Redirection depuis google

Résolu
pverlain Messages postés 4 Statut Membre -  
O VertigO Messages postés 862 Statut Membre -
Bonjour.
Je suis moi aussi victime de redirections intempestives depuis google.
L'adresse pirate qui vient s'interposer est 64.111.210.194.

J'ai lu le lien
page internet google redirigee
mais il ne semble pas que cela corresponde exactement à mon cas.
Merci pour qui pourra m'aider.

Voici mon log highjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:12, on 28/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\MMaestro\BWheel35.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Roland\VSC32\vsc32cnf.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\Daddy\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=FFB8560382C94BFFADD9EE6E009DB440
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://cansoft.com/seo-vancouver.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [SSPrnAgent] C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Autoexecntcopy.bat
O4 - Startup: Microsoft Office OneNote 2007 (version Bêta) - Lancement rapide.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/157b4ef69c1487094d05/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109187188859
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.hugedomains.com/domain_profile.cfm?d=parispourvous&e=com
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f004.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://ad.cotesdarmor.fr/ecwplugins/ncs1.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - https://www.afternic.com/forsale/toolbar.azesearch.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://ww1.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Duo Installer (DuoInstallerService) - Nemesis - C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 17574 bytes
Configuration: Windows XP 
Internet Explorer 6.0

20 réponses

  1. O VertigO Messages postés 862 Statut Membre 32
     
    ah bin ok alors ! Comme quoi, les problèmes peuvent parfois paraitre compliqués sans l'être réellement...

    Bonne journée alors
    1
  2. pverlain
     
    Merci de ton aide.
    Je n'ai pas pu installer le patch microsoft que tu m'indiques car il me dit que mon pack windows est plus récent que cette mise à jour.
    J'ai recherché mslaugh.exe sur tout mon ordinateur, mais il n'a rien trouvé.
    J'ai fait le FIX CHEKED de la ligne que tu m'indiques.
    J'ai toujours le PB!
    Voici mon nouveau log de hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:15:11, on 29/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\MMaestro\BWheel35.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\HHVcdV6Sys\VC6Play.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Roland\VSC32\vsc32cnf.exe
    C:\Program Files\Roland\VSC32\vscvol.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\QuickTime Alternative\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
    C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v6\System\VC6Tray.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Real\RealOne Player\RealPlay.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=FFB8560382C94BFFADD9EE6E009DB440
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://cansoft.com/seo-vancouver.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
    O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
    O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
    O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
    O4 - HKLM\..\Run: [SSPrnAgent] C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Autoexecntcopy.bat
    O4 - Startup: Microsoft Office OneNote 2007 (version Bêta) - Lancement rapide.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
    O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
    O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/157b4ef69c1487094d05/netzip/RdxIE601_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109187188859
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.hugedomains.com/domain_profile.cfm?d=parispourvous&e=com
    O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f004.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://ad.cotesdarmor.fr/ecwplugins/ncs1.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - https://www.afternic.com/forsale/toolbar.azesearch.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://ww1.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Duo Installer (DuoInstallerService) - Nemesis - C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  3. pverlain
     
    Merci encore.

    1) J'ai effectué le fix checked avec les 2 lignes que tu m'as indiquées. Le nouveau log est ci-dessous.
    2) La ligne" O2 - BHO: iFinger plugin..." me parle d'un dictionnaire que j'ai installé, donc connu de moi.
    L'autre ligne : O2 - BHO: HttpGuard - etc...", ne me dit rien .

    merci encore

    log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:00:21, on 30/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\MMaestro\BWheel35.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\HHVcdV6Sys\VC6Play.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Roland\VSC32\vsc32cnf.exe
    C:\Program Files\Roland\VSC32\vscvol.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\QuickTime Alternative\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
    C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v6\System\VC6Tray.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\eMule\emule.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=FFB8560382C94BFFADD9EE6E009DB440
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://cansoft.com/seo-vancouver.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
    O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
    O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
    O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
    O4 - HKLM\..\Run: [SSPrnAgent] C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [PDFSaver] C:\Program Files\GénéaTique2004\PdfDrv\Install\PDFSaver.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Autoexecntcopy.bat
    O4 - Startup: Microsoft Office OneNote 2007 (version Bêta) - Lancement rapide.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/157b4ef69c1487094d05/netzip/RdxIE601_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109187188859
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.hugedomains.com/domain_profile.cfm?d=parispourvous&e=com
    O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f004.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://ad.cotesdarmor.fr/ecwplugins/ncs1.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - https://www.afternic.com/forsale/toolbar.azesearch.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://ww1.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Duo Installer (DuoInstallerService) - Nemesis - C:\Program Files\M-Audio USB Duo\Install\Dinst.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  4. pverlain
     
    Bonjour,

    Je n'ai plus de nouvelles sur mon problème qui pourrit toujours mon PC.

    Dois-je ouvrir une nouvelle discussion?

    Merci de votre aide.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pverlain
     
    Merci VertigO de passer du temps à m'aider ( et en plus tu t'excuses!: c'est à moi de m'excuser de mon impatience).

    Voici le résultat du Diaghelp.

    Amicalement,

    Pverlain

    DiagHelp version v1.2 - http://www.malekal.com
    excute le 06/09/2007 à 13:27:01,60

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->06/09/2007 13:26:51
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->06/09/2007 13:26:41
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->06/09/2007 13:25:55
    C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf -->06/09/2007 13:25:41
    C:\WINDOWS\prefetch\ALBUMDB2.EXE-0EEB0F05.pf -->06/09/2007 13:25:31
    C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->06/09/2007 13:25:01
    C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->06/09/2007 13:22:18
    C:\WINDOWS\prefetch\SETUP.EXE-226E5A47.pf -->06/09/2007 13:18:28
    C:\WINDOWS\prefetch\FIREFOX SETUP 2.0.0.6.EXE-30BFA2C8.pf -->06/09/2007 13:18:22
    C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf -->06/09/2007 13:15:23

    C:\WINDOWS\System32\drivers\sptd.sys -->16/06/2007 11:12:55
    C:\WINDOWS\System32\drivers\MxlW2k.sys -->19/02/2005 10:35:43
    C:\WINDOWS\System32\drivers\MarvinBus.sys -->28/01/2005 14:36:00
    C:\WINDOWS\System32\drivers\wpdusb.sys -->11/10/2004 11:20:38
    C:\WINDOWS\System32\drivers\MarvinUsb.sys -->28/09/2004 12:08:42
    C:\WINDOWS\System32\drivers\ElbyCDFL.sys -->31/08/2004 20:07:08
    C:\WINDOWS\System32\drivers\tdtcp.sys -->04/08/2004 00:55:14

    C:\WINDOWS\System32\vsconfig.xml -->06/09/2007 12:59:38
    C:\WINDOWS\System32\spupdwxp.log -->06/09/2007 12:58:51
    C:\WINDOWS\System32\nvapps.xml -->06/09/2007 12:58:29
    C:\WINDOWS\System32\wpa.dbl -->02/09/2007 10:32:55
    C:\WINDOWS\System32\AClient.dll -->28/08/2007 18:42:21
    C:\WINDOWS\System32\FNTCACHE.DAT -->19/06/2007 12:49:21
    C:\WINDOWS\System32\PerfStringBackup.INI -->18/06/2007 13:22:08
    C:\WINDOWS\System32\perfh00C.dat -->18/06/2007 13:22:08
    C:\WINDOWS\System32\perfc00C.dat -->18/06/2007 13:22:08
    C:\WINDOWS\System32\perfh009.dat -->16/06/2007 11:19:20
    C:\WINDOWS\System32\perfc009.dat -->16/06/2007 11:19:20
    C:\WINDOWS\System32\spupdsvc.inf -->16/06/2007 09:20:31
    C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->10/06/2007 16:30:27
    C:\WINDOWS\System32\LegitCheckControl.DLL -->24/04/2007 11:32:06
    C:\WINDOWS\System32\javaws.exe -->14/03/2007 02:04:46
    C:\WINDOWS\System32\javacpl.cpl -->14/03/2007 02:04:46
    C:\WINDOWS\System32\javaw.exe -->14/03/2007 00:31:28
    C:\WINDOWS\System32\java.exe -->14/03/2007 00:31:24
    C:\WINDOWS\System32\rmoc3260.dll -->03/03/2007 15:38:53
    C:\WINDOWS\System32\pndx5032.dll -->03/03/2007 15:38:36
    C:\WINDOWS\System32\pndx5016.dll -->03/03/2007 15:38:36
    C:\WINDOWS\System32\srchadmin.dll.mui -->05/02/2007 15:47:48
    C:\WINDOWS\System32\mssrch.dll.mui -->05/02/2007 15:47:48
    C:\WINDOWS\System32\mssph.dll.mui -->05/02/2007 15:47:48
    C:\WINDOWS\System32\idxcntrs.ini -->05/02/2007 15:47:48

    C:\WINDOWS\Msiosd.ini -->06/09/2007 13:21:33
    C:\WINDOWS\WindowsUpdate.log -->06/09/2007 13:04:59
    C:\WINDOWS\tsoc.log -->06/09/2007 12:59:32
    C:\WINDOWS\iis6.log -->06/09/2007 12:59:02
    C:\WINDOWS\FaxSetup.log -->06/09/2007 12:59:02
    C:\WINDOWS\ocgen.log -->06/09/2007 12:59:00
    C:\WINDOWS\medctroc.Log -->06/09/2007 12:58:49
    C:\WINDOWS\0.log -->06/09/2007 12:58:45
    C:\WINDOWS\wiaservc.log -->06/09/2007 12:58:44
    C:\WINDOWS\wiadebug.log -->06/09/2007 12:58:43
    C:\WINDOWS\bootstat.dat -->06/09/2007 12:58:21
    C:\WINDOWS\SchedLgU.Txt -->05/09/2007 13:40:47
    C:\WINDOWS\setupapi.log -->04/09/2007 20:33:49
    C:\WINDOWS\err.txt -->31/08/2007 17:56:32
    C:\WINDOWS\xpsp1hfm.log -->29/08/2007 20:03:15

    MD5 des fichiers sensibles
    tcpip.sys 9f4b36614a0fc234525ba224957de55c
    ndis.sys 558635d3af1c7546d26067d5d9b6959e
    null.sys 73c1e1f395918bc2c6dd67af7591a3ad
    svchost.exe 1bd6c2f707a275cb7c16fd99fe0f31ca

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\WINDOWS\temp

    16/10/1995 15:02 135 680 SETUP32.EXE
    08/11/1995 18:43 453 280 _SETUP.EXE
    2 fichier(s) 588 960 octets
    0 Rép(s) 16 407 375 872 octets libres

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\WINDOWS\system

    24/12/2003 19:31 73 728 MMAUSBCD.exe
    16/06/1995 02:03 4 160 QTNOTIFY.EXE
    2 fichier(s) 77 888 octets
    0 Rép(s) 16 407 375 872 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\WINDOWS\system32

    04/08/2004 00:54 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 16 407 375 872 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\WINDOWS\Downloaded Program Files

    04/09/2007 20:33 <REP> .
    04/09/2007 20:33 <REP> ..
    20/01/2004 19:35 181 240 AxisCamControl.ocx
    10/02/2005 21:05 193 azesearch.inf
    10/07/2004 19:15 <REP> CONFLICT.1
    03/07/2004 17:07 <REP> CONFLICT.2
    10/12/2004 20:44 15 540 DefaultControlFile.xml
    06/12/2003 19:58 65 desktop.ini
    10/12/2004 20:44 606 208 DiagCollectionControl.dll
    25/07/2002 18:13 24 576 dwusplay.dll
    25/07/2002 18:13 196 608 dwusplay.exe
    24/11/2003 23:09 876 EMSAT.INF
    24/11/2003 23:08 45 056 EMSAT.ocx
    01/04/2004 15:37 1 476 emsat_ver3.INF
    29/06/2004 11:34 147 456 FileUploader.dll
    29/06/2004 11:35 373 FileUploader.inf
    22/11/1999 01:32 3 602 fr1.inf
    19/01/2004 18:13 115 games.inf
    13/05/2004 17:49 71 672 HDPlugin1018.dll
    13/05/2004 17:49 800 HDPlugin1018.inf
    10/02/2004 15:50 87 240 IEAWSDC.DLL
    10/02/2004 15:36 438 ieawsdc.inf
    16/10/2003 14:55 299 008 isusweb.dll
    25/08/2003 18:12 1 096 iuctl.inf
    14/03/2007 04:02 1 055 jinstall-6u1.inf
    13/04/2007 15:27 367 LegitCheckControl.inf
    29/05/2003 16:00 160 864 messengerstatsclient.dll
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    29/05/2003 16:00 84 064 minesweeper.dll
    29/05/2003 16:00 77 408 msgrchkr.dll
    30/06/2005 15:19 227 MsnMessengerSetupDownloader.inf
    14/08/2005 00:26 113 664 MsnMessengerSetupDownloader.ocx
    08/10/2004 16:01 372 736 MsnPUpld.dll
    08/10/2004 16:13 587 MSNPupld.inf
    08/04/2004 10:43 206 NCSView.inf
    09/06/2005 12:45 5 197 newUploadFotoCom.INF
    09/06/2005 12:44 704 512 newUploadFotoCom.ocx
    17/03/2004 02:29 595 OSD406.OSD
    17/03/2004 02:27 578 624 ppctl.dll
    18/12/2003 23:21 1 801 PPSDKActiveXScanner.INF
    17/03/2004 02:41 170 608 PPSDKActiveXScanner.ocx
    19/06/2002 14:11 117 088 PURen-us.dll
    31/05/2002 09:20 117 328 PURfr-fr.dll
    15/10/2004 08:59 110 592 PURfr-xx.dll
    28/01/2004 13:54 524 445 RdxIE.dll
    29/05/2003 16:00 86 112 solitaireshowdown.dll
    30/06/2006 19:53 375 SpeedUploader.inf
    30/06/2006 19:53 2 025 216 SpeedUploader.ocx
    09/11/2006 15:36 5 019 swflash.inf
    02/08/2000 12:33 224 tdserver.inf
    02/08/2000 12:26 372 736 tdserver.ocx
    21/10/2004 17:55 1 390 teleir_cert.osd
    26/06/2007 10:27 87 040 UWAS6V_0001_N91M2606NetInstaller.exe
    03/08/2004 15:51 293 wuweb.inf
    27/05/2003 18:24 233 472 yacscom.dll
    25/05/2003 14:47 233 yacscom.inf
    28/09/2001 15:24 651 Yahoo! Chat.osd
    26/01/2004 18:42 856 yinst.inf
    26/01/2004 18:40 133 120 yinsthelper.dll
    17/08/2004 14:58 227 ysbactivex.inf
    56 fichier(s) 7 773 732 octets

    Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

    10/07/2004 19:15 <REP> .
    10/07/2004 19:15 <REP> ..
    13/05/2004 17:49 71 672 HDPlugin1018.dll
    13/05/2004 17:49 800 HDPlugin1018.inf
    27/04/2004 21:16 227 ISTactivex.inf
    3 fichier(s) 72 699 octets

    Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

    03/07/2004 17:07 <REP> .
    03/07/2004 17:07 <REP> ..
    13/05/2004 17:49 71 672 HDPlugin1018.dll
    13/05/2004 17:49 800 HDPlugin1018.inf
    2 fichier(s) 72 472 octets

    Total des fichiers listés :
    61 fichier(s) 7 918 903 octets
    8 Rép(s) 16 407 371 776 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-06 13:28:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obvious]
    "ServiceBinary"="C:\WINDOWS\System32\drivers\OBVIOUS.SYS"
    "Group"="SCSI Miniport"
    "ImagePath"=str(2):"System32\DRIVERS\obvious.sys"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000001
    "Type"=dword:00000001
    "Tag"=dword:00000022

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obvious\Enum]
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
    "0"="Root\SCSIADAPTER\0001"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obvious\parameters]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obvious\security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:bbbef514
    "s2"=dword:31b3e55f
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:19,17,18,9a,38,d9,7e,e7,da,22,80,a5,a8,b8,1b,a2,c3,dc,93,1d,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7c,d3,06,41,0d,cf,1a,98,dc,e6,17,62,60,b6,1b,8d,92,..
    "khjeh"=hex:e9,cb,01,dd,cd,d7,5b,ee,e9,a4,60,b1,c6,d0,bb,b4,df,67,5d,b3,67,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:05,4b,a9,c5,d4,5c,bd,02,35,5b,b0,51,47,29,0a,15,77,b9,28,9d,37,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:19,17,18,9a,38,d9,7e,e7,da,22,80,a5,a8,b8,1b,a2,c3,dc,93,1d,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7c,d3,06,41,0d,cf,1a,98,dc,e6,17,62,60,b6,1b,8d,92,..
    "khjeh"=hex:e9,cb,01,dd,cd,d7,5b,ee,e9,a4,60,b1,c6,d0,bb,b4,df,67,5d,b3,67,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:3d,f4,af,c7,a9,ab,47,bc,47,10,40,e3,07,9e,e7,f6,75,e7,8c,d6,26,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\obvious]
    "ServiceBinary"="C:\WINDOWS\System32\drivers\OBVIOUS.SYS"
    "Group"="SCSI Miniport"
    "ImagePath"=str(2):"System32\DRIVERS\obvious.sys"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000001
    "Type"=dword:00000001
    "Tag"=dword:00000022

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\obvious\Enum]
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
    "0"="Root\SCSIADAPTER\0001"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\obvious\parameters]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\obvious\security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:19,17,18,9a,38,d9,7e,e7,da,22,80,a5,a8,b8,1b,a2,c3,dc,93,1d,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7c,d3,06,41,0d,cf,1a,98,dc,e6,17,62,60,b6,1b,8d,92,..
    "khjeh"=hex:e9,cb,01,dd,cd,d7,5b,ee,e9,a4,60,b1,c6,d0,bb,b4,df,67,5d,b3,67,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:05,4b,a9,c5,d4,5c,bd,02,35,5b,b0,51,47,29,0a,15,77,b9,28,9d,37,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120(Trial Version)"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    236 - VC6Play.exe
    368 - vscvol.exe
    456 - LVCOMSX.EXE
    556 - MMDiag.exe
    568 - firefox.exe
    788 - mim.exe
    808 - csrss.exe
    832 - winlogon.exe
    876 - services.exe
    880 - taskmgr.exe
    888 - lsass.exe
    1048 - svchost.exe
    1132 - svchost.exe
    1224 - svchost.exe
    1296 - WindowsSearch.e
    1456 - svchost.exe
    1524 - Traymon.exe
    1628 - osd.exe
    1632 - nhksrv.exe
    1844 - explorer.exe
    1900 - MMKeybd.exe
    1916 - BWheel35.exe
    1988 - PPMemCheck.exe
    2032 - zlclient.exe
    2456 - VSStat.exe
    2568 - vshwin32.exe
    2708 - VC6SecS.exe
    2756 - vsmon.exe
    2844 - searchindexer.e
    2852 - Avconsol.exe
    2928 - WebScanX.exe
    3164 - searchprotocolh
    3292 - searchfilterhos
    3404 - cmd.exe
    3528 - Mcshield.exe
    3568 - realplay.exe
    3728 - alg.exe

    Total number of processes = 38
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806EC000 - \WINDOWS\system32\hal.dll
    F7A6E000 - \WINDOWS\system32\KDCOM.DLL
    F797E000 - \WINDOWS\system32\BOOTVID.dll
    F7463000 - sptd.sys
    F7A70000 - \WINDOWS\System32\Drivers\WMILIB.SYS
    F744B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F7423000 - a347bus.sys
    F7412000 - pci.sys
    F756E000 - isapnp.sys
    F73E3000 - ACPI.sys
    F7A72000 - viaide.sys
    F77EE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F757E000 - MountMgr.sys
    F73C4000 - ftdisk.sys
    F7A74000 - dmload.sys
    F739E000 - dmio.sys
    F77F6000 - PartMgr.sys
    F758E000 - VolSnap.sys
    F7386000 -
    F7A76000 - a347scsi.sys
    F759E000 - disk.sys
    F75AE000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F7367000 - fltmgr.sys
    F7355000 - sr.sys
    F77FE000 - PxHelp20.sys
    F75BE000 - TPkd.sys
    F733E000 - KSecDD.sys
    F72B1000 - Ntfs.sys
    F7284000 - NDIS.sys
    F75CE000 - ohci1394.sys
    F75DE000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
    F7269000 - Mup.sys
    F760E000 - \SystemRoot\System32\DRIVERS\nic1394.sys
    F768E000 - \SystemRoot\System32\DRIVERS\amdk7.sys
    F6A6F000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
    F6A5B000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    F78FE000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
    F6A38000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F7906000 - \SystemRoot\System32\DRIVERS\usbehci.sys
    F790E000 - \SystemRoot\System32\DRIVERS\fdc.sys
    F6A24000 - \SystemRoot\System32\DRIVERS\parport.sys
    F6A13000 - \SystemRoot\System32\DRIVERS\serial.sys
    F71D9000 - \SystemRoot\System32\DRIVERS\serenum.sys
    F769E000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
    F7AC0000 - \SystemRoot\System32\DRIVERS\msikbd2k.sys
    F7916000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    F791E000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    F71D5000 - \SystemRoot\System32\DRIVERS\gameenum.sys
    F76AE000 - \SystemRoot\System32\DRIVERS\imapi.sys
    F7AC2000 - \SystemRoot\System32\Drivers\RegKill.sys
    F7926000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
    F792E000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
    F71D1000 - \??\C:\WINDOWS\System32\drivers\pfc.sys
    F7936000 - \SystemRoot\System32\Drivers\MxlW2k.SYS
    F76BE000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F76CE000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F69F0000 - \SystemRoot\System32\DRIVERS\ks.sys
    F6962000 - \SystemRoot\system32\drivers\smwdm.sys
    F693E000 - \SystemRoot\system32\drivers\portcls.sys
    F76DE000 - \SystemRoot\system32\drivers\drmk.sys
    F7AC4000 - \SystemRoot\system32\drivers\aeaudio.sys
    F793E000 - \SystemRoot\System32\DRIVERS\fetnd5.sys
    F68F4000 - \SystemRoot\System32\Drivers\ak0zeqlj.SYS
    F6812000 - \SystemRoot\System32\DRIVERS\vsc.sys
    F7C91000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F76EE000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    F6E63000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F67FB000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F76FE000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F770E000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F7826000 - \SystemRoot\System32\DRIVERS\TDI.SYS
    F67EA000 - \SystemRoot\System32\DRIVERS\psched.sys
    F771E000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F782E000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F7836000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F67B9000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
    F777E000 - \SystemRoot\System32\DRIVERS\termdd.sys
    F67A6000 - \SystemRoot\System32\DRIVERS\obvious.sys
    F7AD2000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F6772000 - \SystemRoot\System32\DRIVERS\update.sys
    F7245000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
    F6744000 - \SystemRoot\System32\DRIVERS\MarvinBus.sys
    F779E000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F77AE000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    F7AE2000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    F7866000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
    F7B08000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7BB7000 - \SystemRoot\System32\Drivers\Null.SYS
    F7B0A000 - \SystemRoot\System32\Drivers\Beep.SYS
    F788E000 - \SystemRoot\System32\drivers\vga.sys
    F7B0C000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F7B0E000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7896000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F789E000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F723D000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    F55C1000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    F5569000 - \SystemRoot\System32\DRIVERS\tcpip.sys
    F5541000 - \SystemRoot\System32\DRIVERS\netbt.sys
    F551F000 - \SystemRoot\System32\drivers\afd.sys
    F6D8F000 - \SystemRoot\System32\DRIVERS\netbios.sys
    F54F2000 - \SystemRoot\System32\DRIVERS\anvioctl.sys
    F44C6000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    F7BD3000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
    F673C000 - \??\C:\WINDOWS\System32\drivers\pclepci.sys
    F4457000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    F6D7F000 - \SystemRoot\System32\Drivers\Fips.SYS
    F4436000 - \SystemRoot\System32\DRIVERS\ipnat.sys
    F78AE000 - \SystemRoot\System32\DRIVERS\asuskbnt.sys
    F6D5F000 - \SystemRoot\System32\DRIVERS\wanarp.sys
    F6D4F000 - \SystemRoot\System32\DRIVERS\arp1394.sys
    F78B6000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
    F439B000 - \SystemRoot\System32\DRIVERS\LVCM.sys
    F6D2F000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
    F6D1F000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F6D0F000 - \SystemRoot\system32\drivers\usbaudio.sys
    F78E6000 - \SystemRoot\System32\DRIVERS\usbprint.sys
    F42E3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F7B32000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F7946000 - \SystemRoot\System32\watchdog.sys
    F6E83000 - \SystemRoot\System32\drivers\Dxapi.sys
    BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
    F7C3A000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D3000 - \SystemRoot\System32\nv4_disp.dll
    F2911000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys
    F765E000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys
    F298B000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
    F27EA000 - \??\C:\WINDOWS\System32\vsdatant.sys
    F25F5000 - \SystemRoot\system32\drivers\wdmaud.sys
    F2742000 - \SystemRoot\system32\drivers\sysaudio.sys
    F264A000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    F1798000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    F78F6000 - \SystemRoot\System32\drivers\BrPar.sys
    F7AA0000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    F2114000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
    F1667000 - \SystemRoot\System32\Drivers\HTTP.sys
    F15EC000 - \SystemRoot\System32\DRIVERS\srv.sys
    F15C4000 - \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
    F794E000 - \SystemRoot\System32\DRIVERS\secdrv.sys
    F784E000 - \SystemRoot\System32\DRIVERS\NaiFiltr.sys
    F7B3B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 143

    Liste des programmes installes

    ActivePerl 5.8.6 Build 811
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat 7.0 Professional
    Adobe Audition 1.5
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop 7.0.1
    Adobe Photoshop Album 2.0
    Adobe Photoshop Elements
    Adobe Photoshop Elements 2.0
    Adobe Reader 6.0 - Français
    Ahead Nero 6 Demo
    Alt WAV MP3 WMA OGG Converter v3.3
    ArcSoft Camera Suite
    ASUS Display Drivers
    Atlas Routier Michelin Europe
    Atlas Routier Michelin France
    Auto Gordian Knot 1.60
    AutoUpdate
    AVI MPEG WMV Joiner
    AviSynth 2.5
    Bazooka Scanner
    Borland Delphi 6
    Bridge Baron 16 Français
    Bridge Baron 16 Français Demo
    Brother HL-2030
    C-Dilla Licence Management System
    Cakewalk VST Adapter 4
    Camera Window
    Canon Internet Library for ZoomBrowser EX
    Canon PhotoRecord
    Canon Utilities File Viewer Utility 1.2
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities ZoomBrowser EX
    CarteSurTable
    CartoExploreur 3
    CartoExploreur 3 3.02
    CartoExploreur 3D 1.00
    CE1 avec Disney Le Livre de la Jungle
    CIG
    CloneCD
    Commande ECHO désactivée.
    Cool MP3 Splitter 1.21
    Creative DVD Audio Plugin for Audigy Series
    Data Doctor Recovery Pen Drive(Evaluation) 3.0.1.5
    dBpowerAMP Music Converter
    dBpowerAMP WMA V9.1 Codec
    Diamond Mine Deluxe
    Diccion@rios Espasa
    Direct Show Ogg Vorbis Filter (remove only)
    DivX
    DreamStation DXi2
    Désinstaller Le Petit Robert de la langue française
    DVD Decrypter (Remove Only)
    DVD Genie (remove only)
    DVD Region Killer
    DVD Shrink 3.2
    DVDInfoPro
    Egypte 3
    eMule
    Encyclopédie des Vins 2001
    End It All
    exDialer
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
    Fenêtre d'appareil photo Canon pour ZoomBrowser EX
    File Viewer Utility 1.2.2
    FotoTime FotoAlbum Pro
    Free - Kit de connexion
    Freeplayer
    Garmin USB Drivers
    Google Earth
    Google Earth Pro
    GrabIt 1.5.3 Beta (build 909)
    GénéaTique 2004
    GénéaTique MX
    Heredis 8
    HijackThis 2.0.2
    histoire de France
    Hotfix for Windows XP (KB915800)
    Hotfix for Windows XP (KB915865)
    iFinger
    iFinger 2.1
    IGN Rando
    IGN Rando
    IGN Rando
    IGN Rando
    IGN Rando
    IGN Rando
    IGN Rando
    Image Web Server IE Plugins 2,0,0,104
    Img2Ozf Version 2
    InterActual Player
    Internet Explorer Q903235
    InterVideo WinDVD 6
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) SE Runtime Environment 6 Update 1
    KeyMaestro Mouse Driver
    Lecteur Windows Media 10
    Les Boucliers d
    Les Chevaliers de Baphomet
    Les départements français
    Les pays d'Afrique
    Les pays d'Amérique du Sud
    Les pays d'Asie
    Les pays d'Europe
    Les pays d'Océanie
    Les états d'Amérique du Nord
    Lizardtech DjVu Control
    Lizardtech Document Express Editor
    Logitech QuickCam Software
    M-Audio USB Duo
    MapSource
    MapSource
    MapSource - European City Navigator v6
    MapSource - European City Navigator v6
    MapSource - Trip & Waypoint Manager v2
    MapSource - Trip & Waypoint Manager v2
    MapSource Product Install
    MathType 5
    McAfee VirusScan
    MetaProducts MetaProducts Offline Explorer Pro
    MFCDLL Shared Library - Retail Version
    Microsoft (R) C Runtime Library
    Microsoft (R) C++ Runtime Library
    Microsoft Office OneNote 2007
    Microsoft Office OneNote 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office XP Professional avec FrontPage
    Microsoft Software Update for Web Folders (English) 12
    MindManager X5 Pro
    Monkey's Audio
    Montagne 3D v3.1.7
    Mozilla (1.7.5) (fr)
    Mozilla Firefox (2.0.0.6)
    MSXML 3.0
    Musicmatch® Jukebox
    MUSK Codec Pack v5
    Myst IV - Revelation
    Myst Uru - The Path of the Shell
    NeroVision Express 2
    NewsBin Pro 4.3
    Nic's XviD Decoder
    Nikon Scan
    Nikon View 6
    NikonCapture
    Nimo Codecs Pack v5.0 (Remove Only)
    NVIDIA Drivers
    OgcDrv 2.11
    Orchestral DXi
    OziExplorer 3.95
    PartitionMagic
    PENTAX USB DISK Device
    PhotoStitch
    Pinnacle Hollywood FX for Studio
    PowerDVD
    PowerQuest PartitionMagic 8.0 Demo
    PrintFolders 2.2
    Programme de gestion Camera de Logitech®
    QuickTime
    QuickTime
    QuickTime Alternative 1.39
    RadLight MPC DirectShow Filter (remove only)
    realMYST Interactive 3D Edition
    RealPlayer
    RemoteCapture 2.7.2
    Riven
    Réseau Antilles Bayo 0004-Q0
    Réseau Antilles BdAlti 2003-Q1
    Réseau Antilles BdNyme 2003-Q1
    Réseau France Bayo 0011-Q0
    Réseau France BdAlti 2005-Q3
    Réseau France BdNyme 2004-Q4
    Réseau France NavTeq 2005-Q1
    Réseau France POI 2005-Q1
    Réseau France TopoNyme 2004-Q4
    Réseau Guyane Bayo 0004-Q0
    Réseau Guyane BdAlti 2003-Q1
    Réseau Guyane BdNyme 2003-Q1
    Réseau Reunion Bayo 0004-Q0
    Réseau Reunion BdAlti 2003-Q1
    Réseau Reunion BdNyme 2003-Q1
    ScanSoft OmniPage Pro 14.0
    ScanSoft PDF Converter
    ScanSoft PDF Printer
    ScanSoft RealSpeak
    Shockwave
    Skype 2.5
    Smart Office Keyboard
    SmartSound Quicktracks Plugin
    SONAR 4 Producer Edition
    Sonic Foundry Sound Forge 5.0
    SoundMAX
    Spybot - Search & Destroy 1.3
    Studio 9
    Studio 9.4 Patch
    Super Mp3 Editor 5.0
    TerraExplorer
    TimeFactory
    TOEIC Mastery version 1.2
    TreeSize Professional 3.21
    UHS Reader (Version 5.10)
    Ulead Photo Explorer 8.0 Trial
    Ulead PhotoImpact XL Trial
    Ultra WMV Converter 1.6.0
    UltraISO V7.21 SR-2
    Ultralingua 4.4
    Universalis 10
    Video Fixer 3.23
    VideoLAN VLC media player 0.8.4a
    Viewpoint Media Player
    Virtual CD v6
    Virtual Sound Canvas 3.2
    Virtual Sound Canvas DXi
    VobSub v2.23 (Remove Only)
    Vu de l'espace
    WebFldrs XP
    Winamp (remove only)
    Windows Desktop Search 3.01
    Windows Installer Clean Up
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows SR 2.0
    Windows XP Service Pack 2
    WinPcap 3.1 beta3
    WinRAR archiver
    WinZip
    WM Recorder + RM Recorder 10.1
    WordReference English to French
    XviD MPEG-4 Video Codec
    Yahoo! Compagnon
    ZoneAlarm

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\Program Files

    06/09/2007 13:18 <REP> .
    06/09/2007 13:18 <REP> ..
    25/12/2003 21:45 <REP> Admiresoft
    13/10/2006 19:11 <REP> Adobe
    09/10/2004 22:48 <REP> Ahead
    31/10/2004 15:13 <REP> ALA
    16/02/2005 14:21 <REP> Alcohol Soft
    26/09/2004 09:41 <REP> Alt WAV MP3 WMA OGG Converter
    06/12/2003 22:00 <REP> Analog Devices
    25/01/2004 19:03 <REP> ArcSoft
    15/01/2005 13:45 <REP> AutoGK
    15/01/2005 13:44 <REP> AviSynth 2.5
    29/01/2006 12:32 <REP> Bayo
    25/08/2007 21:38 <REP> Bazooka Scanner
    15/12/2003 15:23 <REP> Borland
    15/12/2003 15:17 <REP> Borland Delphi Personal Installer
    03/04/2005 11:39 <REP> Brother
    03/04/2005 11:39 <REP> Brownie
    29/04/2006 14:21 <REP> BSELF
    05/02/2005 11:54 <REP> Cakewalk
    25/01/2004 18:42 <REP> Canon
    21/04/2005 19:50 <REP> CarteSurTable
    01/06/2004 20:10 <REP> Common Files
    03/04/2005 10:40 <REP> Cool MP3 Splitter
    24/12/2003 18:36 <REP> Creative
    13/10/2004 13:04 <REP> CyberLink
    11/11/2006 11:07 <REP> DAEMON Tools
    13/03/2007 13:41 <REP> Data Doctor Recovery Pen Drive(Evaluation)
    13/03/2007 14:08 <REP> DataDoctorRecovery
    11/07/2004 09:21 <REP> Diccionarios Espasa
    28/01/2007 14:02 <REP> Disney Interactive
    04/05/2005 13:39 <REP> DivX
    15/01/2005 13:49 <REP> DVD Decrypter
    16/10/2004 12:36 <REP> DVD Genie
    02/09/2004 19:21 <REP> DVD Shrink
    20/12/2003 13:47 <REP> DvdinfoPro
    17/09/2004 22:58 <REP> Earth Resource Mapping
    05/02/2005 12:25 <REP> EDIROL
    20/05/2005 20:33 <REP> Elaborate Bytes
    02/09/2007 01:21 <REP> eMule
    23/09/2004 20:47 <REP> EndItAll
    25/09/2004 14:06 <REP> EVF2001
    12/06/2007 13:16 <REP> Fichiers communs
    25/01/2004 15:36 <REP> FotoTime
    08/01/2005 18:20 <REP> Free.fr
    04/02/2006 11:23 <REP> Freeplayer
    15/01/2005 13:43 <REP> Gabest
    03/04/2005 17:52 <REP> Garmin
    28/08/2004 10:26 <REP> GénéaTique2004
    28/08/2004 15:25 <REP> GénéaTiqueMX
    19/03/2005 14:30 <REP> GEOGRAPHIE
    20/08/2007 19:16 <REP> Google
    26/05/2007 15:29 <REP> GrabIt
    22/08/2007 13:38 <REP> Great Game Products
    08/04/2005 13:46 <REP> Havas Interactive
    18/09/2004 16:44 <REP> Heredis 8
    09/10/2004 17:51 <REP> HHVcdV6Sys
    12/06/2004 10:59 <REP> HighMAT CD Writing Wizard
    30/08/2007 20:00 <REP> Hijackthis
    28/08/2004 17:18 <REP> iFinger
    29/01/2005 20:22 <REP> IGN Rando
    25/06/2006 12:36 <REP> Illustrate
    24/01/2004 22:11 <REP> InterActual
    16/06/2007 09:18 <REP> Internet Explorer
    09/10/2004 19:40 <REP> InterVideo
    19/03/2005 11:23 <REP> JAM Software
    23/12/2003 20:07 <REP> Jasc Software Inc
    10/06/2007 16:30 <REP> Java
    11/11/2006 11:12 <REP> Le Robert
    01/09/2004 12:29 <REP> Les Boucliers de Quetzalcoatl
    12/06/2007 13:16 <REP> LizardTech
    23/02/2005 13:33 <REP> Logitech
    07/04/2005 20:00 <REP> M3Dv3
    06/11/2004 17:54 <REP> MathType
    15/01/2004 20:14 <REP> Mattel Interactive
    24/12/2003 19:32 <REP> M-Audio USB Duo
    16/12/2003 19:52 <REP> McAfee
    16/12/2004 21:19 <REP> Media Player Classic
    16/06/2007 09:18 <REP> Messenger
    06/12/2003 19:59 <REP> microsoft frontpage
    18/06/2007 13:29 <REP> Microsoft Office
    18/06/2007 13:29 <REP> Microsoft Works
    16/06/2004 12:28 <REP> Mindjet
    29/01/2006 11:43 <REP> Monkey's Audio
    02/05/2004 20:27 <REP> Montparnasse
    16/06/2007 09:18 <REP> Movie Maker
    06/09/2007 13:18 <REP> Mozilla Firefox
    28/03/2005 18:16 <REP> mozilla.org
    06/12/2003 19:56 <REP> MSN
    06/12/2003 19:56 <REP> MSN Gaming Zone
    16/06/2007 16:17 <REP> MSN Messenger
    19/02/2005 10:35 <REP> MUSICMATCH
    14/10/2004 21:56 <REP> MUSK Codec Pack v5
    15/02/2005 14:33 <REP> nbpro
    16/06/2007 09:15 <REP> NetMeeting
    06/12/2003 21:12 <REP> Netropa
    13/01/2004 13:50 <REP> Nikon
    09/10/2004 20:49 <REP> NimoCodec Pack
    01/12/2006 21:15 <REP> Offline Explorer Pro
    14/08/2004 18:31 <REP> OHD
    16/06/2007 09:15 <REP> Outlook Express
    22/12/2006 14:52 <REP> PENTAX
    06/09/2007 12:58 <REP> PestPatrol
    04/05/2005 13:14 <REP> Pinnacle
    07/01/2004 13:32 <REP> PowerQuest
    17/03/2005 20:15 <REP> PrintFolders
    29/09/2004 20:20 <REP> PROSONIQ
    01/01/2004 11:08 <REP> QuickTime
    27/01/2006 13:55 <REP> QuickTime Alternative
    15/06/2004 12:36 <REP> Real
    08/11/2004 14:40 <REP> Riven
    05/02/2005 12:46 <REP> Roland
    20/11/2005 11:28 <REP> ScanSoft
    06/12/2003 19:58 <REP> Services en ligne
    20/08/2007 19:03 <REP> Skyline
    07/08/2006 18:43 <REP> Skype
    22/10/2004 23:14 <REP> SlySoft
    04/05/2005 13:18 <REP> SmartSound Software
    23/12/2005 13:36 <REP> Sonic Foundry
    23/12/2005 13:36 <REP> Sonic Foundry Setup
    12/03/2005 21:12 <REP> Spybot - Search & Destroy
    25/12/2004 21:45 <REP> The Adventure Company
    25/12/2003 17:31 <REP> Ubi Soft
    18/02/2005 13:41 <REP> Ubisoft
    21/02/2005 21:38 <REP> UHS
    02/01/2004 11:49 <REP> Ulead Systems
    06/02/2005 16:08 <REP> Ultra WMV Converter
    09/10/2004 17:12 <REP> UltraISO
    28/06/2004 19:21 <REP> Ultralingua
    31/12/2004 17:15 <REP> Universalis
    31/12/2004 17:39 <REP> Universalis 9
    16/10/2004 09:23 <REP> Video Joiner
    06/02/2005 16:24 <REP> videofixer
    04/02/2006 11:44 <REP> VideoLAN
    10/10/2004 13:29 <REP> Viewpoint
    09/10/2004 17:51 <REP> Virtual CD v6
    12/11/2004 20:23 <REP> Win Comm
    12/10/2004 19:30 <REP> Winamp
    14/06/2006 13:58 <REP> Windows AdStatus
    18/06/2007 13:21 <REP> Windows Desktop Search
    29/01/2006 11:36 <REP> Windows Installer Clean Up
    16/06/2007 09:18 <REP> Windows Media Player
    16/06/2007 09:15 <REP> Windows NT
    25/05/2005 12:36 <REP> WinPcap
    28/08/2004 18:48 <REP> WinRAR
    26/09/2004 10:36 <REP> WinZip
    21/01/2006 12:18 <REP> WM Recorder 10
    06/12/2003 19:59 <REP> xerox
    15/01/2005 13:44 <REP> XviD
    07/05/2004 11:23 <REP> Yahoo!
    08/07/2004 20:09 <REP> Zone Labs
    21/05/2005 21:06 <REP> Zylom Games
    0 fichier(s) 0 octets
    152 Rép(s) 16 406 835 200 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\Program Files\fichiers communs

    12/06/2007 13:16 <REP> .
    12/06/2007 13:16 <REP> ..
    19/09/2004 18:53 <REP> Adobe
    13/10/2006 19:14 <REP> Adobe Systems Shared
    07/12/2003 12:42 <REP> Ahead
    09/10/2004 17:53 <REP> Bcgsoft
    02/05/2004 20:27 <REP> Borland
    15/12/2003 15:23 <REP> Borland Shared
    19/10/2006 20:29 <REP> Designer
    03/04/2005 11:37 <REP> InstallShield
    09/10/2004 19:40 <REP> InterVideo
    31/12/2004 17:34 <REP> Java
    15/08/2004 08:38 <REP> L&H Shared
    12/06/2007 13:16 <REP> LizardTech Shared
    23/02/2005 13:33 <REP> Logitech
    18/06/2007 13:28 <REP> Microsoft Shared
    28/03/2005 18:17 <REP> mozilla.org
    06/12/2003 19:57 <REP> MSSoap
    16/12/2003 19:52 <REP> Network Associates
    12/01/2004 14:10 <REP> Nikon
    11/06/2004 12:49 <REP> ODBC
    13/01/2004 13:52 <REP> PACE Anti-Piracy
    03/03/2007 15:38 <REP> Real
    20/11/2005 11:30 <REP> Scansoft Shared
    06/12/2003 19:57 <REP> Services
    07/12/2003 02:56 <REP> SpeechEngines
    02/10/2004 16:38 <REP> SWF Studio
    16/06/2007 09:15 <REP> System
    02/01/2004 11:49 <REP> Ulead Systems
    30/05/2004 12:29 <REP> Vbox
    25/01/2004 15:36 <REP> Wise Installation Wizard
    03/03/2007 15:39 <REP> xing shared
    0 fichier(s) 0 octets
    32 Rép(s) 16 406 843 392 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    18/06/2007 13:28 <REP> .
    18/06/2007 13:28 <REP> ..
    18/06/2007 13:27 <REP> 1033
    16/06/2007 12:01 <REP> 1036
    26/10/2006 19:49 970 528 MSONSEXT.DLL
    26/10/2006 20:12 40 256 MSOSV.DLL
    03/06/1999 15:09 122 937 MSOWS409.DLL
    07/03/2001 10:00 127 033 MSOWS40c.DLL
    06/08/2000 09:04 401 462 MSVCP60.DLL
    22/01/2001 03:25 69 632 PKMAXCTL.DLL
    22/01/2001 03:25 872 448 PKMCDO.DLL
    22/01/2001 03:25 159 744 PKMCORE.DLL
    07/02/2001 09:59 106 496 PKMFORMS.DLL
    12/02/2001 04:03 684 032 PKMRES.DLL
    22/01/2001 03:25 28 672 PKMSSTLB.DLL
    22/01/2001 03:25 40 960 PKMTEMPL.DLL
    22/01/2001 03:25 24 576 PKMTRACE.DLL
    22/01/2001 04:25 86 016 PKMWS.DLL
    22/01/2001 03:25 237 568 PROMDEMO.DLL
    22/01/2001 03:25 184 320 SECMGR.DLL
    22/01/2001 03:25 323 584 VAIDDMGR.DLL
    22/01/2001 03:25 32 768 VAIMEM.DLL
    18 fichier(s) 4 513 032 octets
    4 Rép(s) 16 406 843 392 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 1C0B-3341

    Répertoire de C:\Program Files\common files

    01/06/2004 20:10 <REP> .
    01/06/2004 20:10 <REP> ..
    09/07/2005 09:27 <REP> System
    0 fichier(s) 0 octets
    3 Rép(s) 16 406 843 392 octets libres

    c:\Documents and Settings\Daddy\Application Data\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
    c:\Documents and Settings\Daddy\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Daddy\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    c:\Documents and Settings\Daddy\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    c:\Documents and Settings\Daddy\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
    c:\Documents and Settings\Daddy\Application Data\U3\temp\cleanup.exe
    c:\Documents and Settings\Daddy\Application Data\U3\temp\Launchpad Removal.exe
    c:\Documents and Settings\Daddy\Bureau\4751xdat.exe
    c:\Documents and Settings\Daddy\Bureau\5105xdat.exe
    c:\Documents and Settings\Daddy\Bureau\bazookasetup.exe
    c:\Documents and Settings\Daddy\Bureau\bin2iso.exe
    c:\Documents and Settings\Daddy\Bureau\Google_Earth_BZXE.exe
    c:\Documents and Settings\Daddy\Bureau\sdat4694.exe
    c:\Documents and Settings\Daddy\Bureau\sdat4843.exe
    c:\Documents and Settings\Daddy\Bureau\spybotsd_includes.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\2_iFinger Keygen.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\CarteSurTable.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\Dico Hachette Oxford.EXE
    c:\Documents and Settings\Daddy\Bureau\downloads\iFinger 2.0.7.194.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\iFinger, Merriam-Webster s Law Dictionary 1.0 SW.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\iFinger.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\LOGICIEL DE GENEALOGIE - Heredis 7 +(Serial).exe
    c:\Documents and Settings\Daddy\Bureau\downloads\Memory Map Navigator 3 Keygen - works for 2004.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\MEMORY-MAP 2004 ORDNANCE SURVEY EDITION2004_os.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\oziexplorer 3.95.4g+key+util.exe
    c:\Documents and Settings\Daddy\Bureau\downloads\Ulead PhotoImpact Album 8 [found via www.FileDonkey.com].exe
    c:\Documents and Settings\Daddy\Bureau\LizardTech.DJVU.Document.Express.Editor.6.0.1.build.1259.With.Serials\Document Express Editor 6.0.1 build 1259\Setup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\arctic-loop.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\GameCfig.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\iFinger2Setup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\iinstall.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\Install.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\joqlibg.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\msnsearch.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\ose00000.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\quwbsge.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\SkypeSetup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\spyhunterS2.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\TCM crack Complete Guide Of The TOEIC Test.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\UNNMIX.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\UNNMP.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\OWP5.tmp\setup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\OWP5.tmp\Office.fr-fr\DW20.EXE
    c:\Documents and Settings\Daddy\Local Settings\Temp\OWP5.tmp\Office.fr-fr\dwtrig20.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\OWP5.tmp\OneNote.WW\ose.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\Pen Drive\Setup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\Répertoire temporaire 1 pour iFinger_1[1].30.zip\Keygen.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\Répertoire temporaire 1 pour mppdec-windows-1.95z6.zip\mppdec.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\WMDM\setup.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{2A2FA01C-9D04-44F8-B6A9-D8F9A6312D04}\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\StudioWisePatch_L.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\50ComUpd.Exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\q311542_WXP_SP1_x86_ENU.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\RSETPATH.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ARA.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHS.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHT.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CSY.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DAN.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DEU.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ELL.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ENU.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ESN.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FIN.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FRA.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HEB.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HUN.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ITA.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-JPN.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-KOR.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NLD.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NOR.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PLK.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTB.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTG.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-RUS.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-SVE.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{C4CEADDE-8C08-4BD1-A14F-0AED038CB4FA}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-TRK.exe
    c:\Documents and Settings\Daddy\Local Settings\Temp\{DDB6B45C-B006-423A-9F09-53DACC5EA7E2}\QuickTimeInstaller.exe
    c:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\ADGHERAN\installdrivecleanerstart_fr[1].exe
    c:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQNP\VirtualCD9002[1].exe
    c:\Documents and Settings\Daddy\Mes documents\eMule0.47c-Installer.exe
    c:\Documents and Settings\Daddy\Mes documents\Documents Sandrine\Programmation 2A\Copie de Projet prg 2A\projet algo final\agence_immo.exe
    c:\Documents and Settings\Daddy\Mes documents\Documents Sandrine\Programmation 2A\Projet 2A 29.02.04\projet algo final\agence_immo.exe
    c:\Documents and Settings\Daddy\Mes documents\Documents Sandrine\Programmation 2A\Projet prg 2A\projet algo final\agence_immo.exe
    c:\Documents and Settings\Daddy\Mes documents\Gspot\GSpot.exe
    c:\Documents and Settings\Daddy\Mes documents\Mes fichiers reçus\quicktimealt139.exe
    c:\Documents and Settings\Daddy\Mes documents\Mes vidéos\dvcodecv2.4.16.exe
    c:\Documents and Settings\Daddy\Mes documents\Mes vidéos\VobSub_2.23.exe
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    c:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll
    c:\Documents and Settings\Daddy\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJS}\xmlparse.dll
    c:\Documents and Settings\Daddy\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\Daddy\Application Data\Musicmatch\Plugins\Portables\WMDM9_2\PortDev.dll

    ****** Fin du rapport DiagHelp
    0
  7. pverlain
     
    Bonjour O VergigO,
    Je ne sais pas si tu as eu le temps de regarder le rapport Kaspersky et d'en tirer des conclusions.

    Merci de ton aide.

    Pverlain
    0
  8. pverlain
     
    J'ai juste fait le scan sans plus. Je n'ai rien effacé pour le moment.
    Ce qui m'étonne c'est que j'ai MacAfee à jour, et qu'il ne me signale rien.

    Merci encore.
    0
  9. pverlain
     
    Je comprends. Par contre comment supprimer ces infections? Kaspersky en ligne permet-il de le faire?

    Merci

    Pverlain
    0
  10. pverlain
     
    Je vais ré-essayer. Sinon je peux peut-être avec la version d'essai.
    Ce qui m'intrigue c'est ces remarques "objet vérouillé" et le fait que je ne trouve pas les fichiers incriminés (aclient.dll par exemple n'est pas dans le dossier indiqué.
    Je te tiens au courant.

    pverlain
    0
  11. netforum Messages postés 1663 Statut Membre 186
     
    reinstalle hijackthis dans programme files et non dans documents and sitting puis renvoi un rapport
    -1
  12. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    HiJackThis est BIEN installé.

    Tu es victime de la variante F du vers Blaster. Fais ceci pour t'en débarrasser:
    - Désactive la restauration du système: Panneau de configuration / Systeme / Restauration du systeme.
    - Télécharge ceci: http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=fr
    - Exécute le
    - EDIT: Fais une recherche dans tous les fichiers (y compris les cachés) pour MSLAUGH.EXE et supprime-le
    - Relance HiJackThis, et coche cette ligne:
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe 

    - Cliques sur Fix Checked.

    Il faut bien veiller à faire les mises à jour Windows !

    Cordialement,
    -1
  13. O VertigO Messages postés 862 Statut Membre 32
     
    Voici ce que tu peux faire:

    1. HiJackThis
    - Relance HiJackThis
    - Choisis l'option "do a system scan only"
    - Coches les lignes suivantes:
    O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/ 
    O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab</code>- Cliques sur Fix Checked. 
    
    - Poste un nouveau rapport HiJackThis.

    2. Peux tu répondre à cette question:
    - Sur le nouveau log HiJackThis, dans les lignes 016, peux tu me dire ce que tu ne connais pas du tout ?
    - Connais tu ceci:
    *HttpGuard - C:\WINDOWS\system32\AClient.dll
    *iFinger plugin - C:\PROGRA~1\iFinger\plugins\IE.ifp

    Bonne soirée
    -1
  14. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Vraiment désolé, je n'avais pas vu que tu avais répondu à mon dernier message.

    - Télécharge Diaghelp.zip de Malekal_Morte http://www.malekal.com/download/DiagHelp.zip
    - Cliques droit dessus et choisis extraire tout.
    - Un nouveau dossier va être créé: DiagHelp
    - Ouvre le et double cliques sur Go.cmd
    - Choisis l'option 1
    - Suis les instructions qui apparaissent, et appuies bien sur une touche quand demandé, après le rapport CatchMe.
    - Peut-etre que tu devras redémarrer ton ordinateur.
    - Copie colle le rapport se trouve dans C:Resultat.txt ici.

    Amicalement,
    -1
  15. O VertigO Messages postés 862 Statut Membre 32
     
    Ok,

    Je vais jeter un oeil à cela. Je peux juste te demander quelque chose ? Arrête de télécharger n'importe quoi sur eMule stp... Ton problème vient à coup sur de là.

    Je te recontacte surement dans la soirée.
    -1
  16. pverlain Messages postés 4 Statut Membre
     
    voici le rapport kaspersky
    merci encore
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, September 07, 2007 9:20:19 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 7/09/2007
    Enregistrements dans la base antivirus Kaspersky : 385010
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Zones critiques:
    C:\WINDOWS
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\

    Statistiques de l'analyse:
    Total d'objets analysés: 21279
    Nombre de virus trouvés: 9
    Nombre d'objets infectés: 8 / 0
    Nombre d'objets suspects: 2
    Durée de l'analyse: 00:27:26

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\WINDOWS\2_0_1browserhelper2.dll_tobedeleted Infecté : Trojan-Clicker.Win32.Delf.r ignoré
    C:\WINDOWS\comsetup.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\FaxSetup.log L'objet est verrouillé ignoré
    C:\WINDOWS\iis6.log L'objet est verrouillé ignoré
    C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
    C:\WINDOWS\Internet Logs\LOIC.ldb L'objet est verrouillé ignoré
    C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\ntdtcsetup.log L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\setupact.log L'objet est verrouillé ignoré
    C:\WINDOWS\setuperr.log L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\spupdsvc.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\AClient.dll Suspect : Packed.Win32.Morphine.a ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\secupd050104.exe Infecté : Trojan-Downloader.Win32.Esepor.m ignoré
    C:\WINDOWS\system32\ShellExt\d.EXE Infecté : Trojan.Win32.Delf.bg ignoré
    C:\WINDOWS\system32\supd180204.exe Infecté : Trojan-Downloader.Win32.Esepor.x ignoré
    C:\WINDOWS\system32\tksrv98.exe Infecté : Trojan-Downloader.Win32.Esepor.d ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\WebPoolFileFile L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\ZLT06163.TMP L'objet est verrouillé ignoré
    C:\WINDOWS\UnstSA2.exe Infecté : Trojan-Dropper.Win32.Delf.z ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\D6A.tmp Suspect : Packed.Win32.Morphine.a ignoré
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\iinstall.exe Infecté : Trojan-Downloader.Win32.IstBar.ir ignoré
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\JETA45E.tmp L'objet est verrouillé ignoré
    C:\DOCUME~1\Daddy\LOCALS~1\Temp\quwbsge.exe Infecté : Trojan-Downloader.Win32.Tibs.nf ignoré

    Analyse terminée.
    -1
  17. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Ces temps ci j'ai été extrêmement occupé, j'espère que tu comprendras.

    As tu supprimé les fichiers trouvés par le scan ? Parce qu'il est indiqué "Ignoré".
    -1
  18. O VertigO Messages postés 862 Statut Membre 32
     
    Ok,

    Pour Mc Afee, si tu veux mon avis, il possède autant de trous que Norton et donc qu'une passoire... Donc pas très étonnant.
    Ton problème devrait se résoudre, en partie du moins, si tu supprimes toutes les infections trouvées. Si tu pouvais reposter un log HiJackThis après l'avoir fait, ce serait cool ;o)
    -1
  19. O VertigO Messages postés 862 Statut Membre 32
     
    Salut

    Euh je pense que le scan Kaspersky peut le faire mais je n'en suis pas sur. Ce qui me fait penser qu'il le peut est qu'il peut les ignorer. Donc s'il peut les ignorer, il peut faire autres chose...
    -1
  20. pverlain Messages postés 4 Statut Membre
     
    J'ai fini par me débarasser de ces pbs de redirections depuis Google sur IE.
    J'ai téléchargé et excécuté a2Free, qui m'a signallé pas mal de pbs potentiels. J'ai mis en quarantaine tous les "High risks" et depuis, mon pb a disparu.

    Merci de ton aide

    Pverlain
    -1