Clés et valeurs de registre infecte?

Résolu
SYLVIE81 -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
il y a quelque jours que je suis infecte par un malware toll, un adware bho et des trojans qui se trouvent dans les cles et valeurs de registre la personne qui m'aidais m'a laisser tomber qui peux m'aider ?
voila un rapport hij et un malwarebyte:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1428
Windows 5.1.2600 Service Pack 3

01/12/2008 14:24:20
mbam-log-2008-12-01 (14-24-20).txt

Type de recherche: Examen rapide
Eléments examinés: 56733
Temps écoulé: 9 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d31b763f-051f-4755-968b-c68775b8cf18} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d31b763f-051f-4755-968b-c68775b8cf18} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\btpanu.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\nsy780.dll (Adware.BHO) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:34, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: adssite - {21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} - C:\WINDOWS\system32\nsy780.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D31B763F-051F-4755-968B-C68775B8CF18} - C:\WINDOWS\system32\btpanu.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg

--
End of file - 8670 bytes

avast me trouve aussi un virus remover 2008

merci a ceux qui me rpondront
Configuration: Windows XP
Firefox 3.0.4

31 réponses

  • 1
  • 2
Résumé de la discussion

Infection par un malware et adware localisés dans les clés et valeurs du registre, détectée par HijackThis et des rapports Malwarebytes, notamment Trojan.BHO.H et Adware.BHO, avec des éléments à supprimer lors du redémarrage. Des solutions proposées visent à nettoyer les fichiers et entrées problématiques, comme btpanu.dll et nsy780.dll, via Combofix et CFScript pour supprimer les entrées BHO et les clés du registre associées. Des conseils complémentaires recommandent de désinstaller Avast et d'activer des protections supplémentaires comme ZoneAlarm et SpywareBlaster, puis de partager les rapports Combofix et HijackThis pour vérification ultérieure. Certains éléments suspects issus de la liste incluent des entrées de registre et des fichiers système dans Windows\System32, signalés comme à supprimer au reboot et nécessitant une vérification après redémarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    0
    1. SYLVIE81
       
      merci pour ton aide voici le rapport
      ComboFix 08-11-30.02 - Propriétaire 2008-12-01 15:03:03.4 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.404 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
      2008-12-01 14:24 . 2008-12-01 14:24 61,440 --a------ c:\windows\system32\drivers\ciox.sys
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
      2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
      2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
      2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
      2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
      2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
      2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
      2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
      2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
      2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
      2008-11-17 16:17 . 2008-11-17 16:17 96,088 --a------ c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
      2008-11-17 16:17 . 2008-04-14 03:33 94,720 --a------ c:\windows\system32\btpanu.dll
      2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
      2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
      2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
      2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
      2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania
      2008-11-04 10:11 . 2008-11-04 10:11 <REP> d-------- c:\program files\Picasa2
      2008-11-04 09:10 . 2008-11-04 09:11 <REP> d-------- c:\program files\Jewelleria
      2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Valusoft
      2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Valusoft
      2008-11-02 18:22 . 2008-11-02 18:22 <REP> d-------- c:\program files\Miss Teri Tale - Vote 4 Me
      2008-11-02 17:59 . 2008-11-29 12:28 <REP> d-------- c:\program files\Mystery Case Files - Huntsville
      2008-11-02 14:05 . 2008-11-02 14:05 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\MysteryStudio
      2008-11-01 10:43 . 2008-11-01 10:43 <REP> d-------- c:\program files\Mystery Stories - Island of Hope

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-01 13:01 53,946 ----a-w c:\windows\system32\cont_adssite-remove.exe
      2008-12-01 13:00 --------- d-----w c:\program files\eMule
      2008-12-01 11:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
      2008-11-29 12:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
      2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
      2008-11-27 15:18 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
      2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
      2008-11-20 15:28 --------- d-----w c:\program files\Wanadoo
      2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
      2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
      2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
      2008-11-02 15:30 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
      2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
      2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
      2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
      2008-10-31 11:44 554,496 ----a-w c:\windows\system32\nswA.dll
      2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
      2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
      2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
      2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
      2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
      2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
      2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
      2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
      2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
      2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
      2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
      2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
      2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
      2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
      2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
      2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
      2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
      2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
      2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
      2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
      2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
      2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
      2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
      2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
      2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
      2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
      2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
      2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
      2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
      2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
      2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
      2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
      2008-10-12 14:40 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
      2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
      2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
      2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
      2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
      2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
      2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
      2008-10-06 13:27 --------- d-----w c:\program files\Azureus
      2008-10-03 09:10 --------- d-----w c:\program files\Eurobarre
      2008-10-03 09:10 --------- d-----w c:\program files\Easy Internet signup
      2008-10-03 09:10 --------- d-----w c:\program files\DivX
      2008-10-03 09:06 --------- d-----w c:\program files\PhotoFiltre
      2008-10-02 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jasc
      2008-10-02 10:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
      2008-10-02 10:31 --------- d-----w c:\program files\Jasc Software Inc
      2008-10-02 10:29 --------- d-----w c:\program files\Seagrand
      2008-10-02 09:05 --------- d-----w c:\program files\UnFREEz
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
      2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
      2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
      2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
      2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
      2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
      2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
      2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
      2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]
      2008-04-14 03:33 94720 --a------ c:\windows\system32\btpanu.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
      "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
      "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
      "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
      "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
      2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
      backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
      backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
      --a------ 2008-10-23 19:34 1336560 c:\program files\CCleaner\CCleaner.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
      --a------ 2007-04-26 15:19 2908160 c:\program files\ItsLabel\ItsTV.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
      --------- 2007-06-05 16:47 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahs---- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      --a------ 2004-08-23 13:50 122880 c:\progra~1\Wanadoo\Shell.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R0 iqhjsemw;iqhjsemw;c:\windows\system32\drivers\iqhjsemw.sys [2003-01-11 23424]
      R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
      R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
      R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
      R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
      R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
      R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
      R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
      R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
      S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
      S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
      S4 UmxPol;HIPS Policy Manager; []
      .
      Contenu du dossier 'Tâches planifiées'

      2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
      - c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

      2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

      2008-11-28 c:\windows\Tasks\Norton Security Scan.job
      - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

      2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

      2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
      - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-Shareaza - c:\program files\Shareaza\Shareaza.exe


      .
      ------- Examen supplémentaire -------
      .
      FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\
      FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st/
      FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
      FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npgcplug.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsubdo.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
      FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
      FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-01 15:05:03
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(516)
      c:\windows\system32\Ati2evxx.dll
      c:\windows\system32\UmxWnp.Dll
      .
      Heure de fin: 2008-12-01 15:06:47
      ComboFix-quarantined-files.txt 2008-12-01 14:06:25
      ComboFix2.txt 2008-12-01 14:00:28

      Avant-CF: 23 272 034 304 octets libres
      Après-CF: 23,259,406,336 octets libres

      253 --- E O F --- 2008-11-12 20:43:43
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    la suite :

    Copie le texte ci-dessous :

    File::
    c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
    c:\windows\system32\btpanu.dll
    c:\windows\system32\cont_adssite-remove.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. SYLVIE81
       
      salut
      voila les rapports que tu m'a demandé

      ComboFix 08-11-30.02 - Propriétaire 2008-12-02 8:06:46.5 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.206 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
      Commutateurs utilisés :: C:\cfscript.txt
      * Un nouveau point de restauration a été créé

      FILE ::
      c:\windows\system32\btpanu.dll
      c:\windows\system32\cont_adssite-remove.exe
      c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\cont_adssite-remove.exe
      c:\windows\system32\pzdzzoluumxwsww.dll-uninst.exe
      c:\windows\system32\btpanu.dll . . . . impossible à supprimer

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-01 19:52 . 2008-12-01 19:52 54,156 --ah----- c:\windows\QTFont.qfn
      2008-12-01 19:52 . 2008-12-01 19:52 1,409 --a------ c:\windows\QTFont.for
      2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
      2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
      2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
      2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
      2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
      2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
      2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
      2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
      2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
      2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
      2008-11-17 16:17 . 2008-04-14 03:33 94,720 --a------ c:\windows\system32\btpanu.dll
      2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
      2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
      2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
      2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
      2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania
      2008-11-04 10:11 . 2008-11-04 10:11 <REP> d-------- c:\program files\Picasa2
      2008-11-04 09:10 . 2008-11-04 09:11 <REP> d-------- c:\program files\Jewelleria
      2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Valusoft
      2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Valusoft
      2008-11-02 18:22 . 2008-11-02 18:22 <REP> d-------- c:\program files\Miss Teri Tale - Vote 4 Me
      2008-11-02 17:59 . 2008-12-01 15:31 <REP> d-------- c:\program files\Mystery Case Files - Huntsville
      2008-11-02 14:05 . 2008-11-02 14:05 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\MysteryStudio

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-02 07:17 --------- d-----w c:\program files\Wanadoo
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
      2008-12-02 07:12 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
      2008-12-01 15:59 --------- d-----w c:\program files\eMule
      2008-12-01 15:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-12-01 15:29 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
      2008-12-01 11:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
      2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
      2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
      2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
      2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
      2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
      2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
      2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
      2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
      2008-11-01 09:43 --------- d-----w c:\program files\Mystery Stories - Island of Hope
      2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
      2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
      2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
      2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
      2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
      2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
      2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
      2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
      2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
      2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
      2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
      2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
      2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
      2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
      2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
      2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
      2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
      2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
      2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
      2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
      2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
      2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
      2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
      2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
      2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
      2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
      2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
      2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
      2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
      2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
      2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
      2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
      2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
      2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
      2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
      2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
      2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
      2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
      2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
      2008-10-06 13:27 --------- d-----w c:\program files\Azureus
      2008-10-03 09:10 --------- d-----w c:\program files\Eurobarre
      2008-10-03 09:10 --------- d-----w c:\program files\Easy Internet signup
      2008-10-03 09:10 --------- d-----w c:\program files\DivX
      2008-10-03 09:06 --------- d-----w c:\program files\PhotoFiltre
      2008-10-02 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jasc
      2008-10-02 10:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
      2008-10-02 10:31 --------- d-----w c:\program files\Jasc Software Inc
      2008-10-02 10:29 --------- d-----w c:\program files\Seagrand
      2008-10-02 09:05 --------- d-----w c:\program files\UnFREEz
      2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
      2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
      2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
      2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
      2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
      2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-12-01_14.59.03,53 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-11-10 10:10:05 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
      + 2008-12-01 18:50:47 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
      + 2008-12-02 07:13:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]
      2008-04-14 03:33 94720 --a------ c:\windows\system32\btpanu.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
      "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
      "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
      "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [BU]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
      "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]
      "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
      2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
      backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
      backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
      --a------ 2008-10-23 19:34 1336560 c:\program files\CCleaner\CCleaner.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
      --a------ 2007-04-26 15:19 2908160 c:\program files\ItsLabel\ItsTV.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
      --------- 2007-06-05 16:47 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahs---- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      --a------ 2004-08-23 13:50 122880 c:\progra~1\Wanadoo\Shell.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R0 iqhjsemw;iqhjsemw;c:\windows\system32\drivers\iqhjsemw.sys [2003-01-11 23424]
      R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
      R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
      R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
      R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
      R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
      R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
      R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
      R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
      S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
      S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
      S4 UmxPol;HIPS Policy Manager; []

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Tâches planifiées'

      2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
      - c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

      2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

      2008-11-28 c:\windows\Tasks\Norton Security Scan.job
      - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

      2008-12-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

      2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
      - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-02 08:13:34
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(532)
      c:\windows\system32\Ati2evxx.dll
      c:\windows\system32\UmxWnp.Dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\ati2evxx.exe
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\ati2evxx.exe
      c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\windows\system32\FTRTSVC.exe
      c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
      c:\program files\MioNet\MioNetManager.exe
      c:\program files\MioNet\jvm\bin\MioNet.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-12-02 8:22:01 - La machine a redémarré
      ComboFix-quarantined-files.txt 2008-12-02 07:21:57
      ComboFix2.txt 2008-12-01 14:06:53
      ComboFix3.txt 2008-12-01 14:00:28

      Avant-CF: 23 220 060 160 octets libres
      Après-CF: 23,266,492,416 octets libres

      266 --- E O F --- 2008-11-12 20:43:43





      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 08:26:24, on 02/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\MioNet\MioNetManager.exe
      C:\Program Files\MioNet\jvm\bin\MioNet.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: (no name) - {D31B763F-051F-4755-968B-C68775B8CF18} - C:\WINDOWS\system32\btpanu.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut sylvie,

    un petit problème pour supprimer une dll...on va devoir chercher un peu plus...

    post ce deux rapport stp

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de :

    btpanu

    - Type de recherche : sélectionne l'option 6 puis valide

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
    Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

    Fais pareil pour :

    {D31B763F-051F-4755-968B-C68775B8CF18}

    @+
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. g!rly Messages postés 18462 Statut Contributeur 407
     

    0
  6. g!rly Messages postés 18462 Statut Contributeur 407
     

    0
  7. Utilisateur anonyme
     
    lol
    0
    1. SYLVIE81
       
      slt chiqui
      je fais le truc et je te l'envoie
      0
    2. SYLVIE81
       
      voila le premier rapport:

      02/12/2008 ---- 16:10:32,31

      ----------------------------------
      §§§§§§ [btpanu] §§§§§§
      ----------------------------------
      [X] Registre

      -------------- [ ] rapide
      -- Fichier --- [ ] disque systeme
      ------------- [X] complete


      ********************
      [Registre]
      ********************


      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      *******************
      [Fichier]
      *******************

      c:\WINDOWS\system32\btpanu.dll


      *********************
      [Même date]
      *********************

      [17/11/2008 ] ---> C:\TB.txt
      [17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll




      Outil Aide Diagnostic By !aur3n7 Version 1.1
      ----------------------------------
      §§§§§ Fin Rapport §§§§§

      ----------------------------------
      voici le second:


      02/12/2008 ---- 16:10:32,31

      ----------------------------------
      §§§§§§ [btpanu] §§§§§§
      ----------------------------------
      [X] Registre

      -------------- [ ] rapide
      -- Fichier --- [ ] disque systeme
      ------------- [X] complete


      ********************
      [Registre]
      ********************


      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      *******************
      [Fichier]
      *******************

      c:\WINDOWS\system32\btpanu.dll


      *********************
      [Même date]
      *********************

      [17/11/2008 ] ---> C:\TB.txt
      [17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll



      Outil Aide Diagnostic By !aur3n7 Version 1.1
      ----------------------------------
      §§§§§ Fin Rapport §§§§§
      ----------------------------------
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    d´accord :)
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    Tu veux continuer chiqui ?
    Tu as une touche LOL
    0
  10. Utilisateur anonyme
     
    non lol

    te dejo nena

    solamente si nos vemos esta noche para ....

    hi hi

    ti amo
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    Peux tu encore poster ce rapport :

    * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    le rapport est très long; c´est normal...
    0
    1. SYLVIE81
       
      slt je fais le scan et je te le fais passe @
      0
    2. SYLVIE81
       
      me revoila avec mon rapport: 02/12/2008 ---- 16:10:32,31

      ----------------------------------
      §§§§§§ [btpanu] §§§§§§
      ----------------------------------
      [X] Registre

      -------------- [ ] rapide
      -- Fichier --- [ ] disque systeme
      ------------- [X] complete


      ********************
      [Registre]
      ********************


      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A85-A7A4-FCE7D97676E6}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
      @="btpanui.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
      @="C:\\WINDOWS\\system32\\btpanu.dll"

      *******************
      [Fichier]
      *******************

      c:\WINDOWS\system32\btpanu.dll


      *********************
      [Même date]
      *********************

      [17/11/2008 ] ---> C:\TB.txt
      [17/11/2008 ] ---> C:\WINDOWS\system32\btpanu.dll



      Outil Aide Diagnostic By !aur3n7 Version 1.1
      ----------------------------------
      §§§§§ Fin Rapport §§§§§
      ----------------------------------
      0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    0
    1. SYLVIE81
       
      t'a recu le rapport?
      0
    2. SYLVIE81
       
      je dois aller bosser je serais de retour toute a l'heure @+
      0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    d´accord, sylvie, bon courage
    à ton retour repost le rapport de s-reng; post le en deux parties, car apparament il est trop long pour passer d´un seul block
    @+
    0
    1. SYLVIE81
       
      VOILA LE RAPPORT:

      2008-12-02,16:30:08

      System Repair Engineer 2.7.0.1210
      Smallfrogs (http://www.KZTechs.com)

      Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

      Follow item(s) have been selected:
      All Boot Items (Including Registry, Startup Folders, Services and so on)
      Browser Add-ons
      Running Processes (Including process model information)
      File Associations
      Winsock Provider
      Autorun.Inf
      HOSTS File
      Process Privileges Scan
      Scheduled Tasks
      API HOOK
      Hidden Process


      Boot Items
      Registry
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
      <ccleaner><"C:\Program Files\CCleaner\CCleaner.exe" /AUTO> [(Verified)Piriform Ltd]
      <BackupNotify><c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe> [ ]
      <WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [File is missing]
      <Shareaza><"C:\Program Files\Shareaza\Shareaza.exe" -tray> [File is missing]
      <SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      <UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [File is missing]
      <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
      <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
      <TrojanScanner><C:\Program Files\Trojan Remover\Trjscan.exe /boot> [(Verified)Simply Super Software]
      <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
      <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
      <AppInit_DLLs><> [N/A]
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      <UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
      <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
      <WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
      <SysTray><%systemroot%\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
      <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
      <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
      <WinlogonNotify: PFW><UmxWnp.Dll> [CA]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
      <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
      <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
      <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      <Lecteur Windows Media><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
      <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
      <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
      <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
      <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
      <Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
      <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
      <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
      <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <ccleaner><; "C:\Program Files\CCleaner\CCleaner.exe" /AUTO> [(Verified)Piriform Ltd]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <ItsTV><; "C:\Program Files\ItsLabel\ItsTV.exe"> []
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <MessengerPlus3><; "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou]
      <msnmsgr><; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <NeroFilterCheck><; C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe> [Nero AG]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <SpybotSD TeaTimer><; C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
      <WOOKIT><; C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      <WOOWATCH><; C:\PROGRA~1\Wanadoo\Watch.exe> [France Télécom R&D]

      ==================================
      Startup Folders
      N/A

      ==================================
      Services
      [Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
      <"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
      [Gestion d'applications / AppMgmt][Stopped/Manual Start]
      <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
      [ASP.NET State Service / aspnet_state][Stopped/Manual Start]
      <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
      [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
      <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
      [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
      <C:\WINDOWS\System32\Ati2evxx.exe><>
      [avast! Antivirus / avast! Antivirus][Running/Auto Start]
      <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
      [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
      <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
      [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
      <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
      [CaCCProvSP / CaCCProvSP][Stopped/Disabled]
      <"C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"><(File is missing)>
      [France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
      <C:\WINDOWS\System32\FTRTSVC.exe><France Telecom>
      [GoogleDesktopManager / GoogleDesktopManager][Stopped/Manual Start]
      <"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
      [Google Updater Service / gusvc][Running/Auto Start]
      <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
      [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
      <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
      [Service de l'iPod / iPod Service][Stopped/Manual Start]
      <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
      [MioNet Service / MioNet][Running/Auto Start]
      <"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"><N/A>
      [NBService / NBService][Stopped/Manual Start]
      <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
      [NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
      <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
      [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
      <C:\WINDOWS\System32\HPZipm12.exe><HP>
      [ServiceLayer / ServiceLayer][Running/Manual Start]
      <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
      [HIPS Event Manager / UmxAgent][Stopped/Disabled]
      <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"><(File is missing)>
      [HIPS Configuration Interpreter / UmxCfg][Stopped/Disabled]
      <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"><(File is missing)>
      [HIPS Firewall Helper / UmxFwHlp][Stopped/Disabled]
      <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe"><(File is missing)>
      [HIPS Policy Manager / UmxPol][Stopped/Disabled]
      <><(File is missing)>
      [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
      <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

      ==================================
      Drivers
      [PPdus ASPI Shell / Afc][Running/Manual Start]
      <system32\drivers\Afc.sys><Arcsoft, Inc.>
      [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
      <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
      [aswFsBlk / aswFsBlk][Running/Auto Start]
      <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
      [ati2mtag / ati2mtag][Running/Manual Start]
      <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
      [Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]
      <System32\DRIVERS\el90xbc5.sys><3Com Corporation>
      [GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
      <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
      [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
      <System32\DRIVERS\HPZid412.sys><HP>
      [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
      <System32\DRIVERS\HPZipr12.sys><HP>
      [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
      <System32\DRIVERS\HPZius12.sys><HP>
      [HSFHWBS2 / HSFHWBS2][Running/Manual Start]
      <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
      [HSF_DP / HSF_DP][Running/Manual Start]
      <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
      [ialm / ialm][Stopped/Manual Start]
      <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
      [iqhjsemw / iqhjsemw][Running/Boot Start]
      <\SystemRoot\system32\drivers\iqhjsemw.sys><N/A>
      [KmxAgent / KmxAgent][Running/System Start]
      <System32\DRIVERS\kmxagent.sys><CA>
      [KmxCF / KmxCF][Running/Auto Start]
      <System32\DRIVERS\KmxCF.sys><CA>
      [KmxCfg / KmxCfg][Running/Manual Start]
      <System32\DRIVERS\kmxcfg.sys><CA>
      [KmxFile / KmxFile][Running/System Start]
      <System32\DRIVERS\KmxFile.sys><CA>
      [KmxFw / KmxFw][Running/System Start]
      <System32\DRIVERS\kmxfw.sys><CA>
      [KmxSbx / KmxSbx][Running/Auto Start]
      <System32\DRIVERS\KmxSbx.sys><CA>
      [KmxStart / KmxStart][Running/Boot Start]
      <\SystemRoot\System32\DRIVERS\kmxstart.sys><CA>
      [mdmxsdk / mdmxsdk][Running/Auto Start]
      <System32\DRIVERS\mdmxsdk.sys><Conexant>
      [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
      <system32\drivers\nmwcd.sys><Nokia>
      [Nokia USB Generic / nmwcdc][Stopped/Manual Start]
      <system32\drivers\nmwcdc.sys><Nokia>
      [Nokia USB Port / nmwcdcj][Stopped/Manual Start]
      <system32\drivers\nmwcdcj.sys><Nokia>
      [Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
      <system32\drivers\nmwcdcm.sys><Nokia>
      [nv / nv][Stopped/Manual Start]
      <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
      [NVIDIA nForce AGP Bus Filter / nv_agp][Stopped/Boot Start]
      <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
      [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
      <\??\C:\WINDOWS\System32\PCAMPR5.SYS><N/A>
      [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
      <\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
      [Padus ASPI Shell / pfc][Running/Manual Start]
      <system32\drivers\pfc.sys><Padus, Inc.>
      [Ps2 / Ps2][Running/Manual Start]
      <System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
      [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
      <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
      [PxHelp20 / PxHelp20][Running/Boot Start]
      <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
      [Hercules USB WiFi Transmitter Driver / RT73][Stopped/Manual Start]
      <system32\DRIVERS\rt73.sys><N/A>
      [Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
      <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
      [Secdrv / Secdrv][Stopped/Manual Start]
      <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
      [SiS315 / SiS315][Stopped/Manual Start]
      <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
      [SiS AGP Filter / SISAGP][Stopped/Boot Start]
      <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
      [SiSkp / SiSkp][Running/System Start]
      <System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
      [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
      <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
      [Alcor Micro Corp - 9360 / SunkFilt][Running/Manual Start]
      <\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
      [HP && Alcor Micro Corp for Phison / Sunkfiltp][Stopped/Manual Start]
      <\??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys><N/A>
      [Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
      <System32\Drivers\usbaapl.sys><Apple, Inc.>
      [VIA AGP Filter / viaagp1][Stopped/Boot Start]
      <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
      [viagfx / viagfx][Stopped/Manual Start]
      <System32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics, Inc.>
      [winachsf / winachsf][Running/Manual Start]
      <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
      [Philips SPC210NC Webcam / ZSMC301b][Stopped/Manual Start]
      <System32\Drivers\usbVM31b.sys><VM>
      [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
      <system32\drivers\ialmsbw.sys><Intel Corporation>
      [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
      <system32\drivers\ialmkchw.sys><Intel Corporation>

      ==================================
      Browser Add-ons
      []
      {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, >
      [adssite]
      {21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} <C:\WINDOWS\system32\nsl47.dll, >
      [Spybot-S&D IE Protection]
      {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
      []
      {64F56FC1-1272-44CD-BA6E-39723696E350} <, >
      []
      {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
      [Programme d'aide de l'Assistant de connexion Windows Live]
      {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
      [Google Toolbar Helper]
      {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
      [Google Toolbar Notifier BHO]
      {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
      [Windows Live Toolbar Helper]
      {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
      []
      {D31B763F-051F-4755-968B-C68775B8CF18} <C:\WINDOWS\system32\btpanu.dll, N/A>
      []
      {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
      [&Rechercher]
      {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
      [Spybot-S&D IE Protection]
      {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
      []
      {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
      [Messenger]
      {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
      [YInstStarter Class]
      {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, (Signed) Yahoo! Inc.>
      [Java Plug-in 1.6.0_03]
      {8AD9C840-044E-11D1-B3E9-00805F499D93} <, >
      [Java Plug-in 1.4.2]
      {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <, >
      [Java Plug-in 1.6.0_02]
      {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <, >
      [Java Plug-in 1.6.0_03]
      {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <, >
      [Java Plug-in 1.6.0_03]
      {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, (Signed) Sun Microsystems, Inc.>
      [Shockwave Flash Object]
      {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
      []
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
      []
      {087E56A7-6F5F-4A85-A7A4-FCE7D97676E6} <C:\WINDOWS\system32\btpanu.dll, N/A>
      []
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
      []
      {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, >
      []
      {1462651F-F4BA-4C76-A001-C4284D0FE16E} <, >
      [Shockwave ActiveX Control]
      {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
      [Windows Genuine Advantage Validation Tool]
      {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
      []
      {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, >
      [InformationCardSigninHelper Class]
      {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
      [adssite]
      {21FD0B23-527D-0DA7-4BF1-F33DFC5F2DD0} <C:\WINDOWS\system32\nsl47.dll, >
      [Windows Media Player]
      {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
      [&Google]
      {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
      [XML DOM Document]
      {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
      [DHTML Edit Control Safe for Scripting for IE5]
      {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
      []
      {35065594-9169-4A34-B167-FC4865038E53} <, >
      [IETag Factory]
      {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
      []
      {40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B} <, >
      []
      {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <, >
      [Microsoft Terminal Services Client Control (redist)]
      {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
      [Microsoft Terminal Services Client Control (redist)]
      {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
      [Spybot-S&D IE Protection]
      {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
      []
      {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <, >
      []
      {64F56FC1-1272-44CD-BA6E-39723696E350} <, >
      []
      {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
      [Windows Media Player]
      {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
      [MUWebControl Class]
      {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
      [Active Desktop Mover]
      {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
      [Microsoft Terminal Services Client Control (redist)]
      {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
      []
      {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <, >
      [Microsoft Terminal Services Client Control (redist)]
      {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
      []
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
      []
      {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
      0
    2. SYLVIE81
       
      voila l'autre bout du rapport
      []
      {E13AAC70-70AE-4988-808C-B267F2C20E79} <, >
      []
      {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
      []
      {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
      [XML HTTP Request]
      {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
      []
      {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
      [XML HTTP 3.0]
      {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
      [XML HTTP]
      {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
      []
      {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
      [&Windows Live Search]
      <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
      [Add to Windows &Live Favorites]
      <https://onedrive.live.com/?id=favorites N/A>
      [E&xporter vers Microsoft Excel]
      <res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000, N/A>

      ==================================
      Running Processes
      [PID: 404 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
      [C:\WINDOWS\system32\Ati2evxx.dll] [, ]
      [C:\WINDOWS\system32\UmxWnp.Dll] [CA, 6, 0, 0, 5]
      [PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
      [PID: 744 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
      [PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 812 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 880 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 1156 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 1236 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 1292 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
      [PID: 1348 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 8, 1287, 0]
      [PID: 1372 / Propriétaire][C:\WINDOWS\system32\Ati2evxx.exe] [, ]
      [PID: 1696 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
      [C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.236.1.0]
      [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm309.dll] [HP, 2.236.1.0]
      [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku09.dll] [HP, 2.236.1.0]
      [PID: 932 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
      [PID: 1140 / SYSTEM][C:\WINDOWS\System32\FTRTSVC.exe] [France Telecom, 11.0 (4)]
      [C:\WINDOWS\System32\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
      [PID: 1208 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.4.1368.5602.beta]
      [PID: 1408 / SYSTEM][C:\Program Files\MioNet\MioNetManager.exe] [N/A, ]
      [PID: 1144 / SYSTEM][C:\Program Files\MioNet\jvm\bin\MioNet.exe] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\client\jvm.dll] [Sun Microsystems, Inc., 1.4.2.50]
      [C:\Program Files\MioNet\jvm\bin\hpi.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\verify.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\java.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\zip.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\awt.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\fontmanager.dll] [N/A, ]
      [C:\WINDOWS\Resources\themes\Luna\Luna.msstyles] [Microsoft, 1, 0, 0, 1]
      [C:\Program Files\MioNet\WindowsUtil.dll] [, 1, 0, 0, 1]
      [C:\Program Files\MioNet\RouterDll.dll] [N/A, ]
      [C:\WINDOWS\system32\ndisapi.dll] [NT Kernel Resources, 2, 4, 0, 1]
      [C:\Program Files\MioNet\TrayIconDll.dll] [, 1, 0, 0, 1]
      [C:\Program Files\MioNet\wrapper.dll] [N/A, ]
      [C:\Program Files\MioNet\jvm\bin\net.dll] [N/A, ]
      [C:\Program Files\MioNet\RegistryDll.dll] [, 1, 0, 0, 1]
      [PID: 1944 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 1896 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 8, 1287, 0]
      [PID: 220 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1287, 0]
      [PID: 988 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
      [PID: 2500 / Propriétaire][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
      [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
      [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1287, 0]
      [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1287, 0]
      [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1287, 0]
      [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1287, 0]
      [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1287, 0]
      [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1287, 0]
      [PID: 2628 / Propriétaire][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 84, 78, 3]
      [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 84, 100, 4]
      [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL] [Nokia, 6, 84, 20, 3]
      [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
      [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 84, 37, 0]
      [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_fre.NLR] [Nokia, 6, 84, 81, 2]
      [PID: 2648 / Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
      [PID: 2968 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe] [Nokia., 6, 84, 83, 3]
      [C:\Program Files\PC Connectivity Solution\NclTools.dll] [Nokia, 6, 84, 33, 0]
      [C:\Program Files\PC Connectivity Solution\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 84, 33, 0]
      [C:\Program Files\PC Connectivity Solution\Transports\NCLRSMM.dll] [Nokia Corp., 6, 84, 41, 0]
      [C:\Program Files\PC Connectivity Solution\Transports\NCLUSBMM.dll] [Nokia Corp., 6, 84, 55, 1]
      [C:\Program Files\PC Connectivity Solution\Transports\NclMSBTMM.dll] [Nokia Corp., 6, 84, 55, 0]
      [PID: 3160 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
      [PID: 3404 / Propriétaire][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
      [C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 1, 0, 0]
      [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 6, 6, 0]
      [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
      [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\PROGRA~1\TROJAN~1\Trshlex.dll] [Simply Super Software, 1.0.8.46]
      [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1287, 0]
      [C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,0,201,0]
      [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 6, 0, 12]
      [C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
      [C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
      [C:\WINDOWS\system32\msdmo.dll] [, ]
      [C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,10,1, 8600]
      [C:\WINDOWS\system32\LCODCCMP.DLL] [LEAD Technologies, Inc., 1.0.0.013]
      [C:\WINDOWS\system32\mcdvd_32.dll] [MainConcept, 2.0.4]
      [C:\WINDOWS\system32\L3CODECA.ACM] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
      [PID: 3604 / Propriétaire][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.4]
      [C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.4]
      [C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
      [C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
      [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
      [C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.1]
      [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
      [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
      [C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
      [C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.1]
      [C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.1]
      [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.1.1 Basic ECC]
      [C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.4]
      [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.4]
      [C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll] [Google, 5.1.706.29690]
      [C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
      [C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 5.1.706.29690]
      [C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll] [Google, 5.1.706.29690]
      [C:\Program Files\Mozilla Firefox\components\nsbads.dll] [ , 4, 6, 2, 1]
      [C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll] [N/A, ]
      [C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll] [N/A, ]
      [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
      [C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
      [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.1.0 Basic ECC]
      [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.72]
      [C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll] [N/A, ]
      [C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\itew3x1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll] [N/A, ]
      [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.4]
      [C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [, ]
      [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102]
      [PID: 1800 / Propriétaire][C:\Program Files\eMule\emule.exe] 0.49.1 Unicode
      [C:\Program Files\eMule\lang\fr_FR.dll] 0.49.1
      [PID: 716 / Propriétaire][C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
      [PID: 436 / Propriétaire][C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\SREbe043cc3.EXE] [Smallfrogs Studio, 2.7.0.1210]
      [C:\Documents and Settings\Propriétaire\Local Settings\temp\kztechssuite-1\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

      ==================================
      File Associations
      .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
      .EXE OK. ["%1" %*]
      .COM OK. ["%1" %*]
      .PIF OK. ["%1" %*]
      .REG OK. [regedit.exe "%1"]
      .BAT OK. ["%1" %*]
      .SCR OK. ["%1" /S]
      .CHM OK. ["C:\WINDOWS\hh.exe" %1]
      .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
      .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
      .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
      .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
      .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
      .LNK OK. [{00021401-0000-0000-C000-000000000046}]

      ==================================
      Winsock Provider
      N/A

      ==================================
      Autorun.Inf
      N/A

      ==================================
      HOSTS File
      127.0.0.1 localhost

      ==================================
      Process Privileges Scan
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 932, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2628, C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE]
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2968, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE]
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1800, C:\PROGRAM FILES\EMULE\EMULE.EXE]
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 716, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SRENGLDR.EXE]
      Special Privileges Enabled: SeDebugPrivilege [PID = 436, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SREBE043CC3.EXE]
      Special Privileges Enabled: SeLoadDriverPrivilege [PID = 436, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\LOCAL SETTINGS\TEMP\KZTECHSSUITE-1\SREBE043CC3.EXE]

      ==================================
      Scheduled Tasks
      [Enabled] Vérifier les mises à jour de Windows Live Toolbar.job
      C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      [Enabled] Norton Security Scan.job
      C:\Program Files\Norton Security Scan\Nss.exe
      [Enabled] Maintenance en 1 clic.job
      C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      [Enabled] Connexion Facile à Internet.job
      C:\Program Files\Easy Internet signup\HPSdpApp.exe
      [Enabled] AppleSoftwareUpdate.job
      C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      [Enabled] WebReg 20081118064951.job
      c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

      ==================================
      API HOOK
      N/A

      ==================================
      Hidden Process
      N/A

      ==================================

      je suis invité ce soir je te dit a demain ou laisse moi un message pour la suite
      bye
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    fais analyser ce fichier :

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
    c:\windows\system32\drivers\iqhjsemw.sys
    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

    bonne soirée :)

    @+
    0
    1. SYLVIE81
       
      hello
      je ne trouve pas le dossier ou peut il etre?
      0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut sylvie essaie comme ca :

    Affiche tous les fichiers et dossiers :
    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    ensuite recherche a nouveau :

    c:\windows\system32\drivers\iqhjsemw.sys

    et fais le anaylser

    @+
    0
    1. SYLVIE81
       
      dans pano config je ne trouve pas :opion des dossiers?
      0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    alors ouvre n´importe quel dossier puis click sur l´onglet : outils > puis sur option des dossier puissur l´onglet affichage

    puis

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    ensuite recherche a nouveau :

    c:\windows\system32\drivers\iqhjsemw.sys

    et fais le anaylser

    @+
    0
    1. SYLVIE81
       
      slt ,g!rly
      quand je vais sur le site pour l'analyse il apparait ceci :
      error:unable to connect to database,the administror has already been notified ...
      j'ai recommenser plusieurs fois et c'est toujours pareille;
      tu as une autre solution?
      je reessayrais en attendant de tes nouvelles
      @+
      0
    2. SYLVIE81
       
      le site pour le scan c'est ouvert mais impossible de trouver le fichier
      windows system 32 drivers ighjsemw sys
      je ne me desespere pas je vais encore essaye
      @+
      0
    3. SYLVIE81
       
      quand je fais parcourir le dossier windows s'ouvre mais il n'y a que :ntdll.dll et smss.exe
      0
    4. SYLVIE81
       
      peux etre que je fais une mauvaise une manipulation quand je clic sur parcourir, windows s'ouvre et je trouve les deux trucs que je t'ais dit plus hauts bon a plus
      0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bon sylvie on va le supprimer car il me parait vraiment pas catholique de toute façon...

    Copie le texte ci-dessous :

    File::
    c:\WINDOWS\system32\btpanu.dll
    C:\TB.txt
    c:\windows\system32\drivers\iqhjsemw.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{087E56A7-6F5F-4A­85-A7A4-FCE7D97676E6}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87AFDEE-EF08-4E86-9684-F86B065E70C7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D31B763F-051F-4755-968B-C68775B8CF18}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D31B763F-051F-4755-968B-C68775B8CF18}]

    Driver::
    iqhjsemw

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. SYLVIE81
       
      COMBO NE VEUT PAS ME PRENDRE LE FICHIER IL DIT QU4IL EST MAL ECRIT
      CFSscript.txt.
      PEUT ETRE QU EN MINISCULE CA VA PASSE,
      je peux le faire tu croit
      0
    2. SYLVIE81
       
      bon je vais bosser 2 heures et je reviens laisse moi un message @+
      0
    3. SYLVIE81
       
      j'attend de tes nouvelles a bientot, car les enfants on besoin de l'ordi @+
      0
    4. SYLVIE81
       
      slt g!rly,
      j'ai fait le scan mais en l'ecrivant en miniscule ,il a marcher, je sais que l'on ne doit pas faire des choses sans l'avis d'expert ,mais je me suis dit que se ne serait pas trops grave
      donc voila les deux raport

      ComboFix 08-11-30.02 - Propriétaire 2008-12-05 7:01:38.6 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.361 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\cfscript.txt
      * Un nouveau point de restauration a été créé

      FILE ::
      C:\TB.txt
      c:\windows\system32\btpanu.dll
      c:\windows\system32\drivers\iqhjsemw.sys
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\TB.txt
      c:\windows\system32\btpanu.dll
      c:\windows\system32\drivers\iqhjsemw.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_IQHJSEMW
      -------\Service_iqhjsemw


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-05 au 2008-12-05 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-02 15:57 . 2008-12-04 16:35 53,946 --a------ c:\windows\system32\cont_adssite-remove.exe
      2008-12-01 14:40 . 2008-12-01 14:46 <REP> d-------- C:\Lop SD
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Simply Super Software
      2008-11-28 21:09 . 2008-11-28 21:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
      2008-11-28 21:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
      2008-11-28 21:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
      2008-11-28 21:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
      2008-11-28 21:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
      2008-11-28 21:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
      2008-11-28 20:45 . 2008-11-28 20:58 <REP> d-------- c:\program files\Navilog1
      2008-11-27 15:36 . 2008-11-27 15:36 670,208 --a------ c:\windows\system32\nsu111.dll
      2008-11-18 12:29 . 2008-11-18 12:29 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
      2008-11-18 12:25 . 2008-11-18 12:25 <REP> d-------- c:\windows\ERUNT
      2008-11-18 12:23 . 2008-11-18 12:50 <REP> d-------- C:\SDFix
      2008-11-16 14:34 . 2008-11-17 16:50 <REP> d-------- C:\ToolBar SD
      2008-11-16 13:39 . 2008-11-16 19:59 <REP> d-------- c:\program files\QUAD Utilities
      2008-11-12 21:39 . 2008-11-12 21:39 <REP> d-------- c:\program files\MSXML 4.0
      2008-11-12 07:21 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-11-12 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
      2008-11-05 10:54 . 2008-11-05 10:55 <REP> d-------- c:\program files\Photo Mania

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
      2008-12-05 06:07 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
      2008-12-04 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
      2008-12-03 15:38 --------- d-----w c:\program files\eMule
      2008-12-02 07:20 --------- d-----w c:\program files\Wanadoo
      2008-12-01 15:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-12-01 15:29 --------- d-----w c:\program files\Mystery Case Files - Madame Fate
      2008-12-01 14:31 --------- d-----w c:\program files\Mystery Case Files - Huntsville
      2008-11-28 20:12 --------- d-----w c:\program files\Trojan Remover
      2008-11-27 21:33 12,294 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
      2008-11-21 18:36 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Nokia Multimedia Player
      2008-11-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2008-11-16 13:58 --------- d-----w c:\program files\Trend Micro
      2008-11-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
      2008-11-05 09:49 --------- d-----w c:\program files\bfgclient
      2008-11-04 09:11 --------- d-----w c:\program files\Picasa2
      2008-11-04 08:11 --------- d-----w c:\program files\Jewelleria
      2008-11-03 12:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Valusoft
      2008-11-03 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\Valusoft
      2008-11-02 17:22 --------- d-----w c:\program files\Miss Teri Tale - Vote 4 Me
      2008-11-02 13:05 --------- d-----w c:\documents and settings\Propriétaire\Application Data\MysteryStudio
      2008-11-02 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Astar Games
      2008-11-02 12:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Big Fish Games
      2008-11-01 09:43 --------- d-----w c:\program files\Mystery Stories - Island of Hope
      2008-10-31 22:07 --------- d-----w c:\program files\world Mosaics
      2008-10-31 10:34 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
      2008-10-31 10:05 --------- d-----w c:\program files\Chocolatier
      2008-10-31 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
      2008-10-30 16:34 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Playrix Entertainment
      2008-10-30 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
      2008-10-30 08:47 --------- d-----w c:\program files\Mystery of Unicorn Castlev
      2008-10-30 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Farm Frenzy
      2008-10-30 07:57 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-30 07:57 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Desperate Housewives
      2008-10-30 07:53 --------- d-----w c:\program files\Chicken Chase
      2008-10-30 07:51 --------- d-----w c:\program files\Farm Frenzy
      2008-10-30 07:48 --------- d-----w c:\program files\Alwil Software
      2008-10-29 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
      2008-10-29 11:52 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Oberon Games
      2008-10-28 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
      2008-10-28 12:28 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FarmerJane
      2008-10-28 12:16 --------- d-----w c:\program files\Hot Dish
      2008-10-28 11:47 --------- d-----w c:\program files\Mystic Inn
      2008-10-28 10:13 --------- d-----w c:\program files\Sherlock Holmes - Le Mystere du Tapis Persan
      2008-10-28 08:31 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Seeds
      2008-10-27 15:54 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Alawar
      2008-10-27 11:52 --------- d-----w c:\program files\Farm Frenzy 2
      2008-10-27 11:48 --------- d-----w c:\program files\Beach Party Craze
      2008-10-27 11:22 --------- d-----w c:\documents and settings\Propriétaire\Application Data\blg
      2008-10-27 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\blg
      2008-10-27 09:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Friday's games
      2008-10-25 23:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Magic Academy
      2008-10-25 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-23 13:40 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Jamdat
      2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
      2008-10-18 16:48 --------- d-----w c:\program files\Micro Application
      2008-10-18 09:32 --------- d-----w c:\documents and settings\Propriétaire\Application Data\PlayFirst
      2008-10-18 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
      2008-10-16 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
      2008-10-15 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Beep Industries
      2008-10-11 13:25 --------- d-----w c:\program files\Ulead Systems
      2008-10-07 14:30 --------- d-----w c:\program files\Gamenext
      2008-10-07 13:28 --------- d-----w c:\program files\Oberon Media
      2008-10-07 12:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BeachPartyCraze
      2008-10-07 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
      2008-10-07 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
      2008-10-06 13:27 --------- d-----w c:\program files\Azureus
      2008-09-24 11:35 126,488 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2007-10-09 19:13 2,539,808 ------w c:\program files\DVDFabHDDecrypter3200.exe
      2007-10-06 13:09 774,144 ------w c:\program files\RngInterstitial.dll
      2008-02-21 15:10 601,600 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
      2007-06-05 15:33 32 -csha-w c:\windows\{42F21F2F-7EA5-40F2-AE8B-8DA531F8D6B8}.dat
      2007-07-01 09:31 0 -csha-w c:\windows\SMINST\HPCD.sys
      2007-06-05 15:33 32 --sha-w c:\windows\system32\{82BB5DD5-8CA0-400D-9149-38C06497D300}.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-12-01_14.59.03,53 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
      + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
      - 2008-11-10 10:10:05 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
      + 2008-12-01 18:50:47 15,086 ----a-r c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
      - 2008-07-18 20:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
      + 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
      - 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
      + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
      - 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
      + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
      - 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
      + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
      - 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
      + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
      - 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
      + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
      - 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
      + 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
      - 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
      + 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
      - 2008-07-18 20:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
      + 2008-10-16 13:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
      - 2008-07-18 20:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
      + 2008-10-16 13:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
      + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
      + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
      - 2008-07-18 20:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
      + 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
      - 2008-07-18 20:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
      + 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
      - 2008-07-18 20:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
      + 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
      - 2008-07-18 20:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
      + 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
      - 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\wups.dll
      + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
      - 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
      + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
      - 2008-07-18 20:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
      + 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
      + 2008-12-05 06:08:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_508.dat
      .
      -- Instantané actualisé --
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0}]
      2008-11-27 15:36 670208 --a------ c:\windows\system32\nsu111.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
      "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
      "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
      "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [BU]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
      "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2007-06-05 190024]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
      "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]
      "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
      "ItsTV"="c:\program files\ItsLabel\ItsTV.exe" [2007-04-26 2908160]
      "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
      "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
      2006-03-09 12:46 73728 c:\windows\system32\UmxWNP.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
      backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
      backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2006-08-30 95232]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 110160]
      R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2006-09-26 68096]
      R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2006-09-26 46080]
      R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2006-10-26 105984]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
      R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2006-10-30 112128]
      R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2006-09-26 67584]
      R2 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" [2005-07-15 139264]
      R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2006-09-25 75008]
      S4 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
      S4 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
      S4 UmxPol;HIPS Policy Manager; []

      *Newly Created Service* - IQHJSEMW
      .
      Contenu du dossier 'Tâches planifiées'

      2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2007-10-22 c:\windows\Tasks\Connexion Facile à Internet.job
      - c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-15 22:37]

      2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

      2008-11-28 c:\windows\Tasks\Norton Security Scan.job
      - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

      2008-12-05 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

      2008-11-18 c:\windows\Tasks\WebReg 20081118064951.job
      - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-05 07:08:17
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(536)
      c:\windows\system32\Ati2evxx.dll
      c:\windows\system32\UmxWnp.Dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\ati2evxx.exe
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\ati2evxx.exe
      c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\windows\system32\FTRTSVC.exe
      c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
      c:\program files\MioNet\MioNetManager.exe
      c:\program files\MioNet\jvm\bin\MioNet.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-12-05 7:14:19 - La machine a redémarré [Propriétaire]
      ComboFix-quarantined-files.txt 2008-12-05 06:14:16
      ComboFix2.txt 2008-12-02 07:22:04
      ComboFix3.txt 2008-12-01 14:06:53
      ComboFix4.txt 2008-12-01 14:00:28

      Avant-CF: 26 667 192 320 octets libres
      Après-CF: 26,801,917,952 octets libres

      289 --- E O F --- 2008-11-12 20:43:43


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 07:16:44, on 05/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\MioNet\MioNetManager.exe
      C:\Program Files\MioNet\jvm\bin\MioNet.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=03&PURCH_DT_DAY=30&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB4081G3R&modelID=DW121A&LF=blue
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
      O2 - BHO: adssite - {21fd0b23-527d-0da7-4bf1-f33dfc5f2dd0} - C:\WINDOWS\system32\nsu111.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [ItsTV] ; "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [WOOWATCH] ; C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ccleaner] ; "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
      O4 - HKCU\..\Run: [WOOKIT] ; C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] ; C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MessengerPlus3] ; "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O24 - Desktop Component 0: (no name) - http://pics.centerblog.net/pic/pourleplaisir72/zdhqdnj0.jpg
      0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    prends le script ici :

    http://sd-1.archive-host.com/membres/up/1366464061/cfscript.rar

    dezip le sur ton bureau et :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScriptB-4.gif
    0
  • 1
  • 2