Verif rapport Hijack Pb ashWebSv_SvcHost.exe

Résolu
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   -  
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Je suis sous XP SP3, antivirus Avast 4.8, pare-feu Windows uniquement je crois (la je suis moins sur).

PB : ds le gestionnaire, je constate plusieurs fois SvcHost.exe et ashWebSv.exe qui pompent 5000-15000 en moyenne et 30000 pr le plus élevé.

J'ai fait un nettoyage avec cCleaner et un scan avec HiJackThis.
De plus, je suis en train d'essayer Safari (sous windows pr ceux qui ont pas suivi !), serai-ce la cause ? gueguerre entre IE, Safari et avast entre les deux ?? je sais plus trop !

Voici le log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:46, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Iconoid\iconoid.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\matthieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Documents and Settings\matthieu\Bureau\recus\telechargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C75A830-FB5D-EBA1-0640-5B27F1EED981} - C:\WINDOWS\fsuyxzpk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [dziyqgwxb] c:\windows\system32\dziyqgwxb.exe dziyqgwxb
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wlaifey] c:\windows\system32\wlaifey.exe wlaifey
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\matthieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EarthView.lnk = C:\Program Files\EarthView\EarthView.exe
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://matlapatat.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F99973C8-43E7-48C4-9EF3-131B67301321} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBFC2F9-B72E-4AFA-B46F-010EF2EBEA2D}: NameServer = 80.10.246.2,80.10.246.129
O18 - Filter hijack: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - D:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\3d-art-surrealism-pictures.jpg
A voir également:

62 réponses

Précédent
Réponse 21 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
RE

Même en mde ss echec, il ne fait rien, aussi bien en tant qu'admin que sur ma session !
Bizarre en effet de le trouver dans un rapport, mais pas dans la liste des programmes, ni dans "program files"

Je vais essayer de le trouver en mode sans echec (j'y avais pas pensé, boulet !), sinon, essayer sans avast, mais avec Antivir pour voir ...

bonne nuit et merci pour tout :=)
0
Réponse 22 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Salut,

on va essayer de voir cela ensemble si tu veux bien ...
mais d'avai qu'il ne reste que les clés run ... mais on va faire quelques vérifs avant ...



1- fais bien ceci :

Avoir accès aux fichiers cachés :

Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remettras les paramètres de départ une fois la désinfection terminée , pas avant ... )


2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\Program Files\Batty\Batty.dll

Cliques sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\Program Files\AXVenore\AXVenore.exe
C:\Program Files\EQBranch\EQBranch.exe

postes moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
0
Réponse 23 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
bonjour,

alors le hic est que AXVenore est toujours introuvable, Batty je l'ai viré manuellement hier. par contre j'ai trouvé un seul fichier "uninstall" dans le dossier EQBranch dans "program files"., voisi le rapport :



EQBranch.exe


Fichier Uninstall.exe reçu le 2008.11.02 00:05:45 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.11.01 -
AntiVir 7.9.0.10 2008.10.31 ADSPY/FCHelp
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 -
AVG 8.0.0.161 2008.11.01 -
BitDefender 7.2 2008.11.01 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.01 -
DrWeb 4.44.0.09170 2008.11.01 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.01 Adware.FCHelp
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.01 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 -
Ikarus T3.1.1.44.0 2008.11.01 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.01 -
McAfee 5420 2008.11.01 -
Microsoft 1.4005 2008.11.01 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.01 Spyware/7r7t
PCTools 4.4.2.0 2008.11.01 Adware.CasinoClient
Prevx1 V2 2008.11.02 Malicious Software
Rising 21.01.52.00 2008.11.01 -
SecureWeb-Gateway 6.7.6 2008.11.01 Ad-Spyware.FCHelp
Sophos 4.35.0 2008.11.01 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.01 -
ViRobot 2008.10.31.1446 2008.10.31 Adware.PurityScan
VirusBuster 4.5.11.0 2008.11.01 Adware.PurityScan.CU

Information additionnelle
File size: 33015 bytes
MD5...: 84a05230b6106e76d4ba31b2c8ceba45
SHA1..: 84c91da22f634fafa4e706f5555e0df3bc1be70a
SHA256: e61b76e0034e9119c54875cd298a83ae24fe8389a1bd11b719be99a3850cbfbe
SHA512: 814259ca789e8301d4e1e912382dcc36ffbe9c448965a88317877b8869b4a5a4<br>926834c04886a2789926bf457c89d912c039239d08c6a7577f77396f60a0096e
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40402d<br>timedatestamp.....: 0x423c2fea (Sat Mar 19 13:58:02 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5b32 0x5c00 6.46 76b0480223a9390fe6cd24cc4494344f<br>.rdata 0x7000 0x11c0 0x1200 5.22 3fcd3bcc4cb3a731007cea57c7f76fc3<br>.data 0x9000 0x260d4 0x400 5.20 47c5eb8732ddd1263c5187f46b0ec7d9<br>.ndata 0x30000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x38000 0x1000 0x800 2.77 57823e56520de49746ad90dcfba1eb6c<br><br>( 8 imports ) <br>> COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create<br>> KERNEL32.dll: ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CopyFileA, ExitProcess, lstrcpynA, GlobalFree, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, lstrcpyA, lstrlenA, GetSystemDirectoryA, MulDiv, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, GetCommandLineA<br>> USER32.dll: ExitWindowsEx, CharNextA, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, EndDialog, ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, DispatchMessageA, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, PeekMessageA<br>> GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject<br>> ADVAPI32.dll: RegEnumValueA, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegEnumKeyA<br>> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA<br>> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9CE290F5F72D97F6804B00DCDBC77900EC6ED0F0
0
Réponse 24 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
bien ...

ne tentes plus de supression manuelle maintenant et fais ceci :

Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Fermes bien toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* cliques ensuite sur " Continue " pour lancer l'analyse ...


( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)


-> laisses faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : postes un rapport, puis l'autre dans la réponse suivante ... si tu essayes de poster les deux en même temps,
cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
coucou
le rapport log.txt est en 2 parties :


Logfile of random's system information tool 1.04 (written by random/random)
Run by matthieu at 2008-11-02 02:21:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 11 GB (36%) free of 31 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:22, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
D:\Documents and Settings\matthieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Documents and Settings\matthieu\Bureau\RSIT.exe
D:\Documents and Settings\matthieu\Bureau\matthieu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C75A830-FB5D-EBA1-0640-5B27F1EED981} - C:\WINDOWS\fsuyxzpk.dll (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\matthieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EarthView.lnk = C:\Program Files\EarthView\EarthView.exe
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://matlapatat.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBFC2F9-B72E-4AFA-B46F-010EF2EBEA2D}: NameServer = 80.10.246.2,80.10.246.129
O18 - Filter hijack: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - D:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\3d-art-surrealism-pictures.jpg
0
Réponse 26 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
rapport log.txtt(2/2)

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C75A830-FB5D-EBA1-0640-5B27F1EED981}]
C:\WINDOWS\fsuyxzpk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2006-02-14 1204224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2006-02-14 1204224]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-09-15 2557952]
"ATIPTA"=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"BOOT"=C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe [2002-08-16 476160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe []
"PCMService"=c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"SCDEmuApp.exe"=C:\Program Files\PowerISO\SCDEmuApp.exe [2005-10-16 167936]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-10 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-22 180269]
"Ulead AutoDetector v2"=C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AXVenore"=C:\Program Files\AXVenore\AXVenore.exe []
"EQBranch"=C:\Program Files\EQBranch\EQBranch.exe []
"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"Iconoid"=C:\Program Files\Iconoid\iconoid.exe [2005-12-03 180736]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2006-01-24 2633728]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=D:\Documents and Settings\matthieu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\APPS\skype\phone\Skype.exe [2006-07-06 19979304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^matthieu^Menu Démarrer^Programmes^Démarrage^GigaTribe.lnk]
C:\PROGRA~1\GIGATR~1\GIGATR~1.EXE [2008-08-04 1070592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^matthieu^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~2.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2
"SNDSrvc"=2
"SAVScan"=3
"navapsvc"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2

D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Documents and Settings\matthieu\Menu Démarrer\Programmes\Démarrage
EarthView.lnk - C:\Program Files\EarthView\EarthView.exe
GigaTribe.lnk - C:\Program Files\GigaTribe\gigatribe.exe
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\TribalWeb\tribalweb.exe"="C:\Program Files\TribalWeb\tribalweb.exe:*:Enabled:tribalweb"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Documents and Settings\matthieu\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="D:\Documents and Settings\matthieu\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{623a69f4-98ce-11da-ae3a-806d6172696f}]
shell\adobe\command - E:\goodies\ar405fre.exe
shell\AutoRun\command - E:\aocsetup.exe /autorun
shell\log\command - E:\goodies\machine\machine.exe -l
shell\machine\command - E:\goodies\machine\machine.exe
shell\setup\command - E:\aocsetup.exe /autorun
shell\zone\command - E:\goodies\mszone\zonea660.exe


======List of files/folders created in the last 2 months======

2008-11-02 02:21:58 ----D---- C:\rsit
2008-11-01 00:04:16 ----D---- D:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-11-01 00:04:16 ----D---- C:\Program Files\Winamp Toolbar
2008-11-01 00:04:05 ----D---- D:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-11-01 00:03:59 ----D---- C:\Program Files\Winamp Remote
2008-11-01 00:02:52 ----D---- D:\Documents and Settings\matthieu\Application Data\Winamp
2008-11-01 00:02:52 ----D---- C:\Program Files\Winamp
2008-10-31 12:48:26 ----D---- D:\Documents and Settings\matthieu\Application Data\Media Player Classic
2008-10-29 20:20:22 ----A---- C:\cleannavi.txt
2008-10-29 19:59:27 ----D---- D:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 01:56:50 ----A---- C:\fixnavi.txt
2008-10-29 01:55:24 ----D---- C:\Program Files\Navilog1
2008-10-28 01:15:18 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 01:06:32 ----D---- D:\Documents and Settings\matthieu\Application Data\Malwarebytes
2008-10-28 01:06:23 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 01:06:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 02:23:07 ----D---- D:\Documents and Settings\matthieu\Application Data\Apple Computer
2008-10-26 02:21:38 ----D---- C:\Program Files\Safari
2008-10-26 02:20:57 ----D---- C:\Program Files\Bonjour
2008-10-26 02:20:40 ----D---- C:\Program Files\Apple Software Update
2008-10-26 02:20:39 ----D---- D:\Documents and Settings\All Users\Application Data\Apple
2008-10-24 12:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 00:56:57 ----D---- C:\Program Files\PTC
2008-10-21 00:41:49 ----D---- C:\Program Files\Real Desktop
2008-10-15 13:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 13:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 13:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 13:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 13:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-26 21:47:16 ----D---- D:\Documents and Settings\matthieu\Application Data\LimeWire
2008-09-26 21:46:37 ----D---- C:\Program Files\LimeWire
2008-09-10 22:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-09-10 22:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 22:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 07:21:41 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-03 22:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

======List of files/folders modified in the last 2 months======

2008-11-02 02:22:03 ----D---- C:\WINDOWS\Prefetch
2008-11-02 01:36:23 ----D---- C:\WINDOWS\Temp
2008-11-02 01:30:49 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 00:48:05 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-01 15:30:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 15:11:39 ----D---- C:\WINDOWS
2008-11-01 09:33:05 ----D---- C:\Program Files\Wanadoo
2008-11-01 02:11:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 00:48:45 ----SHD---- C:\RECYCLER
2008-11-01 00:04:16 ----RD---- C:\Program Files
2008-10-31 22:01:39 ----AD---- C:\WINDOWS\system32
2008-10-31 14:51:29 ----SHD---- C:\WINDOWS\Installer
2008-10-31 14:51:29 ----HD---- C:\Config.Msi
2008-10-29 20:22:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-29 20:01:46 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-29 00:58:00 ----D---- C:\Program Files\BitComet
2008-10-28 01:06:27 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 22:57:25 ----D---- C:\WINDOWS\Debug
2008-10-27 22:56:56 ----D---- C:\WINDOWS\Minidump
2008-10-27 22:17:05 ----D---- C:\Program Files\CCleaner
2008-10-26 21:15:21 ----D---- C:\Program Files\Free Easy Burner
2008-10-26 11:25:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-26 02:21:38 ----D---- C:\WINDOWS\WinSxS
2008-10-24 12:00:42 ----HD---- C:\WINDOWS\inf
2008-10-24 12:00:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 12:00:11 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 00:40:16 ----D---- C:\Program Files\PeerGuardian2
2008-10-20 20:48:43 ----D---- D:\Documents and Settings\matthieu\Application Data\GigaTribe
2008-10-16 20:46:31 ----SD---- C:\WINDOWS\Tasks
2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 13:51:02 ----D---- C:\Program Files\Internet Explorer
2008-10-15 13:50:51 ----D---- C:\WINDOWS\ie7updates
2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 09:17:31 ----D---- C:\WINDOWS\network diagnostic
2008-09-16 17:41:13 ----D---- D:\Documents and Settings\matthieu\Application Data\OpenOffice.org2
2008-09-03 09:15:53 ----D---- C:\Program Files\MSN Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2005-10-16 27171]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-14 1339392]
R3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 hidfltr;HID Filter Driver; C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 13332]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 TinaKey;TinaKey; C:\WINDOWS\system32\drivers\TinaKey.sys []
S3 aug41krr;aug41krr; C:\WINDOWS\system32\drivers\aug41krr.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\matthieu\LOCALS~1\Temp\catchme.sys []
S3 gUSBSTOi;gUSBSTOi; \??\D:\DOCUME~1\matthieu\LOCALS~1\Temp\gUSBSTOi.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-09-16 2257920]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-14 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 MysqlInventime;MysqlInventime; C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
0
Réponse 27 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
et enfin le rapport info.txt

info.txt logfile of random's system information tool 1.04 2008-11-02 02:22:28

======Uninstall list======

-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
-->MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A32C786-85DE-48F8-9E54-848B3E34A90C}\setup.exe" -l0x40c -removeonly
-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 1.05-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{7054ED85-498D-4D20-906F-14646AEC5581}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Drug Lord 2-->C:\Program Files\Drug Lord 2\druglord2.exe remove
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
EarthView V3.8.3-->C:\Program Files\EarthView\Uninstall.exe
Free Easy Burner V 3.8-->"C:\Program Files\Free Easy Burner\unins000.exe"
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
GigaTribe 2.46-->"C:\Program Files\GigaTribe\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
GVAO-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Ord-ixSofts\GVAO\DeIsL1.isu" -c"C:\Program Files\Ord-ixSofts\GVAO\_ISREG32.DLL"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\Documents and Settings\matthieu\Bureau\recus\telechargements\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Iconoid Version 3.8.4-->"C:\Program Files\Iconoid\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
ISSENDIS WebUpdate v6-->"C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\unins000.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jaws PDF Creator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2A227E0-8DEC-11D2-A564-B2890D000000}\setup.exe" -Uninstall
LaCie Backup Software v1.5.2215-->MsiExec.exe /I{6DD9963C-271A-4A14-82B0-4DC148C52E58}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Ludi-->C:\Program Files\Ludi\uninstall.exe
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MegaStore-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78FAAF25-07DA-11D9-B095-009027EC0701}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\DÉSINST.EXE" /runtemp
Microsoft Age of Empires II : The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft AutoRoute v11.0-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
myHouse pour Windows-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\DesignSoft\myHouse pour Windows\Uninst.isu"
Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Navilog1 3.6.7-->"C:\Program Files\Navilog1\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->D:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OFFICE One Zip v6-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Zip v6\unins000.exe"
OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo
P2P Networking-->C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL
Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Packard Bell - Skype 2.5-->"c:\apps\skype\phone\unins000.exe"
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PhotoFiltre-->"c:\Program Files\PhotoFiltre\Uninst.exe"
Pop Art Studio 2.1-->MsiExec.exe /I{6521DDC6-6637-4B2A-87FD-C8C41C5EAD46}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Evolution Soccer 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66} /l1036
Readiris Pro 8-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}\setup.exe" -l0x40c
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
robot-->C:\WINDOWS\ST4UNST.EXE -n "C:\Program Files\robot\ST4UNST.LOG"
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase VST32 Demo-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\Install.log
Super Jeux de Mots-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D08131A-9F36-11D8-B6FF-00C04F4351FF}\setup.EXE" -l0x40c
Tetris-->"C:\Program Files\Tetris\unins000.exe"
UltimateZip 2.7-->"C:\Program Files\UltimateZip 2.7\unins000.exe"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
v1.3.2-->"C:\Program Files\Image2PDF\unins000.exe"
Video Converter 3-->C:\Program Files\Micro Application\Video Convertisseur\Uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"D:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles\n258b5uq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081101-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\PROGRA~1\FICHIE~1\SONICS~1\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

merci d'avance !
0
Réponse 28 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Bien ...

fort interssant ....

Déjà Batty.dll est revenu ... ne supprimes pas ! .... J'aimerais continuer les investigations avant de commencer ...



1- Branches toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !



2- Verifies sur VirusTotal ( copies/colles ceci ) :
E:\goodies\ar405fre.exe
E:\aocsetup.exe
E:\goodies\machine\machine.exe
E:\goodies\mszone\zonea660.exe

Postes moi les 4 rapports obtenus ...
0
Réponse 29 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
coucou, je post un rapport par message si tu le veux bien

Fichier ar405fre.exe reçu le 2008.11.02 20:24:21 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.11.02 -
AntiVir 7.9.0.10 2008.11.02 -
Authentium 5.1.0.4 2008.11.02 -
Avast 4.8.1248.0 2008.11.02 -
AVG 8.0.0.161 2008.11.02 -
BitDefender 7.2 2008.11.02 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.02 -
DrWeb 4.44.0.09170 2008.11.02 -
eSafe 7.0.17.0 2008.11.02 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.02 -
F-Prot 4.4.4.56 2008.11.02 -
F-Secure 8.0.14332.0 2008.11.02 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.02 -
Ikarus T3.1.1.44.0 2008.11.02 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.02 -
McAfee 5421 2008.11.02 -
Microsoft 1.4005 2008.11.02 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.02 -
Prevx1 V2 2008.11.02 -
Rising 21.01.62.00 2008.11.02 -
SecureWeb-Gateway 6.7.6 2008.11.02 -
Sophos 4.35.0 2008.11.02 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.02 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.02 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.11.02 -
Information additionnelle
File size: 5982872 bytes
MD5...: 26a599bd669a33c91bb0df537a060790
SHA1..: bfef2b0d239c76262cd3c3b5939a4be60c355c2c
SHA256: d8367ef5772c6dec0edb8c9c7978c2cba73da1e4d29ae51000d1b4d0eae9c842
SHA512: c28339b265ff3a12278f16eeb7b65657891db998774a84f60cc9fbdbc92c36c6
9e41400bff7338b3902dc9ca28dd218027f6447a5e0df9bc66232b18b6f9790c
PEiD..: InstallShield 2000
TrID..: File type identification
Win32 Executable MS Visual C++ 4.x (56.6%)
InstallShield setup (18.1%)
Win32 Executable MS Visual C++ (generic) (15.8%)
Win32 Executable Generic (3.5%)
Win32 Dynamic Link Library (generic) (3.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40c110
timedatestamp.....: 0x351a66b8 (Thu Mar 26 14:31:20 1998)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10c16 0x10e00 6.54 3661b737327af2b4716bc8d6408044c0
.rdata 0x12000 0x55b 0x600 4.88 60728361d8e88e954c65497f791555c9
.data 0x13000 0x6d34 0x3200 1.70 f8a2385135919496e047f725021eea9e
.idata 0x1a000 0xeaa 0x1000 5.17 6916068ef15055ec5c13a72ba42fd937
.rsrc 0x1b000 0xa2a8 0xa400 4.16 ad77b58dfeac466d1ca1741e6e99073f

( 7 imports )
> KERNEL32.dll: SetFilePointer, CreateDirectoryA, GetPrivateProfileStringA, SetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, WriteFile, DosDateTimeToFileTime, GetProcAddress, DeleteFileA, FreeLibrary, GetTempFileNameA, LoadLibraryA, GetTempPathA, GetSystemDirectoryA, FormatMessageA, lstrcmpA, lstrcpynA, GetLastError, ReadFile, FindResourceA, CompareStringA, CreateProcessA, WaitForSingleObject, GetStartupInfoA, RemoveDirectoryA, FindNextFileA, ExitProcess, MulDiv, GetSystemDefaultLCID, GetModuleFileNameA, lstrcatA, GetFileAttributesA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, Sleep, GetDiskFreeSpaceA, FindFirstFileA, FindClose, lstrcpyA, lstrlenA, LockResource, LoadResource, GetWindowsDirectoryA, CloseHandle, SetStdHandle, LCMapStringW, LCMapStringA, RtlUnwind, GetFileType, GetStdHandle, SetHandleCount, FlushFileBuffers, GetOEMCP, GetACP, GetCPInfo, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, MultiByteToWideChar, GetStringTypeW, GetStringTypeA, WideCharToMultiByte, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersion, GetCommandLineA, GetModuleHandleA, HeapFree, HeapAlloc
> USER32.dll: SendMessageA, TranslateMessage, MessageBoxA, wsprintfA, GetWindowLongA, GetParent, SetWindowTextA, GetWindowTextA, GetWindow, SetDlgItemTextA, EndDialog, SendDlgItemMessageA, CharNextA, DialogBoxParamA, GetClassNameA, IsCharAlphaA, GetDesktopWindow, GetDlgItemTextA, KillTimer, EnableWindow, SetTimer, PostMessageA, SetFocus, CreateDialogParamA, DestroyWindow, GetDlgItem, GetDC, ReleaseDC, ScreenToClient, SetWindowLongA, CreateWindowExA, SystemParametersInfoA, GetClientRect, MapWindowPoints, SetWindowPos, LoadStringA, MessageBeep, GetSysColor, DispatchMessageA, PeekMessageA, GetWindowRect
> GDI32.dll: CreateFontIndirectA, TextOutA, SetTextColor, SelectObject, SetBkMode, GetTextExtentPointA, GetDeviceCaps, GetObjectA, DeleteObject
> COMCTL32.dll: -, PropertySheetA
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA
> LZ32.dll: LZOpenFileA, LZCopy, LZClose

( 0 exports )
packers (F-Prot): CAB
0
Réponse 30 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
rapport aocsetup.exe


Fichier aocsetup.exe reçu le 2008.11.02 20:34:03 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.11.02 -
AntiVir 7.9.0.10 2008.11.02 -
Authentium 5.1.0.4 2008.11.02 -
Avast 4.8.1248.0 2008.11.02 -
AVG 8.0.0.161 2008.11.02 -
BitDefender 7.2 2008.11.02 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.02 -
DrWeb 4.44.0.09170 2008.11.02 -
eSafe 7.0.17.0 2008.11.02 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.02 -
F-Prot 4.4.4.56 2008.11.02 -
F-Secure 8.0.14332.0 2008.11.02 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.02 -
Ikarus T3.1.1.44.0 2008.11.02 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.02 -
McAfee 5421 2008.11.02 -
Microsoft 1.4005 2008.11.02 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.02 -
Prevx1 V2 2008.11.02 -
Rising 21.01.62.00 2008.11.02 -
SecureWeb-Gateway 6.7.6 2008.11.02 -
Sophos 4.35.0 2008.11.02 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.02 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.02 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.11.02 -
Information additionnelle
File size: 553017 bytes
MD5...: 008d9e8ebf39dbf6316b35bf7398abc6
SHA1..: c0cfc4e289b5afbb8926c23825afcdbf3c3afba6
SHA256: f2b5bb96e0765242f6e644008d822b9acc3e23e9e3a6256b8afb09821e9081b6
SHA512: 7d8af31dee057476ef62bdcbd38c038ed1a43786acb9d0f4c1d98e38147215e8
1500f50dd4e079657fdab1a40995fa1545da50b14c9b1010a1b1b3539b8cc64f
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x445d15
timedatestamp.....: 0x393d55c7 (Tue Jun 06 19:49:27 2000)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x549e0 0x55000 6.52 49d10b979e626e0901a07db590195395
.rdata 0x56000 0x4daf 0x5000 5.83 22edc4db83452df1af435d6e273e2780
.data 0x5b000 0x125f0 0xa000 4.99 673677fd6e0e86c0cd8d5560d80b1670
.rsrc 0x6e000 0x22000 0x22000 4.52 ae05615cd5781cbd8b8f833e5c4c2ae3

( 10 imports )
> KERNEL32.dll: ExitProcess, CreateEventA, GetModuleHandleA, OpenEventA, MultiByteToWideChar, VirtualProtect, VerLanguageNameA, CreateProcessA, SetFileAttributesA, GetTempFileNameA, FindFirstChangeNotificationA, FindCloseChangeNotification, FindNextChangeNotification, ReleaseMutex, GetCurrentThreadId, CreateMutexA, WritePrivateProfileStringA, GetCurrentProcess, GlobalMemoryStatus, GetSystemInfo, CreateThread, CreateFileA, SetErrorMode, DeviceIoControl, CreateDirectoryA, WriteFile, ReadFile, SetFileTime, GetFileTime, SetFilePointer, GetFileSize, GetFileType, MoveFileExA, SetEndOfFile, GetCurrentDirectoryA, GetDriveTypeA, DeleteFileA, GetModuleFileNameA, GetDiskFreeSpaceA, SetCurrentDirectoryA, GetLogicalDrives, FindFirstFileA, FindNextFileA, GetSystemDefaultLangID, GetPrivateProfileStringA, ResumeThread, SetPriorityClass, GetCurrentThread, GetFullPathNameA, RemoveDirectoryA, FlushFileBuffers, QueryPerformanceCounter, GetThreadPriority, GetPriorityClass, QueryPerformanceFrequency, GetExitCodeThread, GetTickCount, lstrcmpA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, SuspendThread, IsBadWritePtr, IsBadReadPtr, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, WaitForMultipleObjects, GetStartupInfoA, GetCommandLineA, GetVersion, GetFileAttributesA, HeapFree, HeapAlloc, TlsSetValue, FileTimeToSystemTime, FileTimeToLocalFileTime, RaiseException, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, TlsAlloc, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, HeapReAlloc, HeapSize, VirtualAlloc, LCMapStringA, LCMapStringW, GetCPInfo, IsValidLocale, IsValidCodePage, EnumSystemLocalesA, SetStdHandle, GetACP, GetOEMCP, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, GetTimeZoneInformation, IsBadCodePtr, lstrcatA, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, lstrlenA, FindClose, GetExitCodeProcess, FormatMessageA, LocalFree, SizeofResource, LoadResource, LockResource, SetLastError, GetLastError, CloseHandle, GetTempPathA, IsDBCSLeadByte, lstrcpynA, GetProcAddress, LoadLibraryA, FreeLibrary, GetShortPathNameA, GetLocaleInfoA, GetUserDefaultLCID, FindResourceA, GetSystemDirectoryA, GetWindowsDirectoryA, lstrcpyA, SetEvent, ResetEvent, WaitForSingleObject, Sleep, lstrcmpiA, GetVolumeInformationA, GetVersionExA, ExitThread, SetThreadPriority, GetEnvironmentVariableA
> USER32.dll: EndPaint, SetActiveWindow, GetPropA, GetWindowTextA, DestroyCursor, IsDialogMessageA, GetMessageA, SetCursor, UnregisterClassA, ReleaseCapture, GetCapture, EnableWindow, SetCapture, ScreenToClient, CallWindowProcA, GetClassInfoA, OffsetRect, GetParent, GetNextDlgGroupItem, GrayStringA, DrawTextA, DrawTextExA, EndDialog, MessageBeep, DialogBoxIndirectParamA, CreateDialogIndirectParamA, EqualRect, SetWindowLongA, InvalidateRect, GetNextDlgTabItem, GetAsyncKeyState, RegisterWindowMessageA, LoadIconA, PostQuitMessage, EnableMenuItem, FillRect, GetSystemMetrics, GetWindowPlacement, LoadCursorA, RegisterClassA, SetPropA, GetUpdateRect, BeginPaint, IsRectEmpty, IntersectRect, GetWindowRect, SetWindowTextA, RemovePropA, SystemParametersInfoA, GetClassNameA, CharToOemA, FindWindowExA, UnionRect, EnumDisplaySettingsA, GetDC, ReleaseDC, IsWindow, ExitWindowsEx, MsgWaitForMultipleObjects, CharUpperA, CreateWindowExA, LoadImageA, CharPrevA, GetDesktopWindow, WaitForInputIdle, GetKeyboardType, LoadStringA, PeekMessageA, TranslateMessage, DispatchMessageA, SetWindowPos, wvsprintfA, MessageBoxA, GetFocus, SetFocus, FindWindowA, IsIconic, SetForegroundWindow, SetRectEmpty, SetTimer, CharNextA, KillTimer, wsprintfA, DefWindowProcA, GetMessagePos, MapWindowPoints, ShowWindow, DestroyWindow, SendMessageA, GetWindowLongA, RedrawWindow, IsChild, IsWindowVisible, CopyRect, EnumWindows, IsWindowEnabled, PostMessageA
> GDI32.dll: RemoveFontResourceA, CreateCompatibleDC, GetObjectA, SetDIBits, CreateDIBSection, GetNearestPaletteIndex, RealizePalette, SelectPalette, GetStockObject, SetTextColor, SetBkMode, SetBkColor, SelectObject, GetTextMetricsA, GetSystemPaletteEntries, CreatePalette, DeleteDC, GetDIBColorTable, AddFontResourceA, BitBlt, CreateBrushIndirect, SetDIBColorTable, GetPaletteEntries, CreateFontA, DeleteObject, GetDeviceCaps
> COMCTL32.dll: ImageList_LoadImageA, ImageList_Destroy
> ADVAPI32.dll: RegSetValueExA, LookupPrivilegeValueA, RegCreateKeyExA, RegDeleteKeyA, CloseServiceHandle, OpenSCManagerA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, OpenProcessToken, RegDeleteValueA, AdjustTokenPrivileges, RegQueryInfoKeyA
> SHELL32.dll: SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHChangeNotify, SHGetPathFromIDListA
> ole32.dll: CoCreateInstance, OleUninitialize, CoInitialize, CoUninitialize, OleInitialize
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> WINMM.dll: mmioInstallIOProcA, waveOutGetDevCapsA, waveOutGetNumDevs, joyGetNumDevs, PlaySoundA, mciSendStringA, timeGetTime
> IMM32.dll: ImmGetContext

( 5 exports )
_DialogProc@CAppAlert@@SGHPAUHWND__@@IIJ@Z, _DialogProc@CAppMessage@@SGHPAUHWND__@@IIJ@Z, _DialogProc@CDirBrowser@@SGHPAUHWND__@@IIJ@Z, _HotsetupCallback@@YG_AW4EBURETCODE@@PAX@Z, LaunchGame
0
Réponse 31 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
rapport machine.exe


Fichier machine.exe reçu le 2008.11.02 20:48:18 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0%)


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.11.02 -
AntiVir 7.9.0.10 2008.11.02 -
Authentium 5.1.0.4 2008.11.02 -
Avast 4.8.1248.0 2008.11.02 -
AVG 8.0.0.161 2008.11.02 -
BitDefender 7.2 2008.11.02 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.02 -
DrWeb 4.44.0.09170 2008.11.02 -
eSafe 7.0.17.0 2008.11.02 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.02 -
F-Prot 4.4.4.56 2008.11.02 -
F-Secure 8.0.14332.0 2008.11.02 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.02 -
Ikarus T3.1.1.44.0 2008.11.02 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.02 -
McAfee 5421 2008.11.02 -
Microsoft 1.4005 2008.11.02 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.02 -
Prevx1 V2 2008.11.02 -
Rising 21.01.62.00 2008.11.02 -
SecureWeb-Gateway 6.7.6 2008.11.02 -
Sophos 4.35.0 2008.11.02 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.02 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.02 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.11.02 -
Information additionnelle
File size: 253952 bytes
MD5...: 144709f2410186c3283e2fc681cee7d7
SHA1..: 8cd8cd1496d20b064ce5373ab635b6973709db92
SHA256: 7269554274903c0116bc0fab16315ec35412bee608b4fe23bc152b9b039b2254
SHA512: 9ab11c9f91c1605623bc8880fc353df0591707909e74cff2eae334ab2cf65556
76324485f228dc770120bebd2945af7d5663f748f48eaa169e951d6140bf9e90
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x414d9e
timedatestamp.....: 0x392c63a0 (Wed May 24 23:20:00 2000)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a9b5 0x1b000 6.52 7d3db2de39b3f6cf2b9831f223ce9f42
.rdata 0x1c000 0x2095 0x3000 4.43 3c3a2c9e87105b3c1c8725b6cf27deaa
.data 0x1f000 0x4f1b4 0x5000 5.13 8f4006136cea2e2bf422efa16adb7c19
.rsrc 0x6f000 0x19610 0x1a000 4.06 1ad1f6df80637378fb41e2d7415f92ec

( 10 imports )
> KERNEL32.dll: lstrcmpA, GetCurrentThread, GetCurrentProcess, GetSystemInfo, GetPriorityClass, GetLogicalDrives, GlobalMemoryStatus, GetComputerNameA, GetVolumeInformationA, SetErrorMode, CreateThread, GetDriveTypeA, GetLocalTime, CreateEventA, UnmapViewOfFile, MapViewOfFileEx, CreateFileMappingA, ReleaseMutex, WaitForSingleObject, CreateMutexA, MulDiv, lstrlenA, GetThreadPriority, SetPriorityClass, ReadFile, SetLastError, GetWindowsDirectoryA, FindResourceA, SizeofResource, LoadResource, LockResource, DeleteFileA, WriteFile, GetModuleFileNameA, lstrcatA, GetVersionExA, lstrcpyA, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, lstrcmpiA, LocalAlloc, LocalFree, CreateFileA, DeviceIoControl, CloseHandle, SetThreadPriority, LoadLibraryExA, GetFileInformationByHandle, FileTimeToLocalFileTime, VirtualAlloc, FileTimeToSystemTime, GetEnvironmentStringsW, GetStdHandle, VirtualFree, SetEndOfFile, GetPrivateProfileStringA, SetFilePointer, GetSystemDirectoryA, GetFileSize, GetDiskFreeSpaceA, WritePrivateProfileStringA, Sleep, GetPrivateProfileIntA, OutputDebugStringA, GetLastError, GetTempPathA, GetFileAttributesA, GetTempFileNameA, SetEvent, SetHandleCount, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FreeEnvironmentStringsA, HeapReAlloc, HeapCreate, IsBadWritePtr, GetVersion, GetCommandLineA, HeapDestroy, TerminateProcess, ExitProcess, GetStartupInfoA, RtlUnwind, HeapAlloc, RaiseException, GetFileType, IsBadReadPtr, HeapFree, MultiByteToWideChar, FlushFileBuffers, LCMapStringW, LCMapStringA, GetStringTypeA, IsBadCodePtr, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, SetStdHandle
> USER32.dll: SendMessageA, GetSystemMetrics, SetWindowPos, LoadIconA, SendDlgItemMessageA, LoadImageA, GetDlgItemTextA, GetClientRect, wvsprintfA, GetDC, ReleaseDC, KillTimer, EndPaint, BeginPaint, DialogBoxParamA, EndDialog, IsWindow, ShowWindow, SetTimer, GetWindowRect, MessageBoxA, wsprintfA, CheckDlgButton, SetFocus, SetDlgItemTextA, SetWindowTextA, IsDlgButtonChecked, GetKeyState, LoadCursorA, GetWindowTextA, SetCursor, SetWindowLongA, CallWindowProcA, FillRect, CreateDialogParamA, InvalidateRect, SetForegroundWindow, SystemParametersInfoA, DestroyWindow, EnumWindows, SetRect, GetSysColor, DrawTextA, GetDlgItem, GetParent, EnableWindow, WaitForInputIdle, PostQuitMessage
> GDI32.dll: ExtEscape, EnumFontFamiliesA, GetObjectA, SelectObject, CreateCompatibleDC, DeleteObject, BitBlt, CreateBrushIndirect, LineTo, CreateFontA, AddFontResourceA, RemoveFontResourceA, MoveToEx, StretchBlt, SetBkMode, CreateDIBSection, GetTextColor, GetDIBColorTable, SetDIBColorTable, SetTextColor, CreateDCA, DeleteDC
> comdlg32.dll: ChooseColorA, ChooseFontA
> ADVAPI32.dll: RegEnumValueA, RegQueryValueExA, RegOpenKeyA, RegCloseKey, RegEnumKeyA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, StartServiceA, OpenServiceA, ControlService, DeleteService, LookupAccountSidA, RegOpenKeyExA, RegSetValueExA, RegEnumKeyExA, RegConnectRegistryA, GetUserNameA, GetTokenInformation, OpenProcessToken, OpenThreadToken, RegCreateKeyExA
> SHELL32.dll: ShellExecuteA, ShellExecuteExA
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: timeGetTime
> COMCTL32.dll: -
> WSOCK32.dll: -, -, -, -

( 0 exports )
0
Réponse 32 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
rapport zonea660;EXE

Fichier zonea660.exe reçu le 2008.11.02 20:58:01 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.11.02 -
AntiVir 7.9.0.10 2008.11.02 -
Authentium 5.1.0.4 2008.11.02 -
Avast 4.8.1248.0 2008.11.02 -
AVG 8.0.0.161 2008.11.02 -
BitDefender 7.2 2008.11.02 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.02 -
DrWeb 4.44.0.09170 2008.11.02 -
eSafe 7.0.17.0 2008.11.02 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.02 -
F-Prot 4.4.4.56 2008.11.02 -
F-Secure 8.0.14332.0 2008.11.02 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.02 -
Ikarus T3.1.1.44.0 2008.11.02 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.02 -
McAfee 5421 2008.11.02 -
Microsoft 1.4005 2008.11.02 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.02 -
Prevx1 V2 2008.11.02 -
Rising 21.01.62.00 2008.11.02 -
SecureWeb-Gateway 6.7.6 2008.11.02 -
Sophos 4.35.0 2008.11.02 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.02 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.02 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.11.02 -
Information additionnelle
File size: 6928087 bytes
MD5...: 16474ba69745cdd8d1bdf7834505533d
SHA1..: 52727f1c8764713819175ed6454dfab350b05374
SHA256: 2a6356d1a42866d1b91d6e1a328b9fefbf92d66f350a63cf38b13007cdec041b
SHA512: 44c17818140288dd756e3fd97ba62b66dadbf17c0f77ce9619c9f9191924a9d7
cc7ba761f06d9dd734cd53d9d09886d4bae0cf27480d665db954dc9dcc8c0dad
PEiD..: -
TrID..: File type identification
Win16 NE executable (generic) (89.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
PEInfo: -
0
Réponse 33 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Bien ... je regarde un peu le tout et donne la suite ....


A tout' ...
0
Réponse 34 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
bon courage !

s'il faut d'autres rapports, dis le

a tte aussi !
0
Réponse 35 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Bon ... voilà la suite des évènements :



1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous, 


:Processes
explorer.exe

:Services
Planificateur LiveUpdate automatique
MysqlInventime
aug41krr

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AXVenore"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EQBranch"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{1C75A830-FB5D-EBA1-0640-5B27F1EED981}]

:Files
C:\Program Files\AXVenore\AXVenore.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\WINDOWS\fsuyxzpk.dll
C:\Program Files\Batty\Batty.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]



et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).


une fois ce rapport posté , fais la suite :


2- Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

0
Réponse 36 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
hop hop

rapport OTMoveIT3


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service Planificateur LiveUpdate automatique stopped successfully.
Service Planificateur LiveUpdate automatique deleted successfully.
Service MysqlInventime stopped successfully.
Service MysqlInventime deleted successfully.
Unable to stop service aug41krr .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AXVenore deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EQBranch deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{1C75A830-FB5D-EBA1-0640-5B27F1EED981}\\ not found.
========== FILES ==========
File/Folder C:\Program Files\AXVenore\AXVenore.exe not found.
File/Folder C:\Program Files\EQBranch\EQBranch.exe not found.
File/Folder C:\WINDOWS\fsuyxzpk.dll not found.
File/Folder C:\Program Files\Batty\Batty.dll not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\matthieu\LOCALS~1\Temp\gUSBSTOi.sys scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\matthieu\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\matthieu\LOCALS~1\Temp\Perflib_Perfdata_760.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\matthieu\LOCALS~1\Temp\~DFEF8B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_003805

Files moved on Reboot...
D:\DOCUME~1\matthieu\LOCALS~1\Temp\gUSBSTOi.sys moved successfully.
D:\DOCUME~1\matthieu\LOCALS~1\Temp\hpodvd09.log moved successfully.
File D:\DOCUME~1\matthieu\LOCALS~1\Temp\Perflib_Perfdata_760.dat not found!
File D:\DOCUME~1\matthieu\LOCALS~1\Temp\~DFEF8B.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_618.dat moved successfully.
0
Réponse 37 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
bien ... la suite stp ... ^^
0
Réponse 38 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
voila


-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : matthieu ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081102-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:148 Go (Free:71 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (CD or DVD)
M:\ (Local Disk) - FAT32 - Total:149 Go (Free:37 Go)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 03/11/2008| 0:51 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
C:\WINDOWS\System32\P2P Networking

-----------\\ Extensions

(Program Files) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer\Conditions g‚n‚rales.url
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer\Confidentialit‚.url
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer\D‚sinstaller.lnk
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer\WebMediaPlayer.lnk
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer\Website.url
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

D:\DOCUME~1\matthieu\Bureau\My Games\jeux\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip
D:\DOCUME~1\matthieu\Favoris\torrents\Bit Torrent eMule Bittorrent Suchmaschine P2P Usenet Serials Cracks.url
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\default_lt.kvw
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\evll.dll
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Marche a suivre.txt
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Patch.exe
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack\EarthView.exe
D:\DOCUME~1\matthieu\Mes documents\reste\OFFICE One Zip\Counter Strike Condition Zero KeyGen
D:\DOCUME~1\matthieu\Mes documents\reste\OFFICE One Zip\Pixies - Discography 1988-2004\Pixies - Discography 1988-2004\02. Doolittle (1989)\09. Crackity Jones.mp3
D:\DOCUME~1\matthieu\Mes documents\reste\OFFICE One Zip\Pixies - Discography 1988-2004\Pixies - Discography 1988-2004\05. Death To The Pixies 1987-1991 (1997)\Cd 2\14. Crackity Jones.mp3



1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008| 0:53 - Option : [1]

-----------\\ Fin du rapport a 0:53:33,68
0
Réponse 39 / 62
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Bon ... des cracks infectieux à éliminer déjà ...


donc la suite dans l'ordre :


1- ! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous, 


:Processes
explorer.exe

:Services

:Reg

:Files
D:\DOCUME~1\matthieu\Bureau\My Games\jeux\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip
D:\DOCUME~1\matthieu\Favoris\torrents\Bit Torrent eMule Bittorrent Suchmaschine P2P Usenet Serials Cracks.url
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\default_lt.kvw
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\evll.dll
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Marche a suivre.txt
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Patch.exe
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack\EarthView.exe
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack
D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer

:Commands
[start explorer]
[Reboot]



et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

====================

2- Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport RSIT pour analyse ...

===========================

3- Désactives Avast ( tu le réactiveras une fois cette manipe faite ) :

Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tapes ou fais un copier coller de : batty

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisses le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegardes ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...

Puis recommences avec :
battyrun
batty2

-> j'attends donc ces 3 rapports ...
0
Réponse 40 / 62
syloXann Messages postés 63 Date d'inscription   Statut Membre Dernière intervention   79
 
OTMoveIt n'a pas fini l'analyse je crois, à cause d'un fichier "libexquatw.exe ou .dll"

sinon, y'a quand même un rapport :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\DOCUME~1\matthieu\Bureau\My Games\jeux\Sega Megadrive emulator + loads of roms\Crack Down (UE) [!].zip moved successfully.
D:\DOCUME~1\matthieu\Favoris\torrents\Bit Torrent eMule Bittorrent Suchmaschine P2P Usenet Serials Cracks.url moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\default_lt.kvw moved successfully.
LoadLibrary failed for D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\evll.dll
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\evll.dll NOT unregistered.
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\evll.dll moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Marche a suivre.txt moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack\Patch.exe moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack\EarthView.exe moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Google_Earth Pro4. V.2737\Crack moved successfully.
D:\DOCUME~1\matthieu\Mes documents\reste\Nouveau dossier(2)\Crack moved successfully.
File/Folder D:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\WebMediaPlayer not found.
========== COMMANDS ==========
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_011721


dis moi si il faut le refaire avant la suite...
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Verif câble signal
]Esl[ -
Mars -

5 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses