HELP : This website has been reported as unsa

manon_c12 -  
 manon_c12 -
Bonjour,

J'ai été infecté par un virus.
description: pendant ma navigation d'hier soir, une fenetre windows, qui avait l'air vraiment vrai, apparait "votre pc est infecté" et m'indique que pls virus ont été detecté. Il me propose d'opérer a la suppression des virus, mais ca ne marche pas (j'avais mis ok a un moment) et me demande une "clé" que je n'ai pas, c'est là que cela m'a semblé louche. Depuis, mes pages IE8 se bloque avec le messages : This website has been reported as unsafe.
Au vue de l'infection avéré de mon pc, j'ai consulté les sites internet, il s'avère qu'il s'agit d'un faux programmes antivirus qui s'installe impunément sur l'ordi, passant à travers Norton (que je posssède), son nom personal security. Effectivement il apparait dans mes programmes. J opère, d'après les conseils d'un internaute, a la suppression de ce programme, "ajout suppression programme", suppression manuelle de tous les fichiers portant son nom. PROBLEME : les pages IE8 se bloquent tjs, et malgré le redémarrage du pc. Ca se bloque 1 fois sur 2. J'avais ccleaner , donc g fais une analyse suppression au cas ou mais "This website has been reported as unsafe" est resistant. J'ai l'impression que ca se blok de plus en plus. ca devient urgent, j'ai peur que cela endommage mon disk dur.
Aidez moi, je suis nul en informatique!

34 réponses

  • 1
  • 2
Résumé de la discussion

Une infection par un faux antivirus affiche une alerte 'votre pc est infecté' pendant la navigation, bloquant les pages avec 'This website has been reported as unsafe' et contournant Norton sur Windows XP et IE8. Plusieurs conseils portent sur la suppression manuelle du programme problématique, puis l'emploi d'outils dédiés comme ZHPDiag, Lop S&D, USBFix, AD-Remover, List_Kill'em et HijackThis pour nettoyer les traces. En cas d'alerte antivirus, certains outils doivent être exécutés en désactivant temporairement l'antivirus et le pare-feu, et certains téléchargements peuvent rester bloqués ou nécessiter des liens miroirs. D'autres interventions proposées incluent des rapports collectés et l'analyse de logs, avec des retours indiquant des fenêtres bloquées disparues mais nécessitant plus d'exploration pour éviter une réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    tu as décris la définition d'un rogue

    redémarrer le pc en mode sans échec avec prise en charge reseau

    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

    Télécharge rkill

    Enregistre-le sur ton Bureau
    Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
    Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
    change de lien de téléchargement en utilisant le suivant à partir d'ici:
    https://download.bleepingcomputer.com/grinler/rkill.exe
    https://download.bleepingcomputer.com/grinler/rkill.exe

    Rkill COM: Rkill COM:
    https://download.bleepingcomputer.com/grinler/rkill.com
    https://download.bleepingcomputer.com/grinler/rkill.com

    Rkill SCR: Rkill RCS:
    https://download.bleepingcomputer.com/grinler/rkill.scr
    https://download.bleepingcomputer.com/grinler/rkill.scr

    Rkill PIF: Rkill PIF:
    http://download.bleepingcomputer.com/grinler/rkill.pif
    http://download.bleepingcomputer.com/grinler/rkill.pif

    une fois qu'il aura terminé

    Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet (examen assez long)
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement.
    Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . [b]Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection
    Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
    0
  2. manon_c12
     
    Le problème c que depuis tout a l heure j'essaye d'accéder au mode sans echec comme indiquer sur le lien. J'ai un packard bell qd j'appuie sur f8 des le debut, il y a une fenetre qui me propose d'aller sur "hard disk" ou autre chose, je tape hard disk et f8 en meme temps et il me propose 2 trucs avec des numeos, j'ai tapé sur l un d'eux et ça ma demarré l'ordi normalement, jamais je vois apparaitre mode sans echec (f2 pour bios)
    De plus pr telecharger rkill quand je serais dans le moe sans echec, je tape sur lequel de tes liens?
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bon

    fais le en mode normal
    0
    1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      pour Rkill tu fais le premier

      s'il échoue passes au suivant
      0
  4. manon_c12
     
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4053

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    30/04/2010 12:31:03
    mbam-log-2010-04-30 (12-31-03).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 201335
    Temps écoulé: 1 heure(s), 46 minute(s), 40 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personsecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Documents and Settings\Anne-Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonSecurity.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    Je tiens à préciser que lorsque j'ai fais "supprimer la sélection" des 13 éléments détectés, une fenêtre m'a indiqué que "tout les éléments n'ont pas tous pu être supprimé. pour supprimer vous devez redémarrer, voulez vous redemarrez maintenant?" j'ai dit non pour continuer la marche a suivre.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    redemarres le pc comme demandé

    ensuite

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    (outil de diagnostic)

    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    si soucis avec ci joint. fr => utiliser https://www.cjoint.com/

    0
  7. manon_c12
     
    http://www.cijoint.fr/cjlink.php?file=cj201004/cijJ4OKNqb.txt
    0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    1)

    Téléchargez USBFIX de El Desaparecido, C_xx

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Utilisateur de vista et windows 7 :
    ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    * Double clic sur le raccourci UsbFix présent sur le bureau .

    * Choisir l'option2 suppression
    (d'autres options disponibles, voir le tutoriel).
    * Laissez travailler l'outil.
    Le menu démarrer et les icônes vont disparaître.. c'est normal.

    Si un message te demande de redémarrer l'ordinateur fais le ...

    ? Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

    ? Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    * Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    * Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

    Il est enregistré sur ton bureau.

    Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

    ...............................

    2)

    * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Miroir:

    https://www.androidworld.fr/

    /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

    Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « NETTOYER »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    .............................

    3)

    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ? Télécharge List_Kill'em et enregistre le sur ton bureau

    http://sd-1.archive-host.com/...

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Executer Shortcut
    Executer List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    0
  9. manon_c12
     
    Réponse etape 1
    ############################## | UsbFix V6.110 |

    User : Anne-Marie (Administrateurs) # SN404475890003
    Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 17:15:08 | 30/04/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.20GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 180,29 Go (96,24 Go free) [HDD] # NTFS
    D:\ -> Disque CD-ROM

    ################## | Elements infectieux |

    Supprimé ! C:\Recycler\S-1-5-21-3817341157-2852955905-2705397224-1008
    Supprimé ! C:\Recycler\S-1-5-21-3885208989-1389336924-726956927-1003

    ################## | Registre |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{d4926383-147e-11dd-8205-00038a000015}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{ec48c164-d459-11de-85a8-000feabe6cde}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [08/04/2005 08:15|-rahs----|215] C:\BOOT.BAK
    [17/07/2007 10:35|--ahs----|296] C:\BOOT.INI
    [05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
    [13/07/2007 13:09|--a------|2123] C:\cleannavi.txt
    [05/08/2004 14:00|-rahs----|263488] C:\cmldr
    [08/04/2005 08:04|--a------|6238] C:\DWNLOG.TXT
    [05/09/2001 21:00|--a------|1700352] C:\gdiplus.dll
    [?|?|?] C:\hiberfil.sys
    [08/04/2005 08:18|-rahs----|0] C:\IO.SYS
    [08/04/2005 08:20|--ah-----|826] C:\IPH.PH
    [16/06/2005 11:48|--a------|183] C:\LogiSetup.log
    [08/04/2005 08:18|-rahs----|0] C:\MSDOS.SYS
    [11/04/2008 22:12|--a------|479136] C:\NetInstallPokerRoom.exe
    [05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM
    [05/08/2004 14:00|-rahs----|251712] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [13/07/2007 21:18|--a------|734] C:\rapport_clean.txt
    [30/04/2010 10:28|--a------|646] C:\rkill.log
    [07/04/2005 18:52|--a------|1182] C:\SAUDIT.TXT
    [30/04/2010 17:25|--a------|2114] C:\UsbFix.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SN404475890003.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .
    0
  10. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    => Ad Remover
    0
  11. manon_c12
     
    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 29/04/10 à 18:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:33:04 le 30/04/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP(TM) Service Pack 2 - X86
    Nom du PC: SN404475890003
    Utilisateur actuel: Anne-Marie
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: *Application Updater*
    .
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Poker 770
    C:\Documents and Settings\Anne-Marie\Application Data\pdfforge
    C:\Documents and Settings\Anne-Marie\Application Data\Search Settings
    C:\Documents and Settings\Anne-Marie\Menu Démarrer\Programmes\WebMediaPlayer
    C:\Documents and Settings\Anne-Marie\Mes documents\PacificPoker
    C:\Poker\Poker 770
    C:\Program Files\Application Updater
    C:\Program Files\Everest Poker
    C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
    C:\Program Files\pdfforge Toolbar

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\Dynamic Toolbar
    HKCU\Software\EoRezo
    HKCU\Software\Grand Virtual
    HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\pacificpoker
    HKCU\Software\pdfforge
    HKCU\Software\Poker 770
    HKCU\Software\pokerinstaller
    HKCU\Software\Search Settings
    HKLM\Software\Application Updater
    HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
    HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
    HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
    HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\Need2FindBar.SettingsPlugin
    HKLM\Software\Classes\Need2FindBar.SettingsPlugin.1
    HKLM\Software\Classes\Need2FindBar.ToolbarPlugin
    HKLM\Software\Classes\Need2FindBar.ToolbarPlugin.1
    HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
    HKLM\Software\MetaStream
    HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    HKLM\Software\pdfforge
    HKLM\Software\Poker 770
    HKLM\Software\Search Settings
    HKLM\Software\Viewpoint
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome.manifest
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\install.rdf
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome.manifest
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\install.rdf
    .
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    (Orpheline) HKLM,Uninstall - ie7 - C:\WINDOWS\ie7\spuninst\spuninst.exe (Fichier manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.5.9 (fr) *
    .
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Anne-Marie\\Mes documents\\Mes images
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.defaultenginename: Google
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.selectedEngine: Google
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st
    C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9
    .
    EFFACÉ: C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st");
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 81 Fichier(s)
    C:\Ad-Remover\Backup: 14 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 7596 Octet(s)
    .
    Fin à: 17:43:05, 30/04/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    0
  12. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    => List_Kill'em
    0
  13. manon_c12
     
    List'em by g3n-h@ckm@n 1.7.2.5

    User : Anne-Marie (Administrateurs)
    Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
    Start at: 17:54:50 | 30/04/2010

    Intel(R) Pentium(R) 4 CPU 3.20GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 180,29 Go (96,41 Go free) [HDD] | NTFS
    D:\ -> Disque CD-ROM

    Boot: Normal

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Apps\EZHome\EZStatus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\List_Kill'em\pv.exe
    0
    1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      le rapport n'est pas complet, il se ternie par EOF
      0
  14. manon_c12
     
    =====================
    Keys "Run"
    ======================

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    EzStatus REG_SZ C:\Apps\EZHome\EZStatus.exe
    LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    TomTomHOME.exe REG_SZ "C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe"
    WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
    SoundMan REG_SZ SOUNDMAN.EXE
    AlcWzrd REG_SZ ALCWZRD.EXE
    Alcmtr REG_SZ ALCMTR.EXE
    ATIPTA REG_SZ C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
    ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
    VCSPlayer REG_SZ "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
    LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
    LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 255 (0xff)
    NoDriveAutoRun REG_DWORD 255 (0xff)
    HonorAutoRunSetting REG_DWORD 0 (0x0)

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveAutoRun REG_DWORD 255 (0xff)
    NoCDBurning REG_DWORD 0 (0x0)
    HonorAutoRunSetting REG_DWORD 0 (0x0)
    NoDriveTypeAutoRun REG_DWORD 255 (0xff)

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultDomainName REG_SZ SN404475890003
    DefaultUserName REG_SZ Anne-Marie
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ Anne-Marie
    AltDefaultDomainName REG_SZ SN404475890003

    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
    %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
    %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
    C:\Program Files\Kazaa\kazaa.exe REG_SZ C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop
    C:\Program Files\Shareaza\Shareaza.exe REG_SZ C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
    C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:Réinitialisation du terminal
    C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD633_Tiscali.exe REG_SZ C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD633_Tiscali.exe:*:Enabled:Tiscali - Assistant de configuration
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Disabled:eMule
    C:\Program Files\Canon\DV Messenger\DV Messenger.exe REG_SZ C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable
    C:\WINDOWS\system32\rtcshare.exe REG_SZ C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC
    C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe REG_SZ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
    C:\Program Files\Gadu-Gadu\gg.exe REG_SZ C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe REG_SZ C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    0
  15. manon_c12
     
    ===============
    ActivX controls
    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A344D34-5231-452A-8A57-D064AC9B7862}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9122D757-5A4F-4768-82C5-B4171D8556A7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{7C5EB9E7-2D02-4B23-8412-9C0F7E5DD6D5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

    ==============
    BHO :
    ======

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

    ===
    DNS
    ===

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    ================
    Internet Explorer :
    ================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm

    ========
    Services
    ========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3 ( OK = 3 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    ========
    Safemode
    ========

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    =========
    Atapi.sys
    =========

    C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\system32\drivers\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    Référence :
    ==========

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
    Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

    =======
    Drive :
    =======

    D'fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    180 Go total, 96,41 Go libre (53%), 12% fragment' (fragmentation du fichier 24%)

    Vous devriez d'fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Present !! : C:\Program Files\KaZaA
    Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Present !! : C:\WINDOWS\System32\MSWINSCK.OCX
    Present !! : C:\WINDOWS\System32\rnaph.dll
    Present !! : C:\WINDOWS\System32\SET*.tmp
    Present !! : C:\WINDOWS\Temp\JET92C5.tmp
    Present !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
    Present !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
    Present !! : C:\Documents and Settings\Anne-Marie\LOCAL Settings\Temp\Perflib_Perfdata_c14.dat

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
    Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
    Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_BHDRVX86
    Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_MEMSWEEP2
    Present !! : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_MEMSWEEP2
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-30 18:50:39
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 0 (0x0)
    FirewallOverride REG_DWORD 0 (0x0)
    FirewallDisableNotify REG_DWORD 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 18:50:42,40
    0
  16. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    1)

    Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option CLEAN
    ton PC va redemarrer,

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    colle le contenu dans ta reponse

    ......................

    2)

    refais un nouveau rapport ZHPdiag et postes le lien stp

    0
  17. manon_c12
     
    Kill'em by g3n-h@ckm@n 1.7.2.5

    User : Anne-Marie (Administrateurs)
    Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
    Start at: 19:54:35 | 30/04/2010

    Intel(R) Pentium(R) 4 CPU 3.20GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 180,29 Go (96,35 Go free) [HDD] | NTFS
    D:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\List_Kill'em\ERUNT.EXE
    C:\Program Files\List_Kill'em\pv.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Quarantined & Deleted !! : C:\Program Files\KaZaA

    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
    Quarantined & Deleted !! : C:\WINDOWS\System32\rnaph.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET150.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET155.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\JET4F2F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\JET92C5.tmp
    Quarantined & Deleted !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
    Deleted !! : C:\RECYCLER\S-1-5-21-3817341157-2852955905-2705397224-1008\Dc1.exe

    =======
    Hosts :
    =======

    127.0.0.1 localhost

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
    Deleted : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
    Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_BHDRVX86
    Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_MEMSWEEP2
    Deleted : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
    =================
    Internet Explorer
    =================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.com/?gws_rd=ssl
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ===============
    Security Center
    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 1 (0x1)
    FirewallOverride REG_DWORD 1 (0x1)
    FirewallDisableNotify REG_DWORD 0 (0x0)

    ========
    Services
    =========

    Ndisuio : Start = 3
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  18. manon_c12
     
    Rapport de ZHPDiag v1.25.1415 par Nicolas Coolman
    Run by Anne-Marie at 30/04/2010 21:37:54
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v8.0.6001.18702
    MFIE: Mozilla Firefox (3.5.9)

    ---\\ System Information
    Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
    Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1023 MB (30% free)
    System drive C: has 96 GB (53%) free of 180 GB

    ---\\ Logged in mode
    Computer Name: SN404475890003
    User Name: Anne-Marie
    Unselected Option: O1,O45,O61,O65
    Logged in as Administrator

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 96 Go of 180 Go)
    D:\ CD-ROM drive (Not Inserted)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

    ---\\ Processus lancés
    [MD5.7BBE4CF421AECC7F0226EDD75F12079F] - (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [208952]
    [MD5.024DC0F68DF5FD6AE9DD82DFBAF479D6] - (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [455168]
    [MD5.2863F29C5F134B92445C78FDEF46BB89] - (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968]
    [MD5.5E4C9C25D603AE46DEDCBD9674F86E21] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280]
    [MD5.ED0F2CC726E167AF02FBD250BF35C7A0] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Apps\Powercinema\PCMService.exe [110740]
    [MD5.84DA056C4331B17A5AAFACFF49C3BBA3] - (.NEC Computers International - Activboard Application.) -- c:\apps\ABoard\ABoard.exe [24576]
    [MD5.551A7585694985D50B0C3891A03AB50B] - (.H+H Software GmbH - Virtual CD v4.3 SDK - Player.) -- C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [299008]
    [MD5.BCD419D4EA19087E91601C1C2914323A] - (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe [221184]
    [MD5.3D9D5AA7B8A3D9F447274599D3EFB578] - (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe [458752]
    [MD5.EE2A9192A73D51E7F4D9099FC35C32D0] - (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe [217088]
    [MD5.3CF6BFF887AF6F733473D81A8921A5C5] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [180269]
    [MD5.FABAD2BFD44661D8CC627E5485BFAFAF] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [413696]
    [MD5.9D4F3923F8D3A13F2FEADB66C62FE5D0] - (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe [292136]
    [MD5.804F9A025540D3EA0A78618E3F8FF8E5] - (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe [94208]
    [MD5.C1913A21CB3A7BF314641ACF0A8F81C9] - (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe [196608]
    [MD5.5584247B568C2E53934873F4B655FE6A] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360]
    [MD5.D55F27F176CC687AAE438E0907F5A6D3] - (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [3558136]
    [MD5.49AD8709B96741F9C3C5A98CBBAB0777] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe [247144]
    [MD5.5011A24AECF4D573473BDC15EE84C178] - (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288]
    [MD5.BB1DA35335D88DB1CE1FEE8BD35F2248] - (.America Online, Inc. - AOL Connectivity Service.) -- C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [1123440]
    [MD5.7E94E567C1AA5ABE6174032B3DAB6C23] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712]
    [MD5.C67BDE7FB9B34496BDDD0F5F5922D3E4] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [344064]
    [MD5.1BD6C2F707A275CB7C16FD99FE0F31CA] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336]
    [MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888]
    [MD5.0326B36B8331569F25DB4A06412261F9] - (.Pas de propriétaire - CLCapSvc Module.) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [176220]
    [MD5.F905E8799D4EBF0597DFEEE659ECBA36] - (.Pas de propriétaire - CLSched Module.) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe [110682]
    [MD5.2BB11CD367D49098D57A8638ADB5BCF6] - (.Cyberlink - NT CLMLServer.) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [24576]
    [MD5.9D6BF82FE50D55F20F8E10E0F6653886] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104]
    [MD5.69202C049779AE09470370F163363F13] - (.Pas de propriétaire - Pas de description.) -- c:\APPS\HIDSERVICE\HIDSERVICE.exe [49152]
    [MD5.09417134F248DFCEEA15C72BCC87F592] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
    [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [322120]
    [MD5.EE215321E83BE72AB77B6627FD149EAE] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [117640]
    [MD5.9F3744A5C6F49291A7A685040A013399] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312]
    [MD5.DA81EC57ACD4CDC3D4C51CF3D409AF9F] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856]
    [MD5.67C5AF84809468061121FBCBECB19285] - (.Symantec Corporation - Norton Security Center Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [316544]
    [MD5.FBD16717FD68B206C4CE3BB3C9EE5CB3] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe [92008]
    [MD5.8C7579C9E29FB3430EF5AC8C09A71211] - (.H+H Software GmbH - Virtual CD v4.3 SDK - Security Service.) -- C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [139264]
    [MD5.C9BEA742CE225CC993C9465FDDAE4656] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) -- C:\Program Files\Windows Media Player\WMPNetwk.exe [918016]

    ---\\ Pages de recherche de Mozilla Firefox (M1)
    M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com

    ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: Shell=explorer.exe

    ---\\ Pages de recherche d'Internet Explorer (R1)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

    ---\\ Internet Explorer URLSearchHook (R3)
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll
    R3 - URLSearchHook: Microsoft Url Search Hook - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) (2008, 7, 28, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} . (.Veoh Networks Inc - Veoh Video Finder.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} . (.Veoh Networks - Veoh Video Compass.) -- C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    ---\\ Applications démarrées automatiquement par le registre (O4)
    O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
    O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
    O4 - HKLM\..\Run: [ATIPTA] . (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Apps\Powercinema\PCMService.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] . (.NEC Computers International - Activboard Application.) -- c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] . (.H+H Software GmbH - Virtual CD v4.3 SDK - Player.) -- C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] . (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] . (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
    O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe
    O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VeohPlugin] . (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
    O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - HKUS\S-1-5-18\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - HKUS\S-1-5-18\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk . (.Logitech Inc. - Logitech Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: OpenOffice.org 3.1.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    0
  19. manon_c12
     
    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Real\RealPlayer\eb_act.ico
    O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

    ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
    O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - (.not file.) - https:\\webdl.symantec.com\activex\symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ---\\ Protocole additionnel et piratage de protocole (O18)
    O18 - Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} . (.Logitech Inc. - Logitech Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
    O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notification.) -- C:\WINDOWS\System32\WgaLogon.dll

    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: AOL Connectivity Service (AOL ACS) . (.America Online, Inc. - AOL Connectivity Service.) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) . (.Pas de propriétaire - CLSched Module.) - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service (CyberLink Media Library Service) . (.Cyberlink - NT CLMLServer.) - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) . (.Pas de propriétaire - Pas de description.) - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton Internet Security (Norton Internet Security) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: SymWMI Service (SymWSC) . (.Symantec Corporation - Norton Security Center Service.) - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) . (.H+H Software GmbH - Virtual CD v4.3 SDK - Security Service.) - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Symantec NetDetect.job

    ---\\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 - ASIC: Personnalisation du navigateur - >{7C5EB9E7-2D02-4B23-8412-9C0F7E5DD6D5} . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
    O40 - ASIC: Macromedia Shockwave Director 8.5 - {166B1BCA-3F9C-11CF-8075-444553540000} . (.Macromedia, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
    O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
    O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
    O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: Symantec Heuristics Driver (BHDrvx86) . (.Symantec Corporation - BASH Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\BHDrvx86.sys
    O41 - Driver: Symantec Hash Provider (ccHP) . (.Symantec Corporation - Common Client Hash Provider Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\ccHPx86.sys
    O41 - Driver: Symantec Eraser Control driver (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    O41 - Driver: IDSxpx86 (IDSxpx86) . (.Symantec Corporation - IDS Core Driver.) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100422.002\IDSxpx86.sys
    O41 - Driver: Boot Tasks Driver (SAVRKBootTasks) . (.Sophos Plc - Sophos boot tasks for Windows 2000.) - C:\WINDOWS\system32\SAVRKBootTasks.sys
    O41 - Driver: Symantec Real Time Storage Protection (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\SRTSP.sys
    O41 - Driver: Symantec Real Time Storage Protection (PEL) (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.sys
    O41 - Driver: Symantec Network Dispatch Driver (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\SYMTDI.sys
    O41 - Driver: (vcsmpdrv) . (.H+H Software GmbH - Virtual CD v4.3 - Windows 2000 / XP Driver.) - C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Adobe Digital Editions - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM]
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]
    O42 - Logiciel: Adobe Photoshop 7.0 - (.Adobe Systems, Inc..) [HKLM]
    O42 - Logiciel: Adobe Reader 7.0 - Français - (.Adobe Systems Incorporated.) [HKLM]
    O42 - Logiciel: Alice ADSL - Installation principale - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Amazon MP3 Downloader 1.0.9 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM]
    O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM]
    O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM]
    O42 - Logiciel: CCHelp - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: CCScore - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]
    O42 - Logiciel: Canon Camera Window for ZoomBrowser EX - (.Canon.) [HKLM]
    O42 - Logiciel: Canon Internet Library for ZoomBrowser EX - (.Canon Inc..) [HKLM]
    O42 - Logiciel: Canon PhotoRecord - (.Cisra.) [HKLM]
    O42 - Logiciel: Canon RAW Image Task for ZoomBrowser EX - (.Canon.) [HKLM]
    O42 - Logiciel: Canon RemoteCapture Task for ZoomBrowser EX - (.Canon.) [HKLM]
    O42 - Logiciel: Canon Utilities PhotoStitch 3.1 - (.Canon.) [HKLM]
    O42 - Logiciel: Canon Utilities ZoomBrowser EX - (.CISRA.) [HKLM]
    O42 - Logiciel: Color Scheme Editor - (.Post Productions.) [HKLM]
    O42 - Logiciel: Cosmo Player 2.1 (38329) - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: DV Network Software - (.Canon Inc..) [HKLM]
    O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM]
    O42 - Logiciel: DivX Player - (.DivXNetworks, Inc..) [HKLM]
    O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM]
    O42 - Logiciel: Drivers Comtrend CT-600 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: ESSANUP - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSAdpt - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSCAM - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSCDBK - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSPCD - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSSONIC - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: ESScore - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSgui - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESShelp - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSini - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: ESSvpaht - (.Eastman Kodak.) [HKLM]
    O42 - Logiciel: Encyclopédie Universelle Larousse - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Free Mp3 Wma Converter V 1.7.3 - (.Koyote Soft.) [HKLM]
    O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: HLPIndex - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: HLPRFO - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: High Definition Audio Driver Package - KB835221 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Windows XP (KB926239) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6 - (.Sun Microsystems, Inc..) [HKLM]
    O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_05 - (.Sun Microsystems, Inc..) [HKLM]
    O42 - Logiciel: Java(TM) 6 Update 16 - (.Sun Microsystems, Inc..) [HKLM]
    O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: KSU - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: LiveUpdate 2.6 (Symantec Corporation) - (.Symantec Corporation.) [HKLM]
    O42 - Logiciel: Logiciel Kodak EasyShare - (.Eastman Kodak Company.) [HKLM]
    O42 - Logiciel: Logitech Desktop Messenger - (.Logitech, Inc..) [HKLM]
    O42 - Logiciel: Logitech Print Service - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Logitech QuickCam - (.Logitech, Inc..) [HKLM]
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]
    O42 - Logiciel: MSXML 4.0 SP2 (KB925672) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Office 2003 Web Components - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Mozilla Firefox (3.5.9) - (.Mozilla.) [HKLM]
    O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM]
    O42 - Logiciel: Notifier - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: OTtBP - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: OTtBPSDK - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM]
    O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: PCDADDIN - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: PCDHELP - (.Nom de votre société.) [HKLM]
    O42 - Logiciel: PCDLNCH - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Packard Bell InfoCentre - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM]
    O42 - Logiciel: Realtek High Definition Audio Driver - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: SFR - (.Eastman Kodak Company.) [HKLM]
    O42 - Logiciel: SFR2 - (.EASTMAN KODAK Company.) [HKLM]
    O42 - Logiciel: Samsung Master - (.Samsung.) [HKLM]
    O42 - Logiciel: Samsung USB Driver - (.Samsung Techwin.) [HKLM]
    O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM]
    O42 - Logiciel: Shockwave - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Sonic MyDVD - (.Sonic Solutions.) [HKLM]
    O42 - Logiciel: Sonic RecordNow! - (.Sonic Solutions.) [HKLM]
    O42 - Logiciel: Sophos Anti-Rootkit 1.3 - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: StuffPlug-NG (Messenger Plus! Plugins) - (.TheBlasphemer.) [HKLM]
    O42 - Logiciel: TomTom HOME 2.7.3.1894 - (.TomTom.) [HKLM]
    O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM]
    O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Veoh Video Compass - (.Veoh Networks, Inc..) [HKLM]
    O42 - Logiciel: Veoh Web Player Beta - (.Veoh Networks, Inc..) [HKLM]
    O42 - Logiciel: VideoLAN VLC media player 0.8.2 - (.VideoLAN Team.) [HKLM]
    O42 - Logiciel: Winamp (remove only) - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Genuine Advantage v1.3.0254.0 - (.Microsoft.) [HKLM]
    O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Media Connect - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM]
    O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: honestech Video Editor - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM]
    O42 - Logiciel: pdfforge Toolbar v1.1.2 - (.Spigot, Inc..) [HKLM]
    0
  20. manon_c12
     
    --\\ HKCU & HKLM Software Keys
    [HKCU\Software\ASProtect]
    [HKCU\Software\Ad-Remover]
    [HKCU\Software\Adobe]
    [HKCU\Software\America Online]
    [HKCU\Software\AppConf]
    [HKCU\Software\Apple Computer, Inc.]
    [HKCU\Software\Audacity]
    [HKCU\Software\Aurigma]
    [HKCU\Software\Binary Noise]
    [HKCU\Software\Bugsplat]
    [HKCU\Software\CDDB]
    [HKCU\Software\CISRA]
    [HKCU\Software\CLSID]
    [HKCU\Software\Canon]
    [HKCU\Software\Classes]
    [HKCU\Software\CosmoSoftware]
    [HKCU\Software\Cyberlink]
    [HKCU\Software\Cycore]
    [HKCU\Software\DivXNetworks]
    [HKCU\Software\ESMP]
    [HKCU\Software\EZhome]
    [HKCU\Software\Eyeball]
    [HKCU\Software\FotoWire]
    [HKCU\Software\Freeware]
    [HKCU\Software\GNU]
    [HKCU\Software\Gadu-Gadu]
    [HKCU\Software\Google]
    [HKCU\Software\High-Logic]
    [HKCU\Software\Hilgraeve Inc]
    [HKCU\Software\IM Providers]
    [HKCU\Software\Illustrate]
    [HKCU\Software\Intel]
    [HKCU\Software\JavaSoft]
    [HKCU\Software\Kazaa]
    [HKCU\Software\Kodak]
    [HKCU\Software\Lake]
    [HKCU\Software\Leadertech]
    [HKCU\Software\Local AppWizard-Generated Applications]
    [HKCU\Software\Logitech]
    [HKCU\Software\Macromedia]
    [HKCU\Software\MainConcept (Sonic)]
    [HKCU\Software\MainConcept]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\MozillaPlugins]
    [HKCU\Software\Mozilla]
    [HKCU\Software\Multi_Media]
    [HKCU\Software\Need2Find]
    [HKCU\Software\Netscape]
    [HKCU\Software\Nokia]
    [HKCU\Software\Northcode Inc]
    [HKCU\Software\Norton]
    [HKCU\Software\ODBC]
    [HKCU\Software\OpenOffice.org]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\Protexis]
    [HKCU\Software\RealNetworks]
    [HKCU\Software\SCC]
    [HKCU\Software\SOCID]
    [HKCU\Software\STOIK Imagic 30]
    [HKCU\Software\Skype]
    [HKCU\Software\Sonic]
    [HKCU\Software\Stoik]
    [HKCU\Software\Symantec]
    [HKCU\Software\System Process]
    [HKCU\Software\Terravirtual]
    [HKCU\Software\TomTom]
    [HKCU\Software\TorrentAid]
    [HKCU\Software\Trend Micro]
    [HKCU\Software\Trolltech]
    [HKCU\Software\Ultralingua]
    [HKCU\Software\VB and VBA Program Settings]
    [HKCU\Software\VHLD]
    [HKCU\Software\Veoh]
    [HKCU\Software\Virtual Plastic Surgery Software - VPSS]
    [HKCU\Software\WinRAR SFX]
    [HKCU\Software\WinRAR]
    [HKCU\Software\Winamp]
    [HKCU\Software\YahooPartnerToolbar]
    [HKCU\Software\Yahoo]
    [HKCU\Software\eMule]
    [HKCU\Software\honestech]
    [HKLM\Software\116f]
    [HKLM\Software\242E7B6AE22375B468E219C710FBFE04]
    [HKLM\Software\8ec]
    [HKLM\Software\ATI Technologies Inc.]
    [HKLM\Software\ATI Technologies]
    [HKLM\Software\Adobe]
    [HKLM\Software\Alice]
    [HKLM\Software\Amazon]
    [HKLM\Software\America Online]
    [HKLM\Software\Apple Computer, Inc.]
    [HKLM\Software\Apple Inc.]
    [HKLM\Software\Avance]
    [HKLM\Software\BackWeb]
    [HKLM\Software\BrowserChoice]
    [HKLM\Software\C07ft5Y]
    [HKLM\Software\CDDB]
    [HKLM\Software\CISRA]
    [HKLM\Software\Cakewalk Music Software]
    [HKLM\Software\Canon]
    [HKLM\Software\Claritas UK Ltd]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\CosmoSoftware]
    [HKLM\Software\CyberLink]
    [HKLM\Software\Cycore]
    [HKLM\Software\DivXNetworks]
    [HKLM\Software\ESMP]
    [HKLM\Software\Eyeball]
    [HKLM\Software\FotoWire]
    [HKLM\Software\FullCircle]
    [HKLM\Software\GEAR Software]
    [HKLM\Software\GNU]
    [HKLM\Software\GTek]
    [HKLM\Software\Gadu-Gadu]
    [HKLM\Software\Gemplus]
    [HKLM\Software\Google]
    [HKLM\Software\H+H Zfrk]
    [HKLM\Software\Havas Interactive]
    [HKLM\Software\High-Logic]
    [HKLM\Software\InstallShield]
    [HKLM\Software\Intel Corporation]
    [HKLM\Software\Intel]
    [HKLM\Software\JavaSoft]
    [HKLM\Software\Kazaa]
    [HKLM\Software\Kodak]
    [HKLM\Software\Lake]
    [HKLM\Software\Larousse]
    [HKLM\Software\Logitech]
    [HKLM\Software\MDMOptions]
    [HKLM\Software\Macromedia]
    [HKLM\Software\MicroVision]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\Multi_Media]
    [HKLM\Software\NEC Computers International]
    [HKLM\Software\Need2Find]
    [HKLM\Software\Norton]
    [HKLM\Software\Nullsoft]
    [HKLM\Software\ODBC]
    [HKLM\Software\OpenOffice.org]
    [HKLM\Software\PCSuite]
    [HKLM\Software\PTECH]
    [HKLM\Software\Policies]
    [HKLM\Software\Program Groups]
    [HKLM\Software\Protexis]
    [HKLM\Software\RNDIS driver]
    [HKLM\Software\RealNetworks]
    [HKLM\Software\RealVNC]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\RichFX]
    [HKLM\Software\S3R521]
    [HKLM\Software\Samsung Techwin]
    [HKLM\Software\SamsungMaster]
    [HKLM\Software\Samsung]
    [HKLM\Software\Schlumberger]
    [HKLM\Software\Secure]
    [HKLM\Software\SemanticInsight]
    [HKLM\Software\Sharman Networks Ltd]
    [HKLM\Software\SmartLink]
    [HKLM\Software\Soeperman Enterprises Ltd.]
    [HKLM\Software\Sonic]
    [HKLM\Software\Sun Microsystems]
    [HKLM\Software\Symantec]
    [HKLM\Software\TerraVirtual]
    [HKLM\Software\The Silicon Realms Toolworks]
    [HKLM\Software\Tiscali]
    [HKLM\Software\TomTom]
    [HKLM\Software\TrendMicro]
    [HKLM\Software\VOB]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\Windows 3.1 Migration Status]
    [HKLM\Software\Wise Solutions]
    [HKLM\Software\Xing Technology Corp.]
    [HKLM\Software\Yahoo]
    [HKLM\Software\Zone Labs]
    [HKLM\Software\honestech]
    [HKLM\Software\mozilla.org]

    ---\\ Contenu des dossiers Fichiers Communs (O43)
    O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Amazon
    O43 - CFD:Common File Directory ----D- C:\Program Files\American Systems
    O43 - CFD:Common File Directory ----D- C:\Program Files\AOL 9.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\AOL Compagnon
    O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
    O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
    O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
    O43 - CFD:Common File Directory ----D- C:\Program Files\Canon
    O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
    O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
    O43 - CFD:Common File Directory ----D- C:\Program Files\CosmoSoftware
    O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
    O43 - CFD:Common File Directory ----D- C:\Program Files\Dictionnaire
    O43 - CFD:Common File Directory ----D- C:\Program Files\directx
    O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
    O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
    O43 - CFD:Common File Directory ----D- C:\Program Files\ESF
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
    O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
    O43 - CFD:Common File Directory ----D- C:\Program Files\Google
    O43 - CFD:Common File Directory ----D- C:\Program Files\Grisoft
    O43 - CFD:Common File Directory ----D- C:\Program Files\honestech Video Editor 7.0 Shareware
    O43 - CFD:Common File Directory ----D- C:\Program Files\Ihsv
    O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate
    O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
    O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
    O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
    O43 - CFD:Common File Directory ----D- C:\Program Files\Java
    O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
    O43 - CFD:Common File Directory ----D- C:\Program Files\Kodak
    O43 - CFD:Common File Directory ----D- C:\Program Files\Larousse
    O43 - CFD:Common File Directory ----D- C:\Program Files\Learn2.com
    O43 - CFD:Common File Directory ----D- C:\Program Files\List_Kill'em
    O43 - CFD:Common File Directory ----D- C:\Program Files\Livre Album Fuji Photo
    O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
    O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
    O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
    O43 - CFD:Common File Directory ----D- C:\Program Files\MessengerPlus! 3
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft ActiveSync
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
    O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft office
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
    O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
    O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
    O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
    O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
    O43 - CFD:Common File Directory ----D- C:\Program Files\Norton Internet Security
    O43 - CFD:Common File Directory R---D- C:\Program Files\Norton Support
    O43 - CFD:Common File Directory ----D- C:\Program Files\NortonInstaller
    O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 2.0
    O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
    O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
    O43 - CFD:Common File Directory ----D- C:\Program Files\Photo Wizard
    O43 - CFD:Common File Directory ----D- C:\Program Files\PokerRoom.com
    O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
    O43 - CFD:Common File Directory ----D- C:\Program Files\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
    O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
    O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
    O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
    O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic
    O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos
    O43 - CFD:Common File Directory ----D- C:\Program Files\Symantec
    O43 - CFD:Common File Directory ----D- C:\Program Files\Tiscali Triway Wi-Fi
    O43 - CFD:Common File Directory ----D- C:\Program Files\Tiscali_Triway_WiFi
    O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
    O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
    O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
    O43 - CFD:Common File Directory ----D- C:\Program Files\Veoh Networks
    O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
    O43 - CFD:Common File Directory ----D- C:\Program Files\Virtual CD v4 SDK
    O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Toolbar
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
    O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
    O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
    O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
    O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
    O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
    O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AOL
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\aolshare
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Kodak
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\NSV
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sonic Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SureThing Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
    O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
    O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
    0
    1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      il manque un petit bout encore
      0
  • 1
  • 2