07:15 50 byte 0 days old -- wiaservc.log
24/07/2007 09:07:21 159 byte 0 days old -- wiadebug.log
24/07/2007 10:20:34 (DIR) 0 byte 0 days old -- Temp
24/07/2007 11:17:27 (DIR) 0 byte 0 days old -- system32
24/07/2007 11:22:44 187 byte 0 days old -- sc.INI
24/07/2007 11:25:36 41354 byte 0 days old -- WindowsUpdate.log
24/07/2007 12:50:04 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
13/04/2007 02:14:52 382344 byte 102 days old -- GAME_UNO1.dll
12/07/2007 04:22:00 1055 byte 12 days old -- jinstall-6u2.inf

----- recent files in C:\WINDOWS\system\
20/07/2007 19:42:07 185 byte 4 days old -- hpsysdrv.DAT

----- recent files in C:\WINDOWS\system32\
06/04/2007 09:16:01 89888 byte 109 days old -- GDIPFONTCACHEV1.DAT
07/04/2007 13:44:10 (DIR) 0 byte 108 days old -- MAGIX
13/04/2007 03:21:14 271360 byte 102 days old -- mscoree.dll
16/04/2007 17:53:11 1049600 byte 99 days old -- kernel32.dll
16/04/2007 22:43:44 30072 byte 99 days old -- mucltui.dll.mui
16/04/2007 22:44:18 208248 byte 99 days old -- muweb.dll
16/04/2007 22:44:20 271224 byte 99 days old -- mucltui.dll
16/04/2007 22:45:06 38232 byte 99 days old -- wucltui.dll.mui
16/04/2007 22:45:20 68440 byte 99 days old -- wuauclt.exe
16/04/2007 22:45:20 43352 byte 99 days old -- wups2.dll
16/04/2007 22:45:28 92504 byte 99 days old -- cdm.dll
16/04/2007 22:45:36 203096 byte 99 days old -- wuweb.dll
16/04/2007 22:45:40 215896 byte 99 days old -- wuaucpl.cpl
16/04/2007 22:45:42 21336 byte 99 days old -- wuaueng.dll.mui
16/04/2007 22:45:42 325976 byte 99 days old -- wucltui.dll
16/04/2007 22:45:48 549720 byte 99 days old -- wuapi.dll
16/04/2007 22:45:54 1710936 byte 99 days old -- wuaueng.dll
16/04/2007 22:46:54 30040 byte 99 days old -- wuapi.dll.mui
16/04/2007 22:47:26 30040 byte 99 days old -- wuaucpl.cpl.mui
16/04/2007 22:47:36 33624 byte 99 days old -- wups.dll
17/04/2007 11:32:38 2455488 byte 98 days old -- ieapfltr.dat
18/04/2007 18:14:18 2854400 byte 97 days old -- msi.dll
24/04/2007 09:34:57 161792 byte 91 days old -- ieakui.dll
24/04/2007 12:00:29 56832 byte 91 days old -- ie4uinit.exe
24/04/2007 16:26:20 13824 byte 91 days old -- ieudinit.exe
24/04/2007 19:17:42 389120 byte 91 days old -- bfurprgjc.exe
25/04/2007 09:38:53 124928 byte 90 days old -- advpack.dll
25/04/2007 09:38:55 132608 byte 90 days old -- extmgr.dll
25/04/2007 09:38:57 230400 byte 90 days old -- ieaksie.dll
25/04/2007 09:38:57 153088 byte 90 days old -- ieakeng.dll
25/04/2007 09:38:59 383488 byte 90 days old -- ieapfltr.dll
25/04/2007 09:39:04 384512 byte 90 days old -- iedkcs32.dll
25/04/2007 09:39:24 6058496 byte 90 days old -- ieframe.dll
25/04/2007 09:39:25 44544 byte 90 days old -- iernonce.dll
25/04/2007 09:39:26 267776 byte 90 days old -- iertutil.dll
25/04/2007 09:39:32 27648 byte 90 days old -- jsproxy.dll
25/04/2007 09:39:32 1793024 byte 90 days old -- inetcpl.cpl
25/04/2007 09:39:35 52224 byte 90 days old -- msfeedsbs.dll
25/04/2007 09:39:35 459264 byte 90 days old -- msfeeds.dll
25/04/2007 09:40:06 477696 byte 90 days old -- mshtmled.dll
25/04/2007 09:40:07 193024 byte 90 days old -- msrating.dll
25/04/2007 09:40:12 670720 byte 90 days old -- mstime.dll
25/04/2007 09:40:13 62464 byte 90 days old -- url.dll
25/04/2007 09:40:13 163840 byte 90 days old -- occache.dll
25/04/2007 09:40:18 1225728 byte 90 days old -- urlmon.dll
25/04/2007 09:40:21 393728 byte 90 days old -- webcheck.dll
25/04/2007 09:40:25 813568 byte 90 days old -- wininet.dll
25/04/2007 16:22:35 144896 byte 90 days old -- schannel.dll
30/04/2007 17:35:28 95872 byte 85 days old -- AvastSS.scr
30/04/2007 17:46:10 745600 byte 85 days old -- aswBoot.exe
02/05/2007 17:23:20 98304 byte 83 days old -- CmdLineExt.dll
08/05/2007 10:59:01 3856384 byte 77 days old -- mshtml.dll
09/05/2007 20:22:17 118 byte 76 days old -- MRT.INI
16/05/2007 17:13:53 683520 byte 69 days old -- inetcomm.dll
23/05/2007 12:44:40 409 byte 62 days old -- rqstv.ini
01/06/2007 08:20:30 51568 byte 53 days old -- sirenacm.dll
01/06/2007 19:15:57 1101139 byte 53 days old -- brduoqpl.ini
02/06/2007 18:17:35 715105 byte 52 days old -- ttstv.tmp
09/06/2007 07:47:08 971092 byte 45 days old -- ajxbufdb.ini
09/06/2007 14:51:45 453 byte 45 days old -- uvvwa.ini
09/06/2007 20:12:49 931783 byte 45 days old -- qrqss.ini
10/06/2007 18:47:27 4136 byte 44 days old -- jupdate-1.6.0_01-b06.log
12/06/2007 08:35:06 943808 byte 42 days old -- gitworcu.ini
12/06/2007 08:36:01 943746 byte 42 days old -- ywlkevgi.ini
12/06/2007 18:26:58 943808 byte 42 days old -- ydglibsi.ini
13/06/2007 15:24:10 (DIR) 0 byte 41 days old -- DirectX
13/06/2007 17:35:16 404992 byte 41 days old -- ozvmkaj.exe
13/06/2007 20:21:25 923616 byte 41 days old -- fhkmp.ini
16/06/2007 11:17:11 921830 byte 38 days old -- iqdqfeua.ini
16/06/2007 20:23:21 926116 byte 38 days old -- efhkj.ini
17/06/2007 07:21:50 921950 byte 37 days old -- ikxustjl.ini
17/06/2007 20:44:02 935450 byte 37 days old -- hhhkj.ini
18/06/2007 19:21:25 898823 byte 36 days old -- apmmfgxu.ini
19/06/2007 13:12:15 405 byte 35 days old -- oslbognt.ini
19/06/2007 19:22:33 525 byte 35 days old -- xdbtpcvb.ini
20/06/2007 16:28:40 645 byte 34 days old -- yhliktyg.ini
21/06/2007 19:26:07 909322 byte 33 days old -- ncbefmuh.ini
22/06/2007 12:25:47 908512 byte 32 days old -- wdvnuoxm.ini
22/06/2007 13:13:29 908574 byte 32 days old -- nukestlt.ini
22/06/2007 14:27:58 908695 byte 32 days old -- yswjwbur.ini
22/06/2007 18:26:35 914525 byte 32 days old -- juxrrnnk.ini
23/06/2007 12:01:02 914587 byte 31 days old -- xihqamgl.ini
23/06/2007 18:53:20 (DIR) 0 byte 31 days old -- usmt
23/06/2007 18:53:24 (DIR) 0 byte 31 days old -- dllcache
23/06/2007 18:54:10 914587 byte 31 days old -- onffqirk.ini
25/06/2007 16:18:05 914587 byte 29 days old -- abnylddo.ini
26/06/2007 17:24:59 923710 byte 28 days old -- nvesxecn.ini
27/06/2007 08:59:16 917819 byte 27 days old -- tjeohaoh.ini
27/06/2007 11:17:41 917956 byte 27 days old -- nmshhqbu.ini
28/06/2007 09:57:27 16256984 byte 26 days old -- MRT.exe
29/06/2007 13:44:33 959937 byte 25 days old -- cmdnmvay.ini
30/06/2007 19:05:51 999627 byte 24 days old -- xoefnhfv.ini
01/07/2007 10:25:47 999747 byte 23 days old -- bqmodces.ini
01/07/2007 16:53:52 254976 byte 23 days old -- ehbtbx.exe
01/07/2007 17:04:17 999867 byte 23 days old -- qoaybjam.ini
02/07/2007 09:16:44 959936 byte 22 days old -- dmyyeoco.ini
02/07/2007 16:54:48 999565 byte 22 days old -- ioeljlbu.ini
02/07/2007 17:00:20 999566 byte 22 days old -- niarkgbr.ini
04/07/2007 17:53:04 (DIR) 0 byte 20 days old -- CatRoot
04/07/2007 17:54:28 (DIR) 0 byte 20 days old -- DRVSTORE
05/07/2007 08:43:19 1051662 byte 19 days old -- mxhhwwxn.ini
06/07/2007 08:03:42 1051901 byte 18 days old -- fvdoifch.ini
06/07/2007 17:02:44 1052021 byte 18 days old -- ammkcaws.ini
06/07/2007 17:03:41 1053727 byte 18 days old -- uwihghls.ini
07/07/2007 08:11:04 2102237 byte 17 days old -- vwabkxtr.ini
07/07/2007 08:12:17 2097365 byte 17 days old -- ivpwdgiu.ini
07/07/2007 15:31:53 1054387 byte 17 days old -- haddgxnb.ini
08/07/2007 09:08:02 1167648 byte 16 days old -- ssjfxppp.ini
08/07/2007 09:08:22 1178444 byte 16 days old -- rffbmpnq.ini
09/07/2007 07:56:04 1177093 byte 15 days old -- hpggpmae.ini
09/07/2007 07:57:22 1184703 byte 15 days old -- ronqtxxj.ini
09/07/2007 23:15:26 552 byte 15 days old -- d3d8caps.dat
10/07/2007 08:31:21 419976 byte 14 days old -- FNTCACHE.DAT
12/07/2007 01:22:00 135168 byte 12 days old -- java.exe
12/07/2007 01:22:04 135168 byte 12 days old -- javaw.exe
12/07/2007 02:22:36 69632 byte 12 days old -- javacpl.cpl
12/07/2007 02:22:38 139264 byte 12 days old -- javaws.exe
12/07/2007 13:17:56 664 byte 12 days old -- d3d9caps.dat
19/07/2007 17:47:02 420372 byte 5 days old -- perfh009.dat
19/07/2007 17:47:02 487870 byte 5 days old -- perfh00C.dat
19/07/2007 17:47:02 70836 byte 5 days old -- perfc009.dat
19/07/2007 17:47:02 84060 byte 5 days old -- perfc00C.dat
19/07/2007 17:47:02 1038358 byte 5 days old -- PerfStringBackup.INI
19/07/2007 17:59:18 3121 byte 5 days old -- CONFIG.NT
20/07/2007 18:26:24 (DIR) 0 byte 4 days old -- LogFiles
20/07/2007 18:42:55 5071 byte 4 days old -- jupdate-1.6.0_02-b06.log
22/07/2007 10:54:52 (DIR) 0 byte 2 days old -- FxsTmp
22/07/2007 18:39:27 279552 byte 2 days old -- swreg.exe
23/07/2007 11:57:49 (DIR) 0 byte 1 days old -- config
23/07/2007 12:07:09 (DIR) 0 byte 1 days old -- drivers
23/07/2007 16:54:57 1438 byte 1 days old -- tmp.reg
23/07/2007 16:54:57 0 byte 1 days old -- tmp.txt
23/07/2007 17:07:23 (DIR) 0 byte 1 days old -- Restore
23/07/2007 19:27:07 (DIR) 0 byte 1 days old -- CatRoot2
24/07/2007 09:07:40 1158 byte 0 days old -- wpa.dbl

----- recent files in C:\WINDOWS\system32\drivers\
26/04/2007 10:21:30 302000 byte 89 days old -- fwdrv.sys
26/04/2007 10:21:34 72624 byte 89 days old -- khips.sys
30/04/2007 17:37:23 26888 byte 85 days old -- aavmker4.sys
30/04/2007 17:38:51 43176 byte 85 days old -- aswTdi.sys
30/04/2007 17:39:41 23416 byte 85 days old -- aswRdr.sys
30/04/2007 17:41:42 94552 byte 85 days old -- aswmon2.sys
30/04/2007 17:41:55 85952 byte 85 days old -- aswmon.sys
30/05/2007 14:10:42 10872 byte 55 days old -- AvgAsCln.sys
13/06/2007 15:24:55 163644 byte 41 days old -- secdrv.sys
23/07/2007 11:59:56 (DIR) 0 byte 1 days old -- etc

----- recent files in C:\WINDOWS\temp\
24/07/2007 09:07:02 16384 byte 0 days old -- Perflib_Perfdata_614.dat
24/07/2007 09:07:13 16384 byte 0 days old -- Perflib_Perfdata_474.dat
24/07/2007 12:48:57 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
02/04/2007 17:19:15 (DIR) 0 byte 113 days old -- LitexMedia
07/04/2007 13:34:57 (DIR) 0 byte 108 days old -- Oberon Media
07/04/2007 13:35:32 (DIR) 0 byte 108 days old -- VCW VicMan's Photo Editor
07/04/2007 14:52:26 (DIR) 0 byte 108 days old -- Alwil Software
11/04/2007 17:57:53 (DIR) 0 byte 104 days old -- 7-Zip
15/04/2007 13:54:50 (DIR) 0 byte 100 days old -- DebugMode
15/04/2007 13:55:39 (DIR) 0 byte 100 days old -- Pure Motion
29/04/2007 18:11:39 (DIR) 0 byte 86 days old -- Vstplugins
29/04/2007 18:41:54 (DIR) 0 byte 86 days old -- Microsoft SQL Server
29/04/2007 18:42:23 (DIR) 0 byte 86 days old -- Uninstall Information
04/05/2007 21:30:03 (DIR) 0 byte 81 days old -- EA GAMES
04/05/2007 21:34:04 (DIR) 0 byte 81 days old -- CyberLink
05/05/2007 17:47:31 (DIR) 0 byte 80 days old -- FT8892
05/05/2007 17:47:50 (DIR) 0 byte 80 days old -- Gamecube to PC converter
06/05/2007 09:43:25 (DIR) 0 byte 79 days old -- PS to USB convert cable
08/05/2007 17:51:48 (DIR) 0 byte 77 days old -- FileFactory Turbo
08/05/2007 18:39:14 (DIR) 0 byte 77 days old -- BitComet
13/05/2007 12:18:32 (DIR) 0 byte 72 days old -- Adobe
16/05/2007 18:40:21 (DIR) 0 byte 69 days old -- HP
09/06/2007 15:38:36 (DIR) 0 byte 45 days old -- uTorrent
13/06/2007 15:16:09 (DIR) 0 byte 41 days old -- Sega
13/06/2007 15:32:01 (DIR) 0 byte 41 days old -- KONAMI
14/06/2007 17:21:30 (DIR) 0 byte 40 days old -- Internet Explorer
19/06/2007 13:11:15 (DIR) 0 byte 35 days old -- Windows Media Player
22/06/2007 20:26:27 (DIR) 0 byte 32 days old -- LM Version-2.0R03-PC-F
23/06/2007 18:13:20 (DIR) 0 byte 31 days old -- Movie Maker
23/06/2007 18:53:22 (DIR) 0 byte 31 days old -- Outlook Express
24/06/2007 16:16:38 (DIR) 0 byte 30 days old -- UberIcon
29/06/2007 15:29:55 (DIR) 0 byte 25 days old -- Spybot - Search & Destroy
04/07/2007 17:53:03 (DIR) 0 byte 20 days old -- Windows Live
04/07/2007 17:54:27 (DIR) 0 byte 20 days old -- MSN Messenger
05/07/2007 09:24:42 (DIR) 0 byte 19 days old -- Microsoft CAPICOM 2.1.0.2
06/07/2007 13:20:45 (DIR) 0 byte 18 days old -- WarRock
08/07/2007 15:21:21 (DIR) 0 byte 16 days old -- CamStudio
09/07/2007 12:10:49 (DIR) 0 byte 15 days old -- Nexon
19/07/2007 14:24:27 1308216 byte 5 days old -- Scanner.exe
19/07/2007 14:59:55 (DIR) 0 byte 5 days old -- Xfire
19/07/2007 15:55:32 (DIR) 0 byte 5 days old -- DAEMON Tools
20/07/2007 15:32:04 (DIR) 0 byte 4 days old -- Winamp
20/07/2007 15:38:50 (DIR) 0 byte 4 days old -- PPMate
20/07/2007 15:40:10 (DIR) 0 byte 4 days old -- InstallShield Installation Information
20/07/2007 16:04:04 (DIR) 0 byte 4 days old -- OpenOffice.org 2.0
20/07/2007 16:09:10 (DIR) 0 byte 4 days old -- Google
20/07/2007 16:48:53 (DIR) 0 byte 4 days old -- CCleaner
20/07/2007 17:03:55 (DIR) 0 byte 4 days old -- Sunbelt Software
20/07/2007 17:38:11 (DIR) 0 byte 4 days old -- backups
20/07/2007 18:42:08 (DIR) 0 byte 4 days old -- Fichiers communs
20/07/2007 18:42:55 (DIR) 0 byte 4 days old -- Java
23/07/2007 08:13:39 (DIR) 0 byte 1 days old -- Grisoft
23/07/2007 11:44:19 (DIR) 0 byte 1 days old -- Mozilla Firefox
23/07/2007 19:27:09 (DIR) 0 byte 1 days old -- Windows Live Safety Center
23/07/2007 20:20:07 11148 byte 1 days old -- hijackthis.log
24/07/2007 09:08:21 (DIR) 0 byte 0 days old -- Navilog1
24/07/2007 09:55:06 (DIR) 0 byte 0 days old -- eMule
24/07/2007 10:27:24 (DIR) 0 byte 0 days old -- Shareaza
24/07/2007 11:17:45 (DIR) 0 byte 0 days old -- MagicSofts
24/07/2007 11:25:10 (DIR) 0 byte 0 days old -- Yahoo!

----- recent files in C:\Program Files\Fichiers communs\
11/05/2007 17:42:30 (DIR) 0 byte 74 days old -- Vbox
20/05/2007 19:35:55 (DIR) 0 byte 65 days old -- Microsoft Shared
13/06/2007 20:21:03 (DIR) 0 byte 41 days old -- System
20/07/2007 15:42:33 (DIR) 0 byte 4 days old -- Real
20/07/2007 16:05:27 (DIR) 0 byte 4 days old -- Sonic Shared
20/07/2007 18:42:08 (DIR) 0 byte 4 days old -- Java

----- recent files in C:\Documents and Settings\Simon2\Application Data\
03/04/2007 09:36:04 (DIR) 0 byte 112 days old -- Macromedia
11/04/2007 17:55:07 (DIR) 0 byte 104 days old -- Google
15/04/2007 17:39:46 (DIR) 0 byte 100 days old -- ppStream
29/04/2007 18:31:15 (DIR) 0 byte 86 days old -- Sony Setup
29/04/2007 18:45:38 (DIR) 0 byte 86 days old -- CyberLink
06/05/2007 09:51:23 (DIR) 0 byte 79 days old -- HP
08/05/2007 17:52:36 (DIR) 0 byte 77 days old -- FileFactory Turbo
16/05/2007 18:40:32 (DIR) 0 byte 69 days old -- Image Zone Express
20/05/2007 19:39:26 (DIR) 0 byte 65 days old -- Adobe
22/06/2007 19:30:02 (DIR) 0 byte 32 days old -- Lavasoft
20/07/2007 15:42:11 (DIR) 0 byte 4 days old -- Real
20/07/2007 15:45:08 (DIR) 0 byte 4 days old -- HPQ
20/07/2007 15:45:09 (DIR) 0 byte 4 days old -- InstallShield
20/07/2007 15:45:53 (DIR) 0 byte 4 days old -- OpenOffice.org2
20/07/2007 15:47:43 (DIR) 0 byte 4 days old -- Sony
20/07/2007 19:17:30 (DIR) 0 byte 4 days old -- Screenshot Sender
21/07/2007 10:38:55 (DIR) 0 byte 3 days old -- Microsoft
21/07/2007 10:39:01 1110 byte 3 days old -- wklnhst.dat
21/07/2007 16:21:29 (DIR) 0 byte 3 days old -- uTorrent
21/07/2007 18:37:07 (DIR) 0 byte 3 days old -- Help
23/07/2007 08:01:45 (DIR) 0 byte 1 days old -- Xfire
23/07/2007 08:14:03 (DIR) 0 byte 1 days old -- Grisoft
24/07/2007 10:27:12 (DIR) 0 byte 0 days old -- Shareaza

----- recent files in C:\DOCUME~1\Simon2\LOCALS~1\Temp\
20/07/2007 15:51:29 109 byte 4 days old -- 888AFB86.TMP
24/07/2007 09:25:42 16384 byte 0 days old -- ~DF6BD4.tmp
24/07/2007 09:25:43 16384 byte 0 days old -- ~DF5DD9.tmp
24/07/2007 10:22:52 (DIR) 0 byte 0 days old -- flashgot.2ndrreir.default
24/07/2007 10:32:51 (DIR) 0 byte 0 days old -- is-I6VS3.tmp
24/07/2007 11:05:31 (DIR) 0 byte 0 days old -- Google Toolbar
24/07/2007 11:25:45 491520 byte 0 days old -- ~DF5DC7.tmp
24/07/2007 11:25:45 491520 byte 0 days old -- ~DF6B9F.tmp
24/07/2007 11:40:20 16384 byte 0 days old -- ~DF955B.tmp
24/07/2007 11:45:25 3574556 byte 0 days old -- clipboardcache
24/07/2007 11:46:19 (DIR) 0 byte 0 days old -- nsq62.tmp
24/07/2007 11:46:22 1404 byte 0 days old -- wmplog00.sqm
24/07/2007 11:48:20 3574556 byte 0 days old -- clipboardcache-1
24/07/2007 12:04:31 3574556 byte 0 days old -- clipboardcache-2
24/07/2007 12:29:10 (DIR) 0 byte 0 days old -- MessengerCache
24/07/2007 12:49:55 16384 byte 0 days old -- ~DFC346.tmp
24/07/2007 12:49:55 (DIR) 0 byte 0 days old -- nsf64.tmp

==========================================
Scan completed in 0 minutes
End of report
0
Réponse 49 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system\brduoqpl.ini

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Fais la même chose avec celui-ci aussi : C:\WINDOWS\system\ronqtxxj.ini

Je crois qu'on a bien avancé, mais tu étais tellement infecté que je cherche à nettoyer au maximum et je trouve plein de fichiers bizarres. Je pense qu'ils sont sont sans danger mais je veux vérifier et les supprimer.

@+

0
Réponse 50 / 86
Simon65 Messages postés 123 Statut Membre 1
 
C:\WINDOWS\system\brduoqpl.ini
C:\WINDOWS\system\ronqtxxj.ini

Ces fichiers sont introuvables :s

C'est normal ?
0
Réponse 51 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

non, mais j'au du oublier de te faire affiher les fichiers et dossiers cachés.
========================================
->Affiches tous les fichiers et dossiers :
cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
========================================

Tu recocheras « afficher les dossiers et fichiers cachés » et « Masquer les fichiers protégés du système d'exploitation (recommandé) » après (laisse bien la troisième décochée).

@+
0
Réponse 52 / 86
Simon65 Messages postés 123 Statut Membre 1
 
Non non j'avais déja tout activé, et pas moyen de les trouver...

Ils sont peut etre déja supprimés...
0
Réponse 53 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

non !!

cherche les dans system32 au lieu de system (c:\windows\system32)

désolé.

@+
0
Réponse 54 / 86
Simon65 Messages postés 123 Statut Membre 1
 
Oui voila, c'est mieux^^ :

C:\WINDOWS\system32\ronqtxxj.ini :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.25.0 2007.07.24 no virus found
AntiVir 7.4.0.44 2007.07.24 no virus found
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 no virus found
AVG 7.5.0.476 2007.07.24 no virus found
BitDefender 7.2 2007.07.24 no virus found
CAT-QuickHeal 9.00 2007.07.24 no virus found
ClamAV devel-20070416 2007.07.24 no virus found
DrWeb 4.33 2007.07.24 no virus found
eSafe 7.0.15.0 2007.07.23 no virus found
eTrust-Vet 31.1.5003 2007.07.24 no virus found
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 no virus found
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 no virus found
Ikarus T3.1.1.8 2007.07.24 no virus found
Kaspersky 4.0.2.24 2007.07.24 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2417 2007.07.24 no virus found
Norman 5.80.02 2007.07.24 no virus found
Panda 9.0.0.4 2007.07.24 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 no virus found
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.24 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 no virus found
Additional information
File size: 1184703 bytes
MD5: 00973f006fb0bb2873a735b3ffe644bb
SHA1: 37d66804f695ea65099e8951ab32fa5c9dd90616

C:\WINDOWS\system\ronqtxxj.ini :

Antivirus Version Last Update Result
AhnLab-V3 2007.7.25.0 2007.07.24 no virus found
AntiVir 7.4.0.44 2007.07.24 no virus found
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 no virus found
AVG 7.5.0.476 2007.07.24 no virus found
BitDefender 7.2 2007.07.24 no virus found
CAT-QuickHeal 9.00 2007.07.24 no virus found
ClamAV devel-20070416 2007.07.24 no virus found
DrWeb 4.33 2007.07.24 no virus found
eSafe 7.0.15.0 2007.07.23 no virus found
eTrust-Vet 31.1.5003 2007.07.24 no virus found
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 no virus found
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 no virus found
Ikarus T3.1.1.8 2007.07.24 no virus found
Kaspersky 4.0.2.24 2007.07.24 no virus found
McAfee 5080 2007.07.23 no virus found
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2417 2007.07.24 no virus found
Norman 5.80.02 2007.07.24 no virus found
Panda 9.0.0.4 2007.07.24 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 no virus found
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 no virus found
VirusBuster 4.3.26:9 2007.07.24 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 no virus found
Additional information
File size: 1184703 bytes
MD5: 00973f006fb0bb2873a735b3ffe644bb
SHA1: 37d66804f695ea65099e8951ab32fa5c9dd90616

Voila...
0
Réponse 55 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

des clones parfaits (même taille, même MD5, même SHA1) !

Ouvres l'explorateutr Windows, cherche un des deux, clic droit dessus, modifier (si tu trouves) ou ouvrir avec (le bloc notes).

Peux tu me copier le contenu ici (uniquement s'il est de petite taille et lisible ) ?
@+
0
Réponse 56 / 86
Simon65 Messages postés 123 Statut Membre 1
 
La taille est énorme et c'est pelin de petit symbole illisible...

Je fais quoi ??
C'est normal ??
0
Réponse 57 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
re,

Pour le moment, on fait ça :

Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.

Antispywares et autres :

*Ad-Aware (gratuit)
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Tuto :
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

*Spybot (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

* AVG AS

AVG anti spyware
https://www.01net.com/telecharger/
Mets le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]

->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
========================================
->Recherche et supprime ces fichiers en gras (si présents) :

fichier ou dossier à détruire <--attention a l'orthographe
suite des fichiers et dossiers
========================================
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]

========================================
->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
========================================
->Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
========================================
->Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
========================================
->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,

[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

Relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Après ça, on aura un peu de temps pour faire la liste de tous les fichiers du type.ini à supprimer.

@+
0
Réponse 58 / 86
Simon65 Messages postés 123 Statut Membre 1
 
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 09:01:08 25/07/2007

+ Résultat de l'analyse:

Rien à signaler.

Fin du rapport

--------------------------------------------------------

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:07:30, on 25/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Simon2\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\Clavier.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\FRAPS.EXE
O4 - HKCU\..\Run: [Clavier+] C:\Documents and Settings\Simon2\Mes documents\Mes Logiciels\Clavier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 59 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour

Crée le répertoire C:\Inutile.

Copi edans ce répertoire tous les fichiers du répertoire C:\Windows\System32 ci-dessous ( a part les 4 prmiers et les 2 ou 3 derniers, ils sont en ordre alphabétique) et supprime les fichiers du répertoire system32

oslbognt.ini
uvvwa.ini
xdbtpcvb.ini
yhliktyg.ini
abnylddo.ini
ajxbufdb.ini
ammkcaws.ini
apmmfgxu.ini
bqmodces.ini
brduoqpl.ini
cmdnmvay.ini
dmyyeoco.ini
efhkj.ini
fhkmp.ini
fvdoifch.ini
gitworcu.ini
haddgxnb.ini
hhhkj.ini
hpggpmae.ini
ikxustjl.ini
ioeljlbu.ini
iqdqfeua.ini
juxrrnnk.ini
mxhhwwxn.ini
ncbefmuh.ini
niarkgbr.ini
nmshhqbu.ini
nukestlt.ini
nvesxecn.ini
onffqirk.ini
qoaybjam.ini
qrqss.ini
rffbmpnq.ini
ronqtxxj.ini
ssjfxppp.ini
tjeohaoh.ini
ttstv.tmp
uwihghls.ini
wdvnuoxm.ini
xihqamgl.ini
xoefnhfv.ini
ydglibsi.ini
yswjwbur.ini
ywlkevgi.ini
ivpwdgiu.ini
vwabkxtr.ini

Quelle est la taille du répertoire après copie ?

pas d'incidence sur le fonctionnement du micro (normalement pas d'incidence).
@+
@+
0
Réponse 60 / 86
Simon65 Messages postés 123 Statut Membre 1
 
Je ne trouve pas les dossier spécifiés dans la liste...Oo

Il ont peut etre déja été supprimés ?

++
0