Cmt me débarasser de win32,spy shredde

adri62 Messages postés 4 Statut Membre -  
 youyou -
Bonjour,
pouvez vous m'aider svp à me débarasser de win32 adware-gen,win32 agent,win32 trojan-gen,et spy shredder merci
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. Utilisateur anonyme
     
    lu,
    change d'antivirus lol
    0
  2. adri62 Messages postés 4 Statut Membre
     
    lol sympa mais bon je sais pas cmt tt ça est arrivé c surtout à cause de spy shredder je pense....maintenant il faudrait que je vire tout ça!
    0
  3. adri62 Messages postés 4 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:24:36, on 26/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\BitZipper\BITZIPPER.exe
    C:\Documents and Settings\Adrien\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cba7c12480b14022aced91ac16872325
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cba7c12480b14022aced91ac16872325
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O21 - SSODL: bxsbang - {1FE2D568-9771-4525-8563-C295317B98A5} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {BF8D17D3-C45D-4A1C-86A1-504F1A337E5B} - (no file)
    O21 - SSODL: msmhost - {82962748-69A6-41EC-BF68-C93F406A94A4} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {79170F8A-C476-46B8-B1AE-74ED3CA70420} - C:\WINDOWS\msmdev.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    coche les cases et fix :

    O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe"
    O21 - SSODL: bxsbang - {1FE2D568-9771-4525-8563-C295317B98A5} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {BF8D17D3-C45D-4A1C-86A1-504F1A337E5B} - (no file)
    O21 - SSODL: msmhost - {82962748-69A6-41EC-BF68-C93F406A94A4} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {79170F8A-C476-46B8-B1AE-74ED3CA70420} - C:\WINDOWS\msmdev.dll (file missing)
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    redemarre l'ordinateur.

    1/desactive la restauration systeme : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
    2/ affiche les objet cachés : https://www.informatruc.com
    3/passe un cout de nettoyage avec CCleaner : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    tous sauf l'avancé.

    4/ cherche et supprime :

    C:\WINDOWS\movctrlswd.dll
    C:\WINDOWS\nssfrch.dll
    C:\Program Files\Fichiers communs\DriveCleaner Free\ (dossier)
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\msmhost.dll
    C:\WINDOWS\privacy_danger\ (dossier)

    connecte toi pour un scan en ligne sur :
    https://www.eset.com/
    ensuite : Scanner en ligne.
    Coche la case et puis clique sur start.
    Accepte l'active X
    Coche les 2 options du scan et fait un scan complet.
    0
  6. adri62
     
    re
    le scan final a détecté 3 menaces sur mon pc mais il ne peut rien me faire si je ne l'achète pas...sinon j'ai fait toutes les opérations que tu m'as demandé
    0
  7. Utilisateur anonyme
     
    Ca m'etonne...normalement il supprime...

    ta noté les chemins des fichiers ? ou ta le log ?
    0
  8. adri62
     
    désolé je ne vois pas ce que tu veux dire par noter le chemin des fichiers je ne m'y connais pas vraiment en info....mais j'ai effectué toutes les étapes dans l'ordre tu ve ke je recommence?
    0
  9. Utilisateur anonyme
     
    ben normalement ce scanner en ligne nettoye ou supprime...il te dit pas acheter comme ca...
    le mieux et de relancer un scan et dire les chemins des fichiers infecté.
    0
  10. adri62
     
    c'est la galère il scanne depuis 1h20 pour l'instant il a rien trouvé mais bon c'est bizarre que ce soit aussi lent comparé à tout à l'heure...
    0
  11. youyou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:19, on 28/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
    C:\Program Files\Namo\WebBoard\Server\mysql\bin\mysqld.exe
    C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
    C:\Program Files\Namo\WebBoard\Server\apache\apache.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: <html>
    O1 - Hosts: <head>
    O1 - Hosts: <title>Welcome to Yahoo! GeoCities - Your Home on the Web ®</title>
    O1 - Hosts: </head>
    O1 - Hosts: <body bgcolor=#ffffff>
    O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
    O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
    O1 - Hosts: <table border=0 width=600 cellspacing=0 cellpadding=0><tr><td width="1%"><a href="https://smallbusiness.yahoo.com/"><img
    O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/us/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a></td><td><table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td align=right valign=bottom nowrap><font face=arial size=-1><a href="https://fr.yahoo.com/?p=us">Yahoo!</a>
    O1 - Hosts: - <a href="https://help.yahoo.com/kb/account">Help</a>
    O1 - Hosts: </font>
    O1 - Hosts: </td></tr></table><hr size=1></td></tr></table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width=600 cellpadding=4 cellspacing=0 border=0>
    O1 - Hosts: <tr bgcolor=003399><td><font face=arial size=+1 color=ffffff><b>Sorry, the site you requested is inactive.</b></font></td>
    O1 - Hosts: </tr>
    O1 - Hosts: </table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width="600" border="0" cellspacing="0" cellpadding="0"><tr><td align=center valign=top>
    O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr><td valign=top>
    O1 - Hosts: <table width="100%" cellpadding=4 cellspacing=0 border=0 bgcolor=ffffee><tr><td valign=top>
    O1 - Hosts: <font face=arial size=-1>
    O1 - Hosts: This GeoCities site has been deactivated due to inactivity.
    O1 - Hosts: <p>
    O1 - Hosts: <strong>Are you the site owner?</strong> <br>
    O1 - Hosts: <a href="https://smallbusiness.yahoo.com/">Click here</a> to reactivate your site.
    O1 - Hosts: <p>
    O1 - Hosts: <strong>Are you a visitor?</strong> Try a search below.
    O1 - Hosts: </font>
    O1 - Hosts: <br><br>
    O1 - Hosts: </td></tr></table></td></tr></table>
    O1 - Hosts: </td></tr></table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width="600" cellpadding=4 cellspacing=0 border=0 bgcolor=eeeeee><tr><td valign=top>
    O1 - Hosts: <font face=arial size=-1><b>Search Yahoo! GeoCities</b></font></td></tr></table>
    O1 - Hosts: <br><form action="https://smallbusiness.yahoo.com/" method=get>
    O1 - Hosts: <input size=32 name=p value=""> <input type=submit value="Search"><p>
    O1 - Hosts: <p>
    O1 - Hosts: <strong><font face=arial size=-1>Advanced GeoCities search options </font></strong>
    O1 - Hosts: <p>
    O1 - Hosts: <table border=0 cellpadding=2 cellspacing=0>
    O1 - Hosts: <tr><td valign=top>
    O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
    O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 1</b></font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=o value=i checked></td><td><font face=arial size=-1>Intelligent default</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=o value=p></td><td><font face=arial size=-1>An exact phrase match</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=o value=a></td><td><font face=arial size=-1>Matches on all words (AND)</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=o value=o></td><td><font face=arial size=-1>Matches on any word (OR)</font></td></tr></table>
    O1 - Hosts: </td><td> </td><td valign=top>
    O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
    O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 2</b></font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=h value=c ></td><td><font face=arial size=-1>Yahoo! GeoCities Categories</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top> <input type=radio name=h value=s checked></td><td><font face=arial size=-1>Yahoo! GeoCities Web Sites</font></td></tr></table>
    O1 - Hosts: </td></tr></table>
    O1 - Hosts: </form>
    O1 - Hosts: <p>
    O1 - Hosts: <br>
    O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
    O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
    O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
    O1 - Hosts: <font face=arial size=-2><A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
    O1 - Hosts: </font></td></tr></table></td></tr></table>
    O1 - Hosts: <p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright © 2004 <a href="https://fr.yahoo.com/?p=us" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="https://www.verizonmedia.com/policies/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
    O1 - Hosts: </body>
    O1 - Hosts: </html>
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [ihbirxq] c:\documents and settings\administrateur\local settings\application data\ihbirxq.exe ihbirxq
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,L (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O4 - Global Startup: Namo APM Manager.lnk = C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    0