Clés et valeurs de registre infecte?

Résolu

SYLVIE81 -
g!rly Messages postés 18462 Statut Contributeur - 20 déc. 2008 à 01:31

Bonjour,
il y a quelque jours que je suis infecte par un malware toll, un adware bho et des trojans qui se trouvent dans les cles et valeurs de registre la personne qui m'aidais m'a laisser tomber qui peux m'aider ?
voila un rapport hij et un malwarebyte:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1428
Windows 5.1.2600 Service Pack 3

01/12/2008 14:24:20
mbam-log-2008-12-01 (14-24-20).txt

Type de recherche: Examen rapide
Eléments examinés: 56733
Temps écoulé: 9 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d31b763f-051f-4755-968b-c68775b8cf18} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d31b763f-051f-4755-968b-c68775b8cf18} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\btpanu.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\nsy780.dll (Adware.BHO) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:34, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: adssite - {21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} - C:\WINDOWS\system32\nsy780.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D31B763F-051F-4755-968B-C68775B8CF18} - C:\WINDOWS\system32\btpanu.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg

Afficher la suite

A voir également:

Clés et valeurs de registre infecte?
Editeur de registre - Guide
Clé de produit windows 10 - Guide
Trousseau de clés iphone - Guide
Clés word - Télécharger - Sécurité
Excel liste de valeurs - Guide

31 réponses

Réponse 1 / 31

g!rly Messages postés 18462 Statut Contributeur 406

salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

SYLVIE81

merci pour ton aide voici le rapport
ComboFix 08-11-30.02 - Propriétaire 2008-12-01 15:03:03.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.404 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
2008-12-01 14:24 . 2008-12-01 14:24 61,440 --a------ c:\windows\system32\drivers\ciox.sys
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
2008-11-17 16:17 . 2008-11-17 16:17 96,088 --a------ c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
2008-11-17 16:17 . 2008-04-14 03:33 94,720 --a------ c:\windows\system32\btpanu.dll
2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania
2008-11-04 10:11 . 2008-11-04 10:11 <REP> d-------- c:\program files\Picasa2
2008-11-04 09:10 . 2008-11-04 09:11 <REP> d-------- c:\program files\Jewelleria
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Valusoft
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Valusoft
2008-11-02 18:22 . 2008-11-02 18:22 <REP> d-------- c:\program files\Miss Teri Tale - Vote 4 Me
2008-11-02 17:59 . 2008-11-29 12:28 <REP> d-------- c:\program files\Mystery Case Files - Huntsville
2008-11-02 14:05 . 2008-11-02 14:05 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\MysteryStudio
2008-11-01 10:43 . 2008-11-01 10:43 <REP> d-------- c:\program files\Mystery Stories - Island of Hope

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 13:01 53,946 ----a-w c:\windows\system32\cont_adssite-remove.exe
2008-12-01 13:00 --------- d-----w c:\program files\eMule
2008-12-01 11:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-29 12:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
2008-11-20 15:28 --------- d-----w c:\program files\Wanadoo
2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
2008-11-02 15:30 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
2008-10-31 11:44 554,496 ----a-w c:\windows\system32\nswA.dll
2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
2008-10-12 14:40 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-06 13:27 --------- d-----w c:\program files\Azureus
2008-10-03 09:10 --------- d-----w c:\program files\Eurobarre
2008-10-03 09:10 --------- d-----w c:\program files\Easy Internet signup
2008-10-03 09:10 --------- d-----w c:\program files\DivX
2008-10-03 09:06 --------- d-----w c:\program files\PhotoFiltre
2008-10-02 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jasc
2008-10-02 10:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-02 10:31 --------- d-----w c:\program files\Jasc Software Inc
2008-10-02 10:29 --------- d-----w c:\program files\Seagrand
2008-10-02 09:05 --------- d-----w c:\program files\UnFREEz
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]
2008-04-14 03:33 94720 --a------ c:\windows\system32\btpanu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-10-23 19:34 1336560 c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
--a------ 2007-04-26 15:19 2908160 c:\program files\ItsLabel\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--------- 2007-06-05 16:47 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 13:50 122880 c:\progra~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 iqhjsemw;iqhjsemw;c:\windows\system32\drivers\iqhjsemw.sys [2003-01-11 23424]
R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
S4 UmxPol;HIPS Policy Manager; []
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-11-28 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Shareaza - c:\program files\Shareaza\Shareaza.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st/
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsubdo.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 15:05:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
.
Heure de fin: 2008-12-01 15:06:47
ComboFix-quarantined-files.txt 2008-12-01 14:06:25
ComboFix2.txt 2008-12-01 14:00:28

Avant-CF: 23 272 034 304 octets libres
Après-CF: 23,259,406,336 octets libres

253 --- E O F --- 2008-11-12 20:43:43

Réponse 2 / 31

g!rly Messages postés 18462 Statut Contributeur 406

la suite :

Copie le texte ci-dessous :

File::
c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
c:\windows\system32\btpanu.dll
c:\windows\system32\cont_adssite-remove.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

SYLVIE81

salut
voila les rapports que tu m'a demandé

ComboFix 08-11-30.02 - Propriétaire 2008-12-02 8:06:46.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.206 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\cfscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\btpanu.dll
c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
c:\windows\system32\btpanu.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 19:52 . 2008-12-01 19:52 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-01 19:52 . 2008-12-01 19:52 1,409 --a------ c:\windows\QTFont.for
2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
2008-11-17 16:17 . 2008-04-14 03:33 94,720 --a------ c:\windows\system32\btpanu.dll
2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania
2008-11-04 10:11 . 2008-11-04 10:11 <REP> d-------- c:\program files\Picasa2
2008-11-04 09:10 . 2008-11-04 09:11 <REP> d-------- c:\program files\Jewelleria
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Valusoft
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Valusoft
2008-11-02 18:22 . 2008-11-02 18:22 <REP> d-------- c:\program files\Miss Teri Tale - Vote 4 Me
2008-11-02 17:59 . 2008-12-01 15:31 <REP> d-------- c:\program files\Mystery Case Files - Huntsville
2008-11-02 14:05 . 2008-11-02 14:05 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\MysteryStudio

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 07:17 --------- d-----w c:\program files\Wanadoo
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-01 15:59 --------- d-----w c:\program files\eMule
2008-12-01 15:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 15:29 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
2008-12-01 11:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
2008-11-01 09:43 --------- d-----w c:\program files\Mystery Stories - Island of Hope
2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-06 13:27 --------- d-----w c:\program files\Azureus
2008-10-03 09:10 --------- d-----w c:\program files\Eurobarre
2008-10-03 09:10 --------- d-----w c:\program files\Easy Internet signup
2008-10-03 09:10 --------- d-----w c:\program files\DivX
2008-10-03 09:06 --------- d-----w c:\program files\PhotoFiltre
2008-10-02 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jasc
2008-10-02 10:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-02 10:31 --------- d-----w c:\program files\Jasc Software Inc
2008-10-02 10:29 --------- d-----w c:\program files\Seagrand
2008-10-02 09:05 --------- d-----w c:\program files\UnFREEz
2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-01_14.59.03,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-10 10:10:05 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
+ 2008-12-01 18:50:47 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
+ 2008-12-02 07:13:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]
2008-04-14 03:33 94720 --a------ c:\windows\system32\btpanu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-10-23 19:34 1336560 c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
--a------ 2007-04-26 15:19 2908160 c:\program files\ItsLabel\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--------- 2007-06-05 16:47 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 13:50 122880 c:\progra~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 iqhjsemw;iqhjsemw;c:\windows\system32\drivers\iqhjsemw.sys [2003-01-11 23424]
R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
S4 UmxPol;HIPS Policy Manager; []

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-11-28 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-12-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 08:13:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\MioNet\MioNetManager.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Heure de fin: 2008-12-02 8:22:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-02 07:21:57
ComboFix2.txt 2008-12-01 14:06:53
ComboFix3.txt 2008-12-01 14:00:28

Avant-CF: 23 220 060 160 octets libres
Après-CF: 23,266,492,416 octets libres

266 --- E O F --- 2008-11-12 20:43:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:24, on 02/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D31B763F-051F-4755-968B-C68775B8CF18} - C:\WINDOWS\system32\btpanu.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg

Réponse 3 / 31

g!rly Messages postés 18462 Statut Contributeur 406

salut sylvie,

un petit problème pour supprimer une dll...on va devoir chercher un peu plus...

post ce deux rapport stp

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

btpanu

- Type de recherche : sélectionne l'option 6 puis valide

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

Fais pareil pour :

{D31B763F-051F-4755-968B-C68775B8CF18}

@+

Réponse 4 / 31

Utilisateur anonyme

t estimo nena -;)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 31

g!rly Messages postés 18462 Statut Contributeur 406

♥

Réponse 6 / 31

Utilisateur anonyme

joli !! besos

++

Réponse 7 / 31

g!rly Messages postés 18462 Statut Contributeur 406

☺

Réponse 8 / 31

Utilisateur anonyme

lol

SYLVIE81

slt chiqui
je fais le truc et je te l'envoie

SYLVIE81

voila le premier rapport:

02/12/2008 ---- 16:10:32,31

----------------------------------
§§§§§§ [btpanu] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

*******************
[Fichier]
*******************

c:\WINDOWS\system32\btpanu.dll

*********************
[Même date]
*********************

[17/11/2008 ] ---> C:\TB.txt
[17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§

----------------------------------
voici le second:

02/12/2008 ---- 16:10:32,31

----------------------------------
§§§§§§ [btpanu] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

*******************
[Fichier]
*******************

c:\WINDOWS\system32\btpanu.dll

*********************
[Même date]
*********************

[17/11/2008 ] ---> C:\TB.txt
[17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 9 / 31

g!rly Messages postés 18462 Statut Contributeur 406

d´accord :)

Réponse 10 / 31

Utilisateur anonyme

lol

Réponse 11 / 31

g!rly Messages postés 18462 Statut Contributeur 406

Tu veux continuer chiqui ?
Tu as une touche LOL

Réponse 12 / 31

Utilisateur anonyme

non lol

te dejo nena

solamente si nos vemos esta noche para ....

hi hi

ti amo

Réponse 13 / 31

g!rly Messages postés 18462 Statut Contributeur 406

Peux tu encore poster ce rapport :

* Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREng.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

le rapport est très long; c´est normal...

SYLVIE81

slt je fais le scan et je te le fais passe @

SYLVIE81

me revoila avec mon rapport: 02/12/2008 ---- 16:10:32,31

----------------------------------
§§§§§§ [btpanu] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
@="btpanui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
@="C:\\WINDOWS\\system32\\btpanu.dll"

*******************
[Fichier]
*******************

c:\WINDOWS\system32\btpanu.dll

*********************
[Même date]
*********************

[17/11/2008 ] ---> C:\TB.txt
[17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 14 / 31

g!rly Messages postés 18462 Statut Contributeur 406

SYLVIE81

t'a recu le rapport?

SYLVIE81

je dois aller bosser je serais de retour toute a l'heure @+

Réponse 15 / 31

g!rly Messages postés 18462 Statut Contributeur 406

d´accord, sylvie, bon courage
à ton retour repost le rapport de s-reng; post le en deux parties, car apparament il est trop long pour passer d´un seul block
@+

SYLVIE81

VOILA LE RAPPORT:

2008-12-02,16:30:08

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
API HOOK
Hidden Process

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<ccleaner><"C:\Program Files\CCleaner\CCleaner.exe" /AUTO> [(Verified)Piriform Ltd]
<BackupNotify><c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe> [ ]
<WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [File is missing]
<Shareaza><"C:\Program Files\Shareaza\Shareaza.exe" -tray> [File is missing]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [File is missing]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<TrojanScanner><C:\Program Files\Trojan Remover\Trjscan.exe /boot> [(Verified)Simply Super Software]
<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><%systemroot%\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
<WinlogonNotify: PFW><UmxWnp.Dll> [CA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Lecteur Windows Media><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ccleaner><; "C:\Program Files\CCleaner\CCleaner.exe" /AUTO> [(Verified)Piriform Ltd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ItsTV><; "C:\Program Files\ItsLabel\ItsTV.exe"> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MessengerPlus3><; "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou]
<msnmsgr><; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe> [Nero AG]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SpybotSD TeaTimer><; C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
<WOOKIT><; C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WOOWATCH><; C:\PROGRA~1\Wanadoo\Watch.exe> [France Télécom R&D]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[CaCCProvSP / CaCCProvSP][Stopped/Disabled]
<"C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"><(File is missing)>
[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
<C:\WINDOWS\System32\FTRTSVC.exe><France Telecom>
[GoogleDesktopManager / GoogleDesktopManager][Stopped/Manual Start]
<"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Service de l'iPod / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[MioNet Service / MioNet][Running/Auto Start]
<"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"><N/A>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\System32\HPZipm12.exe><HP>
[ServiceLayer / ServiceLayer][Running/Manual Start]
<"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[HIPS Event Manager / UmxAgent][Stopped/Disabled]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"><(File is missing)>
[HIPS Configuration Interpreter / UmxCfg][Stopped/Disabled]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"><(File is missing)>
[HIPS Firewall Helper / UmxFwHlp][Stopped/Disabled]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe"><(File is missing)>
[HIPS Policy Manager / UmxPol][Stopped/Disabled]
<><(File is missing)>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[PPdus ASPI Shell / Afc][Running/Manual Start]
<system32\drivers\Afc.sys><Arcsoft, Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<System32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<System32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<System32\DRIVERS\HPZius12.sys><HP>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<System32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[iqhjsemw / iqhjsemw][Running/Boot Start]
<\SystemRoot\system32\drivers\iqhjsemw.sys><N/A>
[KmxAgent / KmxAgent][Running/System Start]
<System32\DRIVERS\kmxagent.sys><CA>
[KmxCF / KmxCF][Running/Auto Start]
<System32\DRIVERS\KmxCF.sys><CA>
[KmxCfg / KmxCfg][Running/Manual Start]
<System32\DRIVERS\kmxcfg.sys><CA>
[KmxFile / KmxFile][Running/System Start]
<System32\DRIVERS\KmxFile.sys><CA>
[KmxFw / KmxFw][Running/System Start]
<System32\DRIVERS\kmxfw.sys><CA>
[KmxSbx / KmxSbx][Running/Auto Start]
<System32\DRIVERS\KmxSbx.sys><CA>
[KmxStart / KmxStart][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kmxstart.sys><CA>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<System32\DRIVERS\mdmxsdk.sys><Conexant>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Ps2 / Ps2][Running/Manual Start]
<System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Hercules USB WiFi Transmitter Driver / RT73][Stopped/Manual Start]
<system32\DRIVERS\rt73.sys><N/A>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315][Stopped/Manual Start]
<System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Alcor Micro Corp - 9360 / SunkFilt][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[HP && Alcor Micro Corp for Phison / Sunkfiltp][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys><N/A>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[VIA AGP Filter / viaagp1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Stopped/Manual Start]
<System32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics, Inc.>
[winachsf / winachsf][Running/Manual Start]
<System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Philips SPC210NC Webcam / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
Browser Add-ons
[]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, >
[adssite]
{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} <C:\WINDOWS\system32\nsl47.dll, >
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{64F56FC1-1272-44CD-BA6E-39723696E350} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[]
{D31B763F-051F-4755-968B-C68775B8CF18} <C:\WINDOWS\system32\btpanu.dll, N/A>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, (Signed) Yahoo! Inc.>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <, >
[Java Plug-in 1.4.2]
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <, >
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <, >
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <, >
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6} <C:\WINDOWS\system32\btpanu.dll, N/A>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, >
[]
{1462651F-F4BA-4C76-A001-C4284D0FE16E} <, >
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, >
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[adssite]
{21FD0B23-527D-0DA7-4BF1-F33DFC5F2DD0} <C:\WINDOWS\system32\nsl47.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{35065594-9169-4A34-B167-FC4865038E53} <, >
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
{40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B} <, >
[]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <, >
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <, >
[]
{64F56FC1-1272-44CD-BA6E-39723696E350} <, >
[]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <, >
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >

SYLVIE81

voila l'autre bout du rapport
[]
{E13AAC70-70AE-4988-808C-B267F2C20E79} <, >
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
<https://onedrive.live.com/?id=favorites N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 404 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\Ati2evxx.dll] [, ]
[C:\WINDOWS\system32\UmxWnp.Dll] [CA, 6, 0, 0, 5]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 744 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 812 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 880 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1156 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1236 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1292 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
[PID: 1348 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 8, 1287, 0]
[PID: 1372 / Propriétaire][C:\WINDOWS\system32\Ati2evxx.exe] [, ]
[PID: 1696 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.236.1.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm309.dll] [HP, 2.236.1.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku09.dll] [HP, 2.236.1.0]
[PID: 932 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\FTRTSVC.exe] [France Telecom, 11.0 (4)]
[C:\WINDOWS\System32\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
[PID: 1208 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.4.1368.5602.beta]
[PID: 1408 / SYSTEM][C:\Program Files\MioNet\MioNetManager.exe] [N/A, ]
[PID: 1144 / SYSTEM][C:\Program Files\MioNet\jvm\bin\MioNet.exe] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\client\jvm.dll] [Sun Microsystems, Inc., 1.4.2.50]
[C:\Program Files\MioNet\jvm\bin\hpi.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\verify.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\java.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\zip.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\awt.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\fontmanager.dll] [N/A, ]
[C:\WINDOWS\Resources\themes\Luna\Luna.msstyles] [Microsoft, 1, 0, 0, 1]
[C:\Program Files\MioNet\WindowsUtil.dll] [, 1, 0, 0, 1]
[C:\Program Files\MioNet\RouterDll.dll] [N/A, ]
[C:\WINDOWS\system32\ndisapi.dll] [NT Kernel Resources, 2, 4, 0, 1]
[C:\Program Files\MioNet\TrayIconDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\MioNet\wrapper.dll] [N/A, ]
[C:\Program Files\MioNet\jvm\bin\net.dll] [N/A, ]
[C:\Program Files\MioNet\RegistryDll.dll] [, 1, 0, 0, 1]
[PID: 1944 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1896 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 8, 1287, 0]
[PID: 220 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1287, 0]
[PID: 988 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2500 / Propriétaire][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1287, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1287, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1287, 0]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1287, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1287, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1287, 0]
[PID: 2628 / Propriétaire][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 84, 78, 3]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 84, 100, 4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL] [Nokia, 6, 84, 20, 3]
[C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
[C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 84, 37, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_fre.NLR] [Nokia, 6, 84, 81, 2]
[PID: 2648 / Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2968 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe] [Nokia., 6, 84, 83, 3]
[C:\Program Files\PC Connectivity Solution\NclTools.dll] [Nokia, 6, 84, 33, 0]
[C:\Program Files\PC Connectivity Solution\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 84, 33, 0]
[C:\Program Files\PC Connectivity Solution\Transports\NCLRSMM.dll] [Nokia Corp., 6, 84, 41, 0]
[C:\Program Files\PC Connectivity Solution\Transports\NCLUSBMM.dll] [Nokia Corp., 6, 84, 55, 1]
[C:\Program Files\PC Connectivity Solution\Transports\NclMSBTMM.dll] [Nokia Corp., 6, 84, 55, 0]
[PID: 3160 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3404 / Propriétaire][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 1, 0, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 6, 6, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\TROJAN~1\Trshlex.dll] [Simply Super Software, 1.0.8.46]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1287, 0]
[C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,0,201,0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 6, 0, 12]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,10,1, 8600]
[C:\WINDOWS\system32\LCODCCMP.DLL] [LEAD Technologies, Inc., 1.0.0.013]
[C:\WINDOWS\system32\mcdvd_32.dll] [MainConcept, 2.0.4]
[C:\WINDOWS\system32\L3CODECA.ACM] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 3604 / Propriétaire][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.4]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.4]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.4]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.4]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll] [Google, 5.1.706.29690]
[C:\Program Files\Mozilla Firefox\components\nsbads.dll] [ , 4, 6, 2, 1]
[C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll] [N/A, ]
[C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.72]
[C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll] [N/A, ]
[C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.4]
[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102]
[PID: 1800 / Propriétaire][C:\Program Files\eMule\emule.exe] 0.49.1 Unicode
[C:\Program Files\eMule\lang\fr_FR.dll] 0.49.1
[PID: 716 / Propriétaire][C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 436 / Propriétaire][C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\SREbe043cc3.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 932, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2628, C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2968, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1800, C:\PROGRAM FILES\EMULE\EMULE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 716, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SRENGLDR.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 436, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SREBE043CC3.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 436, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SREBE043CC3.EXE]

==================================
Scheduled Tasks
[Enabled] Vérifier les mises à jour de Windows Live Toolbar.job
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
[Enabled] Norton Security Scan.job
C:\Program Files\Norton Security Scan\Nss.exe
[Enabled] Maintenance en 1 clic.job
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
[Enabled] Connexion Facile à Internet.job
C:\Program Files\Easy Internet signup\HPSdpApp.exe
[Enabled] AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[Enabled] WebReg 20081118064951.job
c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

je suis invité ce soir je te dit a demain ou laisse moi un message pour la suite
bye

Réponse 16 / 31

g!rly Messages postés 18462 Statut Contributeur 406

fais analyser ce fichier :

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
c:\windows\system32\drivers\iqhjsemw.sys
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

bonne soirée :)

@+

SYLVIE81

hello
je ne trouve pas le dossier ou peut il etre?

Réponse 17 / 31

g!rly Messages postés 18462 Statut Contributeur 406

salut sylvie essaie comme ca :

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer !

ensuite recherche a nouveau :

c:\windows\system32\drivers\iqhjsemw.sys

et fais le anaylser

@+

SYLVIE81

dans pano config je ne trouve pas :opion des dossiers?

Réponse 18 / 31

g!rly Messages postés 18462 Statut Contributeur 406

alors ouvre n´importe quel dossier puis click sur l´onglet : outils > puis sur option des dossier puissur l´onglet affichage

puis

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer !

ensuite recherche a nouveau :

c:\windows\system32\drivers\iqhjsemw.sys

et fais le anaylser

@+

SYLVIE81

slt ,g!rly
quand je vais sur le site pour l'analyse il apparait ceci :
error:unable to connect to database,the administror has already been notified ...
j'ai recommenser plusieurs fois et c'est toujours pareille;
tu as une autre solution?
je reessayrais en attendant de tes nouvelles
@+

SYLVIE81

le site pour le scan c'est ouvert mais impossible de trouver le fichier
windows system 32 drivers ighjsemw sys
je ne me desespere pas je vais encore essaye
@+

SYLVIE81

quand je fais parcourir le dossier windows s'ouvre mais il n'y a que :ntdll.dll et smss.exe

SYLVIE81

peux etre que je fais une mauvaise une manipulation quand je clic sur parcourir, windows s'ouvre et je trouve les deux trucs que je t'ais dit plus hauts bon a plus

Réponse 19 / 31

g!rly Messages postés 18462 Statut Contributeur 406

Bon sylvie on va le supprimer car il me parait vraiment pas catholique de toute façon...

Copie le texte ci-dessous :

File::
c:\WINDOWS\system32\btpanu.dll
C:\TB.txt
c:\windows\system32\drivers\iqhjsemw.sys

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]

Driver::
iqhjsemw

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

SYLVIE81

COMBO NE VEUT PAS ME PRENDRE LE FICHIER IL DIT QU4IL EST MAL ECRIT
CFSscript.txt.
PEUT ETRE QU EN MINISCULE CA VA PASSE,
je peux le faire tu croit

SYLVIE81

bon je vais bosser 2 heures et je reviens laisse moi un message @+

SYLVIE81

j'attend de tes nouvelles a bientot, car les enfants on besoin de l'ordi @+

SYLVIE81

slt g!rly,
j'ai fait le scan mais en l'ecrivant en miniscule ,il a marcher, je sais que l'on ne doit pas faire des choses sans l'avis d'expert ,mais je me suis dit que se ne serait pas trops grave
donc voila les deux raport

ComboFix 08-11-30.02 - Propriétaire 2008-12-05 7:01:38.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.361 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\cfscript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\TB.txt
c:\windows\system32\btpanu.dll
c:\windows\system32\drivers\iqhjsemw.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\TB.txt
c:\windows\system32\btpanu.dll
c:\windows\system32\drivers\iqhjsemw.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IQHJSEMW
-------\Service_iqhjsemw

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-05 au 2008-12-05 ))))))))))))))))))))))))))))))))))))
.

2008-12-02 15:57 . 2008-12-04 16:35 53,946 --a------ c:\windows\system32\cont_adssite-remove.exe
2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
2008-11-27 15:36 . 2008-11-27 15:36 670,208 --a------ c:\windows\system32\nsu111.dll
2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-04 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-03 15:38 --------- d-----w c:\program files\eMule
2008-12-02 07:20 --------- d-----w c:\program files\Wanadoo
2008-12-01 15:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 15:29 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
2008-12-01 14:31 --------- d-----w c:\program files\Mystery Case Files - Huntsville
2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
2008-11-04 09:11 --------- d-----w c:\program files\Picasa2
2008-11-04 08:11 --------- d-----w c:\program files\Jewelleria
2008-11-03 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Valusoft
2008-11-03 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\Valusoft
2008-11-02 17:22 --------- d-----w c:\program files\Miss Teri Tale - Vote 4 Me
2008-11-02 13:05 --------- d-----w c:\documents and settings\Propriétaire\Application Data\MysteryStudio
2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
2008-11-01 09:43 --------- d-----w c:\program files\Mystery Stories - Island of Hope
2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-06 13:27 --------- d-----w c:\program files\Azureus
2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-01_14.59.03,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2008-11-10 10:10:05 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
+ 2008-12-01 18:50:47 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
- 2008-07-18 20:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-07-18 20:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 13:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2008-07-18 20:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 13:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-18 20:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-18 20:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-18 20:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-18 20:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-18 20:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-12-05 06:08:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_508.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0}]
2008-11-27 15:36 670208 --a------ c:\windows\system32\nsu111.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2007-06-05 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"ItsTV"="c:\program files\ItsLabel\ItsTV.exe" [2007-04-26 2908160]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
S4 UmxPol;HIPS Policy Manager; []

*Newly Created Service* - IQHJSEMW
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-11-28 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-12-05 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 07:08:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\MioNet\MioNetManager.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Heure de fin: 2008-12-05 7:14:19 - La machine a redémarré [Propriétaire]
ComboFix-quarantined-files.txt 2008-12-05 06:14:16
ComboFix2.txt 2008-12-02 07:22:04
ComboFix3.txt 2008-12-01 14:06:53
ComboFix4.txt 2008-12-01 14:00:28

Avant-CF: 26 667 192 320 octets libres
Après-CF: 26,801,917,952 octets libres

289 --- E O F --- 2008-11-12 20:43:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:16:44, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: adssite - {21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} - C:\WINDOWS\system32\nsu111.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ItsTV] ; "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] ; C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] ; "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WOOKIT] ; C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] ; C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MessengerPlus3] ; "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg

Réponse 20 / 31

g!rly Messages postés 18462 Statut Contributeur 406

salut,

prends le script ici :

http://sd-1.archive-host.com/membres/up/1366464061/cfscript.rar

dezip le sur ton bureau et :

http://sd-1.archive-host.com/membres/up/1366464061/CFScriptB-4.gif

Discussions similaires

Problème de restrictions

quel est la différence absolu et relative

GeForce Experience "Impossible de récuperer les paramètres"

Trouvez une valeur relative dans un tableau

Clés et valeurs de registre infecte?

31 réponses

Votre réponse

Discussions similaires

Newsletters