Antivirus désactivé !

Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

Hier, j'ai remarqué que je ne pouvais plus utiliser Internet et j'ai vu qu'une Icône dans ma barre d'outils clignotait. C'était mon "filtre ip", il m'indiquait :

Rang______________Source_______________Destination__________Protocol_____ Action

Malware exploits_____192.168.1.**:*****_______85.255.112.**:**____UDP________ Blocked
_____//_________________//____________________ //______________//____________//
_____//_________________//____________________//______________//____________//
_____//____________192.168.1....petit changement___là aussi_________//____________//
etc...

Si je bloc ces adresses, je ne peux plus accéder à Internet et à chaque fois que j'ouvrais mon navigateur, "Malware exploits" essayait de se connecter avec une 20ène de tentatives environ. ( Là j'ai désactivé le filtre pour pouvoir poster ce message ) :(

Je sait qu'il y en a un car mon anti-virus ( McAfee VirusScan Entreprise - AntiSpyware Entreprise ) est désactivé. Impossible de le réactiver.

J'ai fait un grand nettoyage avec McAfee, Spybot-SD, MalwareBytes, CCleaner, et ToolsCleaner 2 en Mode Sans Echec.

Rien à faire, il est toujours incrusté dans l'ordi. Je ne sais pas quoi faire maintenant.

Si vous êtes assez fort pour résoudre se problème, je vous pris de bien vouloir m'aider. Je vous en serai très reconnaissant. Ne sachant pas la durée de la résolution de ce problème, je suppose que vous ne serez pas là ce soir et moi non-plus d'ailleurs donc on reprendra ça un autre jour.
Configuration: Windows XP
Firefox 3.0.5

32 réponses

  • 1
  • 2
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)

    1
  2. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Merci pour ta réponse !
    Bonne Année !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:02:27, on 01/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicma [...] Plugin.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html [...] wflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: ,wbsys.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

    --
    End of file - 10968 bytes
    0
  3. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Je fais quoi maintenant ?
    0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    fait ceci ensuite poste le rapport en fonction du rapport je te dirais quoi faire.

    Télécharge GenProc sur ton bureau
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Marrant le pop-up à la fin ! ^^

    Voici le
    Rapport GenProc 2.320 [1] - 01/01/2009 - Windows XP

    Faut-il que je fasse tout ça ?

    Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
    Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

    - Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

    - ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
    Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes en cliquant sur OUI. Patiente. Au message "ComboFix a détecté que la 'console de récupération Windows' n'existe pas sur ce PC", clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message "La console de récupération a été installée avec succès", clique impérativement sur NON pour quitter le programme (ferme également le rapport CF-RC.txt qui s'est ouvert)

    - MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** DjyDjy560 ***

    # Etape 2/

    Lance Toolbar-S&D situé sur le Bureau.
    Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

    # Etape 3/

    Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
    - Exécute l'option R.
    - Si l'infection est détectée, exécute l'option N.
    - Sauvegarde ce rapport sur ton bureau.

    # Etape 4/

    Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

    # Etape 5/

    Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

    # Etape 6/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 7/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport situé dans C:\Combofix.txt;
    - Le contenu du rapport MSNfix situé sur le Bureau ;
    - Le contenu du rapport C:\TB.txt ;
    - Le contenu du rapport C:\lopR.txt ;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Effectivement tu suit tout cela à la lettre tout ce qui est écrit en postant chaque rapport avant de faire le nettoyage de quoi que ce soit. Merci.
    0
  8. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Combofix m'a demandé d'installer la console de récupération mais m'a dit qu'il n'a pas trouvé le lien de téléchargement. En même temps, il a trouvé un ROOTKIT et a donc redémarré l'ordinateur.
    J'ai remarqué que l'antivirus fonctionne mais peut-être y a-t-il d'autres infection dans l'ordi ?

    J'attends tes instructions pour la suite ( si jamais il fallait qu'on fasse quelque chose pour la récup.)


    ComboFix 08-12-31.01 - DjyDjy560 2009-01-01 19:22:55.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.584 [GMT 1:00]
    Lancé depuis: c:\documents and settings\DjyDjy560\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\DjyDjy560\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    c:\documents and settings\Eric\Application Data\Hotbar_Icons
    c:\documents and settings\Eric\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
    c:\documents and settings\Eric\Application Data\Hotbar_Icons\Registryrepair.ico
    c:\documents and settings\Eric\Application Data\Hotbar_Icons\wallpapere1.ico
    c:\documents and settings\Matthias\Application Data\Hotbar_Icons
    c:\documents and settings\Matthias\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
    c:\documents and settings\Matthias\Application Data\Hotbar_Icons\Registryrepair.ico
    c:\documents and settings\Matthias\Application Data\Hotbar_Icons\wallpapere1.ico
    c:\documents and settings\Matthias\Local Settings\Application Data\dipes_navfx.dat
    c:\program files\Mozilla Firefox\components\iamfamous.dll
    c:\windows\system32\Cache
    c:\windows\system32\drivers\msqpdxqqaoyltp.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\ehhkj.ini
    c:\windows\system32\ehhkj.ini2
    c:\windows\system32\msqpdxtxubatom.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MSQPDXSERV.SYS
    -------\Legacy_BOONTY_GAMES
    -------\Legacy_DOMAINSERVICE
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-01 15:25 . 2009-01-01 16:46 53,248 --a------ c:\windows\fados.exe
    2009-01-01 14:40 . 2009-01-01 14:40 <REP> d-------- c:\program files\Fichiers communs\Atlence
    2009-01-01 14:40 . 2009-01-01 14:40 <REP> d-------- c:\program files\Atlence
    2009-01-01 13:08 . 2009-01-01 13:09 <REP> d-------- C:\Rooter$
    2008-12-30 17:34 . 2008-12-30 17:34 <REP> d-------- c:\program files\DVD Rip Factory Pro
    2008-12-30 17:22 . 2008-12-30 17:22 0 --a------ c:\windows\pcfriend.INI
    2008-12-30 17:18 . 2008-12-30 17:22 <REP> d-------- c:\program files\PCFriendly
    2008-12-30 17:18 . 1996-10-15 18:01 298,496 --a------ c:\windows\uninst.exe
    2008-12-30 17:18 . 1999-09-27 17:15 78,848 --a------ c:\windows\system32\INLOADER.DLL
    2008-12-28 15:00 . 2008-12-28 15:00 <REP> d-------- c:\program files\SC4 Region Maker
    2008-12-23 08:45 . 2009-01-01 12:36 <REP> d-------- c:\documents and settings\Sonia\Tracing
    2008-12-22 18:26 . 2008-12-22 18:26 <REP> d-------- c:\documents and settings\Matthias\Application Data\OpenOffice.org
    2008-12-22 16:36 . 2008-12-24 14:17 10 --a------ c:\windows\popcinfo.dat
    2008-12-22 15:46 . 2008-12-22 15:46 <REP> d-------- c:\program files\PopCap Games
    2008-12-22 15:45 . 2008-12-22 15:57 <REP> d-------- c:\program files\Zuma Deluxe
    2008-12-21 21:59 . 2009-01-01 17:32 <REP> d-------- c:\documents and settings\DjyDjy560\Tracing
    2008-12-21 14:55 . 2009-01-01 02:07 <REP> d-------- c:\documents and settings\Eric\Tracing
    2008-12-21 13:13 . 2009-01-01 15:47 <REP> d-------- c:\documents and settings\Matthias\Tracing
    2008-12-21 13:04 . 2008-12-21 13:04 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-21 12:57 . 2008-12-21 12:57 <REP> d-------- c:\program files\Windows Live SkyDrive
    2008-12-21 12:57 . 2008-12-21 12:57 <REP> d-------- c:\program files\Microsoft
    2008-12-21 12:48 . 2008-12-21 12:48 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2008-12-12 07:53 . 2008-12-12 07:53 <REP> d-------- c:\documents and settings\Eric\Application Data\OpenOffice.org
    2008-12-12 00:29 . 2008-12-18 23:55 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-12 00:29 . 2008-12-12 00:29 1,409 --a------ c:\windows\QTFont.for
    2008-12-10 13:07 . 2008-12-10 13:45 <REP> d-------- c:\program files\Monte Cristo
    2008-12-06 18:43 . 2008-12-31 23:06 <REP> d-------- c:\windows\OvtCam
    2008-12-06 18:43 . 2003-10-15 17:52 307,200 -ra------ c:\windows\vidcap32.exe
    2008-12-06 18:43 . 2003-10-15 17:52 200,704 -ra------ c:\windows\sel3110.exe
    2008-12-06 18:43 . 2003-10-15 17:52 174,530 -ra------ c:\windows\system32\drivers\ov519vid.sys
    2008-12-06 18:43 . 2003-10-15 17:52 135,168 -ra------ c:\windows\ov519cap.exe
    2008-12-06 18:43 . 2003-10-15 17:52 61,440 -ra------ c:\windows\ov519dib.dll
    2008-12-06 18:43 . 2003-10-15 17:52 40,960 -ra------ c:\windows\system32\ov519ext.dll
    2008-12-06 18:43 . 2003-10-15 17:52 40,960 -ra------ c:\windows\CleanDev.exe
    2008-12-06 18:43 . 2003-10-15 17:52 32,528 -ra------ c:\windows\amcap.exe
    2008-12-06 18:43 . 2003-10-15 17:52 25,211 -ra------ c:\windows\system32\drivers\ov519cmd.sys
    2008-12-06 18:43 . 2003-10-15 17:52 25,099 -ra------ c:\windows\system32\ov519ext.ax
    2008-12-06 18:43 . 2003-10-15 17:52 16,426 -ra------ c:\windows\system32\ov519usd.dll
    2008-12-06 18:29 . 2008-12-06 18:29 <REP> d-------- C:\Temp
    2008-12-06 17:57 . 2008-12-06 17:57 <REP> d-------- c:\program files\SEUCDaS
    2008-12-06 13:57 . 2008-12-06 13:57 <REP> d-------- c:\program files\Firefly Studios
    2008-12-05 03:56 . 2008-12-05 03:56 <REP> d-------- c:\documents and settings\Eric\Application Data\Sonic
    2008-12-05 03:56 . 2008-12-05 03:56 <REP> d-------- c:\documents and settings\Eric\Application Data\Leadertech
    2008-12-05 00:11 . 2008-12-05 00:11 308,584 --a------ c:\windows\WLXPGSS.SCR
    2008-12-03 23:01 . 2008-12-23 13:20 151 --a------ c:\windows\cdplayer.ini
    2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
    2008-12-01 22:48 . 2008-12-01 22:48 <REP> d-------- c:\documents and settings\Eric\Application Data\Windows Search

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 18:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-01 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-01 17:52 --------- d-----w c:\program files\PeerGuardian2
    2009-01-01 12:03 --------- d-----w c:\program files\Cossacks - Back To War
    2008-12-31 12:22 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-12-30 16:57 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\uTorrent
    2008-12-30 16:26 --------- d-----w c:\program files\Alcohol Soft
    2008-12-22 20:18 --------- d-----w c:\program files\Messenger Plus! Live
    2008-12-22 10:54 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Spore
    2008-12-21 12:04 --------- d-----w c:\program files\Windows Live
    2008-12-15 06:00 --------- d-----w c:\documents and settings\Eric\Application Data\plus dent junk
    2008-12-15 05:29 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-14 16:39 --------- d-----w c:\program files\Gothic III
    2008-12-03 21:09 --------- d-----w c:\program files\eMule
    2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-11-30 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Screaming Bee
    2008-11-30 16:58 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Screaming Bee
    2008-11-30 16:55 --------- d-----w c:\program files\Screaming Bee
    2008-11-30 16:55 --------- d-----w c:\program files\Fichiers communs\Screaming Bee
    2008-11-30 12:06 --------- d-----w c:\program files\adslTV
    2008-11-30 11:50 --------- d-----w c:\documents and settings\Eric\Application Data\vlc
    2008-11-30 11:49 --------- d-----w c:\documents and settings\Eric\Application Data\DMV Technologies
    2008-11-30 11:48 --------- d-----w c:\program files\DMV
    2008-11-29 16:30 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-11-29 16:30 --------- d-----w c:\program files\Fichiers communs\Real
    2008-11-28 17:33 --------- d-s---w c:\program files\Xfire
    2008-11-28 17:33 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Xfire
    2008-11-28 16:46 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-25 07:06 --------- d-----w c:\documents and settings\Sonia\Application Data\plus dent junk
    2008-11-23 13:13 --------- d-----w c:\program files\Google
    2008-11-23 13:01 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys
    2008-11-23 13:01 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys
    2008-11-23 08:13 --------- d-----w c:\program files\DAP
    2008-11-22 17:22 --------- d-----w c:\documents and settings\Matthias\Application Data\plus dent junk
    2008-11-22 17:20 --------- d-----w c:\program files\plus dent junk
    2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
    2008-11-22 15:48 --------- d-----w c:\program files\Bethesda Softworks
    2008-11-22 15:46 --------- d-----w c:\program files\MSBuild
    2008-11-22 15:43 --------- d-----w c:\program files\Reference Assemblies
    2008-11-21 18:03 --------- d-----w c:\program files\Microsoft Plus! Digital Media Edition
    2008-11-21 17:16 --------- d-----w c:\program files\ma-config.com
    2008-11-21 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2008-11-21 16:57 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-20 08:01 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-15 08:30 --------- d-----w c:\documents and settings\Sonia\Application Data\OpenOffice.org
    2008-11-15 07:18 --------- d-----w c:\documents and settings\Sonia\Application Data\Windows Search
    2008-11-14 22:45 --------- d-----w c:\program files\MarkAny
    2008-11-14 21:22 --------- d-----w c:\program files\BitTorrent Fastest Tool
    2008-11-14 20:08 --------- d-----w c:\program files\microsoft frontpage
    2008-11-14 19:59 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\OpenOffice.org
    2008-11-14 19:56 --------- d-----w c:\program files\OpenOffice.org 3
    2008-11-12 06:47 --------- d-----w c:\program files\MSXML 4.0
    2008-11-11 16:39 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\plus dent junk
    2008-11-10 13:47 --------- d-----w c:\program files\GameSpy Arcade
    2008-11-05 08:08 --------- d-----w c:\documents and settings\Matthias\Application Data\Windows Search
    2008-11-03 10:47 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Windows Search
    2008-11-02 14:59 --------- d-----w c:\documents and settings\Eric\Application Data\Notepad++
    2008-07-09 06:09 151 ----a-w c:\documents and settings\Eric\check.bat
    2008-11-22 19:40 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
    2008-09-29 06:07 22,576 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
    2008-04-13 20:53 23 --sha-w c:\windows\system32\bccdbbaee5_z.dll
    2008-09-20 18:32 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092020080921\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-08-08 691656]

    [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-11-22 3122688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "NvMediaCenter"="NvMCTray.dll" [2008-09-17 c:\windows\system32\nvmctray.dll]

    c:\documents and settings\Sonia\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

    c:\documents and settings\DjyDjy560\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

    c:\documents and settings\Eric\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2008-05-03 23:05 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= ,wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "SENTINEL"= snti386.dll
    "vidc.dvsd"= pdvcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
    backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
    backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^BitTorrent Acceleration Patch.lnk]
    backup=c:\windows\pss\BitTorrent Acceleration Patch.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
    backup=c:\windows\pss\BoontyBox 01net.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
    backup=c:\windows\pss\OFFICE One 6.5.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    backup=c:\windows\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
    path=c:\documents and settings\Eric\Menu Démarrer\Programmes\Démarrage\OFFICE One 6.5.lnk
    backup=c:\windows\pss\OFFICE One 6.5.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=c:\windows\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=c:\windows\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=c:\windows\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=c:\windows\pss\Y'z Shadow.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarSA
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
    --a------ 2005-10-20 13:15 102400 c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-11-22 20:40 3122688 c:\program files\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
    --a------ 2003-11-20 10:38 460800 c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remoteoption]
    --a------ 2008-11-19 21:08 538624 c:\docume~1\Sonia\APPLIC~1\PLUSDE~1\Start Face.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    --a------ 2008-09-17 12:36 484880 c:\program files\Samsung\EmoDio\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-11-29 17:29 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
    --a------ 2007-09-26 18:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2008-09-17 23:55 1657376 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "AVEService"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AntiVirMailService"=2 (0x2)
    "NWCWorkstation"=2 (0x2)
    "WLSetupSvc"=3 (0x3)
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Fichiers communs\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\adslTV\\adsltv.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"=
    "c:\\Program Files\\Neuf\\Kit\\9conf.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "c:\\Program Files\\GameSpy Arcade\\fpupdate.exe"=
    "c:\\Program Files\\GameSpy Arcade\\RptCrash.exe"=
    "c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\w40k.exe"=
    "c:\\Programmes\\Activision\\Rome - Total War\\RomeTW.exe"=
    "c:\\Program Files\\DAP\\DAP.exe"=
    "c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R2 McAfeeEngineService;McAfee Engine Service;"c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe" [2008-09-29 19456]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-10-12 67904]
    R2 sentemul;sentemul;\??\c:\windows\system32\drivers\sentemul.sys [2008-02-25 11812]
    S3 idrmkl;idrmkl;\??\c:\docume~1\Matthias\LOCALS~1\Temp\idrmkl.sys []
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-10-12 64432]
    S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2008-04-01 18944]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
    S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\UsbSagCom.sys [2007-06-29 51712]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d55c21-7103-11dc-8ae4-00038a000015}]
    \Shell\AutoRun\command - J:\Autorun.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-01 c:\windows\Tasks\A431145C91928F3C.job
    - c:\docume~1\eric\applic~1\plusde~1\browse manager math.exe []

    2009-01-01 c:\windows\Tasks\A8699B2791420C47.job
    - c:\docume~1\sonia\applic~1\plusde~1\browse manager math.exe [2008-11-19 21:08]

    2009-01-01 c:\windows\Tasks\AB37B53E91E83486.job
    - c:\docume~1\matthias\applic~1\plusde~1\browse manager math.exe [2008-11-22 18:22]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    ShellIconOverlayIdentifiers-{9D1F87E7-4D72-41AB-9D57-D101A08F20E5} - (no file)
    Notify-AtiExtEvent - (no file)
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    MSConfigStartUp-Dog Cool Send Play - c:\documents and settings\All Users\Application Data\Road Inter Dog Cool\Amen Bleh.exe
    MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
    MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
    MSConfigStartUp-kokiqsk - c:\documents and settings\matthias\local settings\application data\kokiqsk.exe
    MSConfigStartUp-RocketDock - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-UberIcon - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://home.neuf.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    TCP: {304BF9BC-8D7C-447D-A871-482713E731EC} = 208.67.220.220,208.67.222.222

    O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    FF - ProfilePath - c:\documents and settings\DjyDjy560\Application Data\Mozilla\Firefox\Profiles\thurqdxq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\DjyDjy560\Application Data\Mozilla\Firefox\Profiles\thurqdxq.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

    [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 19:31:41
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-2776753736-919526408-3057377715-1005
    @Allowed: (Read) (Everyone)
    @Allowed: (Read) (Users)
    @Allowed: (Read) (PowerUsers)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (S-1-5-21-2776753736-919526408-3057377715-1005)
    "*"=dword:00000004

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-2776753736-919526408-3057377715-1005
    @Allowed: (Read) (Everyone)
    @Allowed: (Read) (Users)
    @Allowed: (Read) (PowerUsers)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (S-1-5-21-2776753736-919526408-3057377715-1005)
    "*"=dword:00000004

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security="Inherited"
    "*"=dword:00000004

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security="Inherited"
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*A*NULL*n*NULL*i*NULL*m*NULL*a*NULL*u*NULL*x*NULL* *NULL*&*NULL* *NULL*C*NULL*i*NULL*e*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,ec,04,00,00,01,00,00,00,08,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,d7,04,00,00,e8,38,f5,81,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,2d,04,00,\
    00,e8,38,f5,81,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
    04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,94,00,00,00,02,00,00,00,86,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,74,00,32,00,c4,07,00,00,e8,38,f5,\
    81,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,\
    e8,38,f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,6f,00,\
    6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
    00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,03,00,00,00,8e,00,00,00,\
    41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,a9,07,00,00,e8,38,f5,81,20,\
    00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,e8,38,\
    f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,\
    00,22,21,20,00,32,00,20,00,41,00,6e,00,69,00,6d,00,61,00,75,00,78,00,20,00,\
    26,00,20,00,43,00,69,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,c0,00,00,00,04,00,\
    00,00,b2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a0,00,32,00,76,07,00,\
    00,e8,38,f5,81,20,00,4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,76,00,03,00,\
    04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,\
    00,69,00,6d,00,73,00,22,21,20,00,32,00,20,00,41,00,6e,00,69,00,6d,00,61,00,\
    75,00,78,00,20,00,26,00,20,00,43,00,69,00,65,00,20,00,2d,00,20,00,44,00,e9,\
    00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,\
    6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
    00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,\
    67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,e1,03,00,00,e8,38,f5,81,20,00,4c,\
    69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,f5,81,\
    17,39,10,69,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,\
    00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
    00,00,00,00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,\
    00,00,00,01,00,00,00,84,00,32,00,38,00,00,00,e8,38,f5,81,20,00,4d,49,53,45,\
    4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,f5,81,17,39,10,\
    69,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,\
    72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,\
    00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,\
    0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,\
    00,07,00,00,00,a0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,\
    2c,05,00,00,e8,38,f6,81,20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,\
    00,03,00,04,00,ef,be,e8,38,f6,81,17,39,10,69,14,00,00,00,77,00,77,00,77,00,\
    2e,00,74,00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,\
    00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,\
    67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\
    00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*I*NULL*K*NULL*E*NULL*A*NULL*®*NULL* *NULL*H*NULL*o*NULL*m*NULL*e*NULL* *NULL*D*NULL*e*NULL*s*NULL*i*NULL*g*NULL*n*NULL* *NULL*K*NULL*i*NULL*t*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,44,04,00,00,01,00,00,00,07,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,32,05,00,00,e8,38,a1,8e,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,7a,00,00,\
    00,e8,38,a1,8e,20,00,49,4e,53,43,52,49,7e,31,2e,55,52,4c,00,00,48,00,03,00,\
    04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,0e,08,00,00,e8,38,a1,\
    8e,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
    e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
    6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ac,00,00,00,03,00,00,00,9e,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,32,00,1a,08,00,00,e8,38,a1,\
    8e,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,62,00,03,00,04,00,ef,be,\
    e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,49,00,4b,00,45,00,41,00,ae,00,20,00,48,00,\
    6f,00,6d,00,65,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,20,00,4b,00,69,\
    00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
    00,00,1c,00,00,00,00,00,00,00,00,00,d0,00,00,00,04,00,00,00,c2,00,00,00,41,\
    75,67,4d,02,00,00,00,01,00,00,00,b0,00,32,00,ce,07,00,00,e8,38,a1,8e,20,00,\
    4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,86,00,03,00,04,00,ef,be,e8,38,a1,\
    8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,00,\
    22,21,20,00,32,00,20,00,49,00,4b,00,45,00,41,00,ae,00,20,00,48,00,6f,00,6d,\
    00,65,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,20,00,4b,00,69,00,74,00,\
    20,00,2d,00,20,00,44,00,e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
    00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
    00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,\
    00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,09,04,\
    00,00,e8,38,a1,8e,20,00,4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,\
    00,04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,69,00,73,00,65,00,\
    7a,00,4d,00,6f,00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
    00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,00,00,06,00,00,00,\
    7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,00,30,00,00,00,e8,\
    38,a1,8e,20,00,57,57,57,4c,45,53,7e,31,2e,55,52,4c,00,00,3e,00,03,00,04,00,\
    ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,77,00,77,00,77,00,2e,00,6c,00,65,\
    00,73,00,73,00,69,00,6d,00,73,00,32,00,2e,00,66,00,72,00,2e,00,75,00,72,00,\
    6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
    00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*J*NULL*o*NULL*u*NULL*r*NULL* *NULL*d*NULL*e*NULL* *NULL*f*NULL*ê*NULL*t*NULL*e*NULL* *NULL*!*NULL* *NULL*K*NULL*i*NULL*t*NULL* *NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,e0,04,00,00,01,00,00,00,08,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,60,05,00,00,e8,38,72,98,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,57,04,00,\
    00,e8,38,72,98,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
    04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,fc,07,00,00,e8,38,72,\
    98,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
    e8,38,72,98,ea,38,61,80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
    6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,03,00,00,00,9a,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,eb,07,00,00,e8,38,72,\
    98,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,\
    e8,38,72,98,ea,38,61,80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,4a,00,6f,00,75,00,72,00,20,00,64,00,65,00,\
    20,00,66,00,ea,00,74,00,65,00,20,00,21,00,20,00,4b,00,69,00,74,00,a0,00,2e,\
    00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
    00,00,00,00,00,00,00,00,cc,00,00,00,04,00,00,00,be,00,00,00,41,75,67,4d,02,\
    00,00,00,01,00,00,00,ac,00,32,00,b8,07,00,00,e8,38,72,98,20,00,4c,45,53,53,\
    49,4d,7e,32,2e,4c,4e,4b,00,00,82,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,\
    80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,\
    32,00,20,00,4a,00,6f,00,75,00,72,00,20,00,64,00,65,00,20,00,66,00,ea,00,74,\
    00,65,00,20,00,21,00,20,00,4b,00,69,00,74,00,a0,00,20,00,2d,00,20,00,44,00,\
    e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,\
    00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
    00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,\
    75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,ff,03,00,00,e8,38,72,98,20,00,\
    4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,72,\
    98,ea,38,61,80,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,\
    2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
    00,00,00,00,00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,\
    02,00,00,00,01,00,00,00,84,00,32,00,38,00,00,00,e8,38,72,98,20,00,4d,49,53,\
    45,4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,\
    61,80,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,\
    00,72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,\
    6e,00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,\
    00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,\
    00,00,07,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
    00,30,05,00,00,e8,38,72,98,20,00,57,57,57,4c,45,53,7e,31,2e,4c,4e,4b,00,00,\
    3e,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,77,00,77,00,77,\
    00,2e,00,6c,00,65,00,73,00,73,00,69,00,6d,00,73,00,32,00,2e,00,66,00,72,00,\
    2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
    00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*K*NULL*i*NULL*t*NULL* *NULL*G*NULL*l*NULL*a*NULL*m*NULL*o*NULL*u*NULL*r*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,e4,04,00,00,01,00,00,00,08,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,c9,04,00,00,e8,38,89,81,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,1f,04,00,\
    00,e8,38,89,81,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
    04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,94,00,00,00,02,00,00,00,86,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,74,00,32,00,b2,07,00,00,e8,38,89,\
    81,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,\
    e8,38,89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,6f,00,\
    6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
    00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,03,00,00,00,8a,00,00,00,\
    41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,93,07,00,00,e8,38,89,81,20,\
    00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,ef,be,e8,38,\
    89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,\
    00,22,21,20,00,32,00,20,00,4b,00,69,00,74,00,20,00,47,00,6c,00,61,00,6d,00,\
    6f,00,75,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,bc,00,00,00,04,00,00,00,ae,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9c,00,32,00,60,07,00,00,e8,38,89,\
    81,20,00,4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,72,00,03,00,04,00,ef,be,\
    e8,38,89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,4b,00,69,00,74,00,20,00,47,00,6c,00,61,00,\
    6d,00,6f,00,75,00,72,00,20,00,2d,00,20,00,44,00,e9,00,73,00,69,00,6e,00,73,\
    00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,\
    6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
    00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
    00,00,5a,00,32,00,d7,03,00,00,e8,38,89,81,20,00,4c,69,73,65,7a,4d,6f,69,2e,\
    6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,\
    4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,00,6c,00,6e,00,6b,00,00,\
    00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
    a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,\
    00,32,00,38,00,00,00,e8,38,89,81,20,00,4d,49,53,45,4a,4f,7e,31,2e,55,52,4c,\
    00,00,5a,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,4d,00,69,\
    00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,72,00,20,00,28,00,73,00,\
    69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,00,61,00,69,\
    00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
    00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,07,00,00,00,a0,00,00,\
    00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,28,05,00,00,e8,38,89,81,\
    20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,04,00,ef,be,e8,\
    38,89,81,f1,38,3d,7d,14,00,00,00,77,00,77,00,77,00,2e,00,74,00,68,00,65,00,\
    73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,20,00,28,00,73,00,69,\
    00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,00,61,00,69,00,\
    73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
    00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*A*NULL*u*NULL* *NULL*f*NULL*i*NULL*l*NULL* *NULL*d*NULL*e*NULL*s*NULL* *NULL*s*NULL*a*NULL*i*NULL*s*NULL*o*NULL*n*NULL*s*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,02,05,00,00,01,00,00,00,08,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,59,05,00,00,e8,38,57,82,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,50,04,00,\
    00,e8,38,57,82,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
    04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,f3,07,00,00,e8,38,57,\
    82,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
    e8,38,57,82,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
    00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
    6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a6,00,00,00,03,00,00,00,98,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,86,00,32,00,e0,07,00,00,e8,38,57,\
    82,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,\
    e8,38,57,82,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,a0,00,53,00,69,00,6d,\
    00,73,00,22,21,a0,00,32,00,20,00,41,00,75,00,a0,00,66,00,69,00,6c,00,a0,00,\
    64,00,65,00,73,00,a0,00,73,00,61,00,69,00,73,00,6f,00,6e,00,73,00,2e,00,6c,\
    00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
    00,00,00,00,00,00,ca,00,00,00,04,00,00,00,bc,00,00,00,41,75,67,4d,02,00,00,\
    00,01,00,00,00,aa,00,32,00,ad,07,00,00,e8,38,57,82,20,00,4c,45,53,53,49,4d,\
    7e,32,2e,4c,4e,4b,00,00,80,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,\
    00,00,00,4c,00,65,00,73,00,a0,00,53,00,69,00,6d,00,73,00,22,21,a0,00,32,00,\
    20,00,41,00,75,00,a0,00,66,00,69,00,6c,00,a0,00,64,00,65,00,73,00,a0,00,73,\
    00,61,00,69,00,73,00,6f,00,6e,00,73,00,20,00,2d,00,20,00,44,00,e9,00,73,00,\
    69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,2e,\
    00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
    00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,67,4d,02,\
    00,00,00,01,00,00,00,5a,00,32,00,fa,03,00,00,e8,38,57,82,20,00,4c,69,73,65,\
    7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,\
    69,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,00,6c,00,\
    6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
    00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,\
    01,00,00,00,84,00,32,00,38,00,00,00,e8,38,57,82,20,00,4d,49,53,45,4a,4f,7e,\
    31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,\
    00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,72,00,20,\
    00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,\
    6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,07,00,\
    00,00,a0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,36,05,00,\
    00,e8,38,57,82,20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,\
    04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,77,00,77,00,77,00,2e,00,74,\
    00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,20,00,\
    28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,\
    00,61,00,69,00,73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,\
    0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*C*NULL*a*NULL*r*NULL*b*NULL*o*NULL*n*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,46,05,00,00,01,00,00,00,09,00,00,00,92,00,\
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
    00,f3,04,00,00,68,38,c4,98,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
    48,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,41,00,73,00,73,\
    00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
    6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
    00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
    00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,41,04,00,\
    00,68,38,c4,98,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
    04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
    67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,02,00,00,00,6c,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,f5,03,00,00,68,38,c4,\
    98,20,00,4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,\
    68,38,c4,98,9b,39,82,8e,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,\
    00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
    00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,03,00,00,00,88,00,00,00,41,\
    75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,d3,03,00,00,68,38,c4,98,20,00,\
    4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,68,38,c4,\
    98,9b,39,82,8e,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
    74,00,20,00,44,00,69,00,72,00,65,00,63,00,74,00,58,00,20,00,45,00,55,00,4c,\
    00,41,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
    00,00,1c,00,00,00,00,00,00,00,00,00,a4,00,00,00,04,00,00,00,96,00,00,00,41,\
    75,67,4d,02,00,00,00,01,00,00,00,84,00,32,00,45,00,00,00,68,38,c4,98,20,00,\
    4d,49,53,45,4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,68,38,c4,\
    98,9b,39,82,8e,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,\
    6f,00,75,00,72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,\
    00,61,00,6e,00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,\
    00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
    00,96,00,00,00,05,00,00,00,88,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
    76,00,32,00,67,07,00,00,68,38,c4,98,20,00,4e,45,45,44,46,4f,7e,31,2e,4c,4e,\
    4b,00,00,4c,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,4e,00,\
    65,00,65,00,64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,00,65,00,64,\
    00,22,21,20,00,43,00,61,00,72,00,62,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,\
    00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
    00,ba,00,00,00,06,00,00,00,ac,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
    9a,00,32,00,8e,07,00,00,68,38,c4,98,20,00,4e,45,45,44,46,4f,7e,32,2e,4c,4e,\
    4b,00,00,70,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,4e,00,\
    65,00,65,00,64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,00,65,00,64,\
    00,22,21,20,00,43,00,61,00,72,00,62,00,6f,00,6e,00,20,00,2d,00,20,00,44,00,\
    e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,\
    00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
    00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,07,00,00,00,9a,00,00,00,41,\
    75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,3f,07,00,00,68,38,c4,98,20,00,\
    4e,45,45,44,46,4f,7e,33,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,68,38,c4,\
    98,9b,39,82,8e,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,00,72,00,\
    20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,43,00,61,00,72,00,62,00,6f,\
    00,6e,00,20,00,53,00,61,00,66,00,65,00,6d,00,6f,00,64,00,65,00,2e,00,6c,00,\
    6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
    00,00,00,00,00,6a,00,00,00,08,00,00,00,5c,00,00,00,41,75,67,4d,02,00,00,00,\
    01,00,00,00,4a,00,32,00,6a,04,00,00,68,38,c4,98,20,00,57,65,62,2e,6c,6e,6b,\
    00,26,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,57,00,65,00,\
    62,00,2e,00,6c,00,6e,00,6b,00,00,00,16,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
    00,16,00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*i*NULL*m*NULL*C*NULL*i*NULL*t*NULL*y*NULL*"! *NULL*S*NULL*o*NULL*c*NULL*i*NULL*e*NULL*t*NULL*i*NULL*e*NULL*s*NULL*]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,c2,02,00,00,01,00,00,00,05,00,00,00,8c,00,\
    00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
    00,45,00,00,00,51,38,9c,8b,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
    42,00,03,00,04,00,ef,be,51,38,9c,8b,9b,39,82,8e,14,00,00,00,43,00,68,00,65,\
    00,63,00,6b,00,20,00,66,00,6f,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,\
    65,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
    00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
    41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,84,00,00,00,51,38,9c,8b,20,\
    00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,4e,00,03,00,04,00,ef,be,51,38,\
    9c,8b,9b,39,82,8e,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,\
    00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,\
    69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
    be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,02,00,00,00,6a,00,\
    00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,80,03,00,00,ae,38,02,\
    7b,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,00,ef,be,\
    51,38,9c,8b,9b,39,83,8e,14,00,00,00,52,00,65,00,61,00,64,00,20,00,4d,00,65,\
    00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
    1c,00,00,00,00,00,00,00,00,00,8e,00,00,00,03,00,00,00,80,00,00,00,41,75,67,\
    4d,02,00,00,00,01,00,00,00,6e,00,32,00,80,07,00,00,ae,38,02,7b,20,00,53,49,\
    4d,43,49,54,7e,31,2e,4c,4e,4b,00,00,44,00,03,00,04,00,ef,be,51,38,9c,8b,9b,\
    39,83,8e,14,00,00,00,53,00,69,00,6d,00,43,00,69,00,74,00,79,00,22,21,20,00,\
    53,00,6f,00,63,00,69,00,65,00,74,00,69,00,65,00,73,00,2e,00,6c,00,6e,00,6b,\
    00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
    00,00,8c,00,00,00,04,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
    00,6c,00,32,00,5f,04,00,00,ae,38,02,7b,20,00,54,45,43,48,4e,49,7e,31,2e,4c,\
    4e,4b,00,00,42,00,03,00,04,00,ef,be,51,38,9c,8b,9b,39,83,8e,14,00,00,00,54,\
    00,65,00,63,00,68,00,6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,\
    70,00,6f,00,72,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
    00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
    @Security="Inherited"
    "Order"=hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,04,00,00,00,78,00,\
    00,00,00,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,\
    00,46,08,00,00,3c,39,a3,9a,20,00,41,49,44,45,45,41,7e,31,2e,4c,4e,4b,00,00,\
    2e,00,03,00,04,
    0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    tu s fait ceux avant combofix?
    0
  10. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    jé suivi à la lettre comme cété indiqué, pourquoi ? ya un problème ?
    Je tien à dire aussi que mon antivirus s'est activé après le redémarrage. C'est peut-être pour ça que tu es étonnée du résultat ?
    0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    reposte moi un rapport hijackthis. Merci.
    0
  12. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:27:55, on 01/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: ,wbsys.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  13. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    si hijackthis est encore ouvert, tu sélectionne les lignes ci dessous, puis :

    Tu cliques en bas sur le bouton FIX CHECKED et valides .

    2- Redémarres l'ordi .
    ( important pour que certaines modifs faites avec hijakthis soient prises en compte )

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    0
  14. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    ok c'est fait et après ?
    0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    normalement c'est bon. tu ne devrait plus avoir de problème.

    Fait quand même cette dernière chose.

    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux
    0
  16. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    ok ça marche. Évidemment, ça risque d'être long donc je te poste ça demain. Je te remercie.
    0
  17. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Bonjour ! Voici le rapport
    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1590
    Windows 5.1.2600 Service Pack 3

    02/01/2009 10:13:44
    mbam-log-2009-01-02 (10-13-44).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 428841
    Temps écoulé: 3 hour(s), 17 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa16fe06-b462-470e-9653-79c54b1871ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed203331-9c33-49d8-8714-d24a366a04ec} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxtxubatom.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5E6EF39B-7396-4AF0-A380-E64622072272}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5E6EF39B-7396-4AF0-A380-E64622072272}\RP0\A0000030.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jhnnhedbih.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    0
  18. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    reposte un dernier hijackthis.
    0
  19. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:34:03, on 02/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Eric')
    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'Eric')
    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP (User 'Eric')
    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [mmikmou] "c:\documents and settings\eric\local settings\application data\mmikmou.exe" mmikmou (User 'Eric')
    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Sonia')
    O4 - S-1-5-21-2776753736-919526408-3057377715-1006 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Eric')
    O4 - S-1-5-21-2776753736-919526408-3057377715-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Eric')
    O4 - S-1-5-21-2776753736-919526408-3057377715-1007 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Sonia')
    O4 - S-1-5-21-2776753736-919526408-3057377715-1007 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Sonia')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: ,wbsys.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  20. Fusiored Messages postés 143 Date d'inscription   Statut Membre Dernière intervention   45
     
    Alors c'est ok ? Y a plus rien ?
    0
  21. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    non y a ça qui est revenur, tu connais?

    O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [mmikmou] "c:\documents and settings\eric\local settings\application data\mmikmou.exe" mmikmou (User 'Eric')

    0
  • 1
  • 2