Troja:W32:/Agant.BA

Résolu
jeffcomment Messages postés 24 Statut Membre -  
jeffcomment Messages postés 24 Statut Membre -
Bonsoir

Je suis entrain de nettoyer un pc d'un collégue.
Windows Xp familiale version 5.1 sp2
Je l'ai nettoyé à 95%

1-Il me reste de visible un trojan détecté par Wind oneCare ou avast
oneCare => Troja:W32:/Agant.BA cheval de troie
le fichier concerné serait hanonvt.ini dans system32

2-Le fichier printer.exe a été mis en quarantaine par TrojanHunter mais est demandé à chaque dém de windows

3- Une restriction systeme interdit tous les outils admis (panneau de config, ajout et suppression ....) et sont caché du menu.

J'ai réussi à le refaire apparaitre le panneau mais il disparait à nouveau et de toutes façons toutes les fonctionnalités sont aussi désactivées.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:12, on 27/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8716 bytes
Configuration: Windows XP
Internet Explorer 7.0

38 réponses

  • 1
  • 2
Résumé de la discussion

Une machine sous Windows XP SP2 présente une infection par un cheval de Troie et des composants malveillants persistants, notamment via le fichier hanonvt.ini chargé en AppInit_DLLs et un fichier printer.exe en démarrage. Des outils de sécurité constatent des entrées indésirables dans les paramètres système, des extensions de navigateur et des services, avec des noms variés tels que OneCare, AVG et TrojanHunter présents dans la configuration. Les analyses HijackThis et les rapports de scan indiquent des clés liées à des barres d’outil, des manipulations de Registre et des éléments d’exécution au démarrage, nécessitant une purge complète et un rétablissement.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Bonjour

    Je pense que ton rapprt hijackthis est incomplet ;-)

    Télécharge SmitfraudFix et enregistre le sur le bureau. Si ton anti-virus t'alerte d'un virus, désactive-le.
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    décompresse SmitfraudFix

    Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

    Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
    0
  2. jeffcomment Messages postés 24 Statut Membre
     
    SmitFraudFix v2.217

    Rapport fait à 20:58:25,14, 27/08/2007
    Executé à partir de C:\temp\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{6076d2b1-634c-4685-843b-f826045ea5dc}"="hemadynamometer"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 atdmt.com
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 www.viruslist.ru

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\main_uninstaller.exe supprimé
    C:\WINDOWS\privacy_danger\ supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
    C:\Program Files\NewMediaCodec\ supprimé
    C:\Program Files\Video ActiveX Object\ supprimé
    C:\Program Files\VideoCompressionCodec\ supprimé
    C:\Program Files\VideoKeyCodec\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F66E3D0D-C1ED-4D64-8513-89201DFB66E0}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F66E3D0D-C1ED-4D64-8513-89201DFB66E0}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F66E3D0D-C1ED-4D64-8513-89201DFB66E0}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    0
  3. Utilisateur anonyme
     
    C'est mieux mais pas terminé, fais ceci maintenant

    Télécharge et installe AVG anti-spyware : mets le à jour
    Tu fais un scan complet de ton système, dès qu'il a fini.
    Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp

    Téléchargeable et tutoriel sur cette page :
    --> http://redir.fr/gsel

    Si tu n'arrives pas à le mettre à jour prends ici les mises à jour
    http://downloads.ewido.net/avgas-signatures-full-current.exe

    En même temps, remets un rapport hijackthis stp
    0
  4. jeffcomment Messages postés 24 Statut Membre
     
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 07:54:57 29/08/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP655\A0196066.dll -> Adware.Agent : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP657\A0196100.exe -> Adware.Agent : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} -> Adware.Generic : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP648\A0187674.exe -> Adware.Systemdoctor : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP655\A0196070.exe -> Adware.UltimateDefender : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP635\A0179581.exe -> Adware.VirusBursters : Ignoré.
    C:\Program Files\WinAntiSpyware 2006 Scanner -> Adware.WinAntiSpyware : Ignoré.
    C:\Program Files\WinAntiSpyware 2006 Scanner\unins000.exe -> Adware.WinAntiSpyware : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP656\A0196083.ini -> Downloader.Agent.bxx : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP656\A0196090.ini -> Downloader.Agent.bxx : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP657\A0196092.ini -> Downloader.Agent.bxx : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP657\A0196099.ini -> Downloader.Agent.bxx : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP635\A0180651.exe -> Downloader.Alphabet.b : Ignoré.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
    C:\System Volume Information\_restore{CFAC8D31-B464-4B7A-AB0C-0F3986F738AE}\RP655\A0196071.ocx -> Trojan.Agent.ahq : Ignoré.

    Fin du rapport

    ---------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:59:15, on 29/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\DOCUME~1\ADMINI~1.COU\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.winantivirus.com/MTY2NjU=/2/6018/ax=1/ed=1/ex=1/441/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Tu peux recommencer AVG rien n'a été supprimé de plus hijackthis n'est pas à faire en mode sans échec et je ne t'ai pas demandé de rapport ;-)
    0
  7. jeffcomment
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:38, on 30/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\ADMINI~1.COU\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.winantivirus.com/MTY2NjU=/2/6018/ax=1/ed=1/ex=1/441/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    0
  8. jeffcomment Messages postés 24 Statut Membre
     
    Pourquoi Hum... bref ???
    0
  9. Utilisateur anonyme
     
    J'ai marqué quelque chose au message <5> il serait bien d'en tenir compte
    0
  10. jeffcomment Messages postés 24 Statut Membre
     
    oups !
    0
  11. jeffcomment Messages postés 24 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:30, on 30/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Philips ToUcam Camera\VProperty.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  12. Utilisateur anonyme
     
    Pense à refaire AVG antispyware il n'a rien supprimé, après j'me rpéte plus tant pis :P

    Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/dss.exe

    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    Attention, il peut avoir deux, trois rapports mets les tous ici stp
    0
  13. jeffcomment Messages postés 24 Statut Membre
     
    Deckard's System Scanner v20070826.66
    Run by Propriétaire on 2007-08-30 22:58:47
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --
    64: 2007-08-30 20:59:04 UTC - RP663 - Deckard's System Scanner Restore Point
    63: 2007-08-30 17:00:46 UTC - RP662 - Software Distribution Service 3.0
    62: 2007-08-30 11:40:01 UTC - RP661 - Microsoft OneCare Protection Checkpoint
    61: 2007-08-30 11:07:55 UTC - RP660 - Point de vérification système
    60: 2007-08-28 17:52:28 UTC - RP659 - Microsoft OneCare Protection Checkpoint

    -- First Restore Point --
    1: 2007-06-02 14:35:42 UTC - RP600 - Point de vérification système

    Backed up registry hives.
    Performed disk cleanup.

    [color=red]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]

    -- HijackThis Clone ------------------------------------------------------------

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-08-30 23:00:35
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Philips ToUcam Camera\VProperty.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
    C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
    C:\Program Files\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Propriétaire\Bureau\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKEY_LOCAL_MACHINE\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKEY_LOCAL_MACHINE\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKEY_LOCAL_MACHINE\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} () - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} () - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: Boonty Games - BOONTY - "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    -- File Associations -----------------------------------------------------------

    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 avgntmgr - c:\windows\system32\drivers\avgntmgr.sys <Not Verified; H+BEDV Datentechnik GmbH; AntiVir®>
    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
    R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
    R3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys <Not Verified; Softwin SRL; BitDefender 10>

    S1 avgntdd - c:\program files\avpersonal\avgntdd.sys (file missing)
    S1 bdftdif - c:\program files\fichiers communs\softwin\bitdefender firewall\bdftdif.sys (file missing)
    S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
    S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
    S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
    S3 dptrackerd (Tracker Driver) - c:\windows\system32\drivers\dptrackerd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
    S3 sony_ssm.sys - c:\docume~1\propri~1\locals~1\temp\sony_ssm.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe (file missing)
    S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>

    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.

    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-30 22:19:02 356 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
    2007-08-26 18:00:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2007-06-23 18:20:07 334 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY395210BHK4.job

    -- Files created between 2007-07-30 and 2007-08-30 -----------------------------

    2007-08-30 12:31:25 0 d-------- C:\WINDOWS\LastGood
    2007-08-30 12:27:04 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
    2007-08-30 12:23:35 0 d-------- C:\Documents and Settings\Administrateur.COUDE-GPGD3PZQ2\Application Data\TrojanHunter
    2007-08-28 22:13:14 0 d-------- C:\Documents and Settings\Administrateur.COUDE-GPGD3PZQ2\Application Data\Grisoft
    2007-08-28 22:12:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-08-27 20:58:37 175092 --a------ C:\Pass2.cmd
    2007-08-27 20:58:31 3116 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-27 20:58:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-08-27 20:58:06 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-08-27 20:58:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-08-26 14:05:07 81024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys <Not Verified; Microsoft Corporation; OneCare Firewall Driver>
    2007-08-26 14:04:58 105856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys <Not Verified; Microsoft Corporation; OneCare Firewall Helper Driver>
    2007-08-26 13:49:52 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
    2007-08-26 13:39:01 0 dr-h----- C:\Documents and Settings\Propriétaire\Recent
    2007-08-26 13:18:40 0 d-------- C:\Program Files\Yahoo!
    2007-08-26 13:18:24 0 d-------- C:\Program Files\CCleaner
    2007-08-25 10:24:04 0 d-------- C:\Program Files\RegCleaner
    2007-08-25 09:59:47 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\TrojanHunter
    2007-08-25 01:36:48 0 d-------- C:\Program Files\TrojanHunter 4.7
    2007-08-23 08:34:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-08-23 08:33:13 0 d-------- C:\Program Files\Lavasoft
    2007-08-22 23:33:44 0 d-------- C:\Program Files\Broadcom
    2007-08-22 23:05:00 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-08-22 23:00:38 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
    2007-08-20 19:16:48 0 d-------- C:\Documents and Settings\Marie Annick\Application Data\SmartCom
    2007-08-08 09:35:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-08-07 15:32:21 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Bitdefender
    2007-08-07 14:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

    -- Find3M Report ---------------------------------------------------------------

    2007-08-27 21:22:53 0 d-------- C:\Program Files\Java
    2007-08-25 10:17:48 0 d-------- C:\Program Files\NetBattle
    2007-08-25 10:12:45 0 d-------- C:\Program Files\Easy Music Composer Free
    2007-08-25 01:06:21 0 d-------- C:\Program Files\MSN Messenger
    2007-08-25 01:05:18 0 d-------- C:\Program Files\Red Kawa
    2007-08-23 08:42:00 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
    2007-08-22 23:37:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-22 23:13:10 0 d-------- C:\Program Files\Fichiers communs\Real
    2007-08-22 23:12:56 0 d-------- C:\Program Files\Fichiers communs
    2007-08-22 23:12:46 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Real
    2007-08-22 23:11:06 0 d-------- C:\Program Files\Orange Messenger
    2007-08-19 18:53:18 0 d-------- C:\Program Files\Wanadoo
    2007-08-01 09:50:01 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Shareaza
    2007-08-01 09:48:57 0 d-------- C:\Program Files\DigitalSoundPlanet
    2007-08-01 09:43:13 0 d-------- C:\Program Files\VstPlugins
    2007-07-20 20:09:47 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\dvdcss
    2007-07-11 20:09:57 470828 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-07-11 20:09:57 76144 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-07-06 03:28:26 7535 --a------ C:\WINDOWS\system32\czpfkzxaj.dat
    2007-07-06 03:28:09 2134 --a------ C:\WINDOWS\system32\czpfkzxaj_navps.dat
    2007-07-05 20:27:09 0 d-------- C:\Program Files\DivX
    2007-07-04 19:21:55 262465 --a------ C:\WINDOWS\system32\czpfkzxaj_nav.dat
    2007-07-01 18:29:56 0 d-------- C:\Program Files\iTunes
    2007-07-01 18:26:31 0 d-------- C:\Program Files\iPod

    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [13/02/2003 01:01]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 15:42]
    "ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [05/10/2000 10:39]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
    "WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [14/04/2005 16:46]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [08/04/2003 13:45]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [17/12/2002 12:40]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [13/05/2004 09:28]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [20/08/2004 01:09]
    "THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [11/08/2007 20:49]
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [02/08/2007 10:47]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 01:09]
    "RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [22/04/2005 01:01]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 09:01:04]
    Reality Fusion GameCam SE.lnk - C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe [06/04/2005 12:15:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "DisableTaskMgr"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingsPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispAppearancePage"=0 (0x0)
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^.protected]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected
    backup=C:\WINDOWS\pss\.protectedCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire d'enregistrement.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire d'enregistrement.lnk
    backup=C:\WINDOWS\pss\Lancer l'utilitaire d'enregistrement.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^.protected]
    path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\.protected
    backup=C:\WINDOWS\pss\.protectedStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmonitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
    C:\WINDOWS\system32\WinAvXX.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b092874-3397-11db-bf6a-0090d09464f9}]
    AutoRun\command- F:\LaunchU3.exe

    -- Hosts -----------------------------------------------------------------------

    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 atdmt.com
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 fastclick.net

    6 more entries in hosts file.

    -- End of Deckard's System Scanner: finished at 2007-08-30 23:03:41 ------------

    Deckard's System Scanner v20070826.66
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Édition familiale (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of Memory in Use: 55%
    Physical Memory (total/avail): 510 MiB / 227.54 MiB
    Pagefile Memory (total/avail): 1248.67 MiB / 931.58 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1966.8 MiB

    C: is Fixed (NTFS) - 111.71 GiB total, 31.09 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - WDC WD1200JB-75FUA0 - 111.76 GiB - 2 partitions
    \PARTITION0 - Unknown - 47.03 MiB
    \PARTITION1 (bootable) - Système de fichiers installable - 111.71 GiB - C:

    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: Pare-feu Windows Live OneCare v1.0.0 (Microsoft Corporation) [COLOR=RED]Disabled[/COLOR]
    FW: Bitdefender Firewall v8.0 (Softwin) [COLOR=RED]Disabled[/COLOR]
    AV: Bitdefender Antivirus v8.0 (Softwin) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
    AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
    AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX02.546\\WLM8patch\\WLM8patch.exe"="C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX02.546\\WLM8patch\\WLM8patch.exe:*:Enabled:Great"
    "C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager Application (IDM)"
    "C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX02.797\\WLM8patch\\WLM8patch.exe"="C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX02.797\\WLM8patch\\WLM8patch.exe:*:Enabled:Great"
    "C:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"="C:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe:*:Enabled:Clue"
    "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\The Game Creators\\FPS Creator Demo\\FPSC-Game.exe"="C:\\Program Files\\The Game Creators\\FPS Creator Demo\\FPSC-Game.exe:*:Enabled:FPSC Game"
    "C:\\Program Files\\P2P-Radio\\P2P-Radio.exe"="C:\\Program Files\\P2P-Radio\\P2P-Radio.exe:*:Enabled:P2P-Radio"
    "C:\\Program Files\\PeerCast\\PeerCast.exe"="C:\\Program Files\\PeerCast\\PeerCast.exe:*:Enabled:PeerCast"
    "C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX00.016\\WLM8patch\\WLM8patch.exe"="C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX00.016\\WLM8patch\\WLM8patch.exe:*:Enabled:Great"
    "C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX03.812\\WLM8patch\\WLM8patch.exe"="C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Rar$EX03.812\\WLM8patch\\WLM8patch.exe:*:Enabled:Great"
    "C:\\Program Files\\MSN Messenger\\MSNP13Downgrader.exe"="C:\\Program Files\\MSN Messenger\\MSNP13Downgrader.exe:*:Enabled:MSNP13Downgrader"
    "C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"
    "C:\\Program Files\\Orange Messenger\\Orange Messenger.exe"="C:\\Program Files\\Orange Messenger\\Orange Messenger.exe:*:Enabled:Orange Messenger"
    "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\MessengerDiscovery\\Loader.exe"="C:\\Program Files\\MessengerDiscovery\\Loader.exe:*:Disabled:Loader"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Propri‚taire\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=COUDE-GPGD3PZQ2
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Propri‚taire
    LANG=fr
    LOGONSERVER=\\COUDE-GPGD3PZQ2
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\GTK\2.0\bin
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
    USERDOMAIN=COUDE-GPGD3PZQ2
    USERNAME=Propri‚taire
    USERPROFILE=C:\Documents and Settings\Propri‚taire
    windir=C:\WINDOWS

    -- User Profiles ---------------------------------------------------------------

    Propriétaire [I](admin)[/I]
    Marie Annick
    Carl
    Administrateur.COUDE-GPGD3PZQ2 [I](admin)[/I]

    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
    --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    AV Voice Changer Software DIAMOND 4.0 --> C:\PROGRA~1\AVVCS4~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS4~1.0DI\INSTALL.LOG
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1036
    Broadcom Driver Installer --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1036
    CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
    Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    Correctif Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
    Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
    dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
    Dell ResourceCD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
    Disque de souvenirs HP --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    HijackThis 2.0.2 --> "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    hp photosmart 7700 series --> rundll32 hpzcon09.dll,VendorJettison hp photosmart 7700 series
    HP Software Update --> MsiExec.exe /X{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}
    Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Office XP Media Content --> MsiExec.exe /I{9030040C-6000-11D3-8CFE-0050048383C9}
    Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Microsoft Protection Service --> MsiExec.exe /I{1C1B6919-00D6-4A9C-B993-1EF82F956530}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Windows Live OneCare Resources v1.6.2111.30 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}
    Microsoft Windows OneCare Live v1.6.2111.30 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
    Microsoft Windows OneCare Live v1.6.2111.30 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB914882) --> "C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    New Media Codec v3.2 --> C:\Program Files\NewMediaCodec\Uninstall.exe
    Philips ToUcam XS Camera --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Philips ToUcam Camera\ToUcamXS.isu"
    PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
    Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
    PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
    Reality Fusion GameCam SE --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{524CA1A3-FA5E-11D3-8EB7-00500462F5BA}\setup.exe"
    Reality Fusion VBall --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C41FC6B-00C9-11D4-8EB7-00500462F5BA}\setup.exe"
    RTP for RM2K (Png, Wav, Midi, Fonts) --> C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
    SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
    Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
    Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
    Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
    SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x40c -removeonly
    SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
    SpotLife --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84FA5EEA-32CE-47AE-9DF0-83CBCC2DED2C}\setup.exe" FreshInstall
    The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"
    TrojanHunter 4.7 --> "C:\Program Files\TrojanHunter 4.7\unins000.exe"
    Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
    Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}
    Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    VideoLink Mail --> C:\PROGRA~1\VIDEOL~1\UNWISE.EXE C:\PROGRA~1\VIDEOL~1\INSTALL.LOG
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
    Vodafone
    0
  14. jeffcomment Messages postés 24 Statut Membre
     
    j'ai refait avg avant.
    Et j'ai coupé ce que je pouvais car le gestionnaire de tache n'est pas accessible
    0
  15. Utilisateur anonyme
     
    Désinstalle toutes traces de Bitdefender et AntiVir qu'il reste, un pare-feu est un anti-virus suffit.

    ¤ Télécharge OTMoveIt sur ton bureau
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Double clic sur OTMoveIt.exe
    Sélectionne et copie les lignes ci-dessous

    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\bdod.bin
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender
    C:\Documents and Settings\All Users\Application Data\BitDefender
    C:\WINDOWS\system32\czpfkzxaj.dat
    C:\WINDOWS\system32\czpfkzxaj_navps.dat
    C:\WINDOWS\system32\czpfkzxaj_nav.dat
    C:\WINDOWS\system32\printer.exe
    C:\WINDOWS\system32\hanonvt.ini
    c:\windows\system32\drivers\bdfndisf.sys
    c:\windows\system32\drivers\avgntmgr.sys

    Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
    Clic sur le boutton rouge Moveit et ferme OTMoveIt
    Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
    Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

    ¤ Vas dans ajouter/supprimer des programmes et désinstalle :

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Media Player (saloperie)

    ¤ Télécharge et double-clic sur ce fichier ça va remettre un peu d'ordre
    --> http://www.mediafire.com/?ajsomdz2ddm

    Dès que tout ça et fait, remet un rapport Comboscan (en entier !) et le rapport OTmoveit
    0
  16. Jeffcomment
     
    Deckard's System Scanner v20070826.66
    Run by Propriétaire on 2007-08-31 19:03:33
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    [color=red]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]

    -- HijackThis (run as Propriétaire.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:35, on 31/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Philips ToUcam Camera\VProperty.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Propriétaire\Bureau\dss.exe
    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\RPERTO~1.ZIP\PROPRI~1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: .protected
    O4 - Global Startup: .protected
    O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  17. jeffcomment Messages postés 24 Statut Membre
     
    C:\WINDOWS\iun6002.exe moved successfully.
    C:\WINDOWS\system32\bdod.bin moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender\Desktop\Profiles\Logs\my_documents moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender\Desktop\Profiles\Logs\contextual moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender\Desktop\Profiles\Logs moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender\Desktop\Profiles moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender\Desktop moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\Bitdefender moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\DTrace moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\rootkit_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\removable_drives_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\quick_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\memory_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Events moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender moved successfully.
    C:\WINDOWS\system32\czpfkzxaj.dat moved successfully.
    C:\WINDOWS\system32\czpfkzxaj_navps.dat moved successfully.
    C:\WINDOWS\system32\czpfkzxaj_nav.dat moved successfully.
    File/Folder C:\WINDOWS\system32\printer.exe not found.
    C:\WINDOWS\system32\hanonvt.ini moved successfully.
    c:\windows\system32\drivers\bdfndisf.sys moved successfully.
    c:\windows\system32\drivers\avgntmgr.sys moved successfully.

    Created on 08/31/2007 18:31:08
    0
  18. jeffcomment Messages postés 24 Statut Membre
     
    depuis j'ai supprimé "..protected" des menu de démarrage
    0
  19. Utilisateur anonyme
     
    Ton rapport ComboScan est incomplet je l'ai besoin en entier ;-)
    0
  20. jeffcomment Messages postés 24 Statut Membre
     
    Deckard's System Scanner v20070826.66
    Run by Propriétaire on 2007-08-31 20:11:57
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    [color=red]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]

    -- HijackThis (run as Propriétaire.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:17, on 31/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Philips ToUcam Camera\VProperty.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Propriétaire\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Propriétaire.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c446.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackInstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
    O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
    O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  • 1
  • 2