[Infections ? SweetPcFix et autres...]

Bon boulot

héberger tous les rapports sur Cjoint stp

 

 

C'est fait, j'ai modifié l'hébergement du rapport

 

Merci encore pour ta rapidité de réponses.

 

Je te souhaite une excellente fin de journée.

[Infections ? SweetPcFix et autres...]

Voici le dernier rapport ZHPDiag :

 

Lien CJoint.com BEgsOGb77ha

 

ZHPDiag

 

 

Merci pour ces analyses ...

[Infections ? SweetPcFix et autres...]

Voici le rapport de ZHPFix :

 

ZHPFix

 

+++++++++++++++++++++++++++++++++++++

 

et celui de SFT : SFT

Lien CJoint.com BEgsEWjCxEH

 

Je suis en train de refaire un ZHP et je mettrais ensuite le rapport...

 

A suivre et encore merci.

[Infections ? SweetPcFix et autres...]

Voici la réponse et le fichier d'analyse /

 

Lien CJoint.com BEgsbOQYMGK

 

adwcleaner

[Infections ? SweetPcFix et autres...]

C'est parti .... Merci

[Infections ? SweetPcFix et autres...]

Bonjour, cet après-midi ma fille a installé sweetpcfix. Je crois comprendre que cette " merde " s'est installée dans firefox, messenger... et bien sur impossible de le supprimer.

 

J'ai fais un premier scan avec malwarebytes qui m'a détecté : " RiskWare.Tool.CK ". J'ai fais suppression t j'ai redémarré le PC.

 

J'ai ensuite installé ZHPDiag et j'ai fais un scan donc voici le résultat.

 

rapport ZHPDiag

 

Merci a celui ou celle qui prendra le temps de m'aider.

 

PS : pour info j'ai aussi un probléme de désinstallation de Messenger plus commmunity smartbar...

[[Résolu] Infection par « sanker virus » ?]

Merci.Si vous estimez votre problème résolu, éditez l'en tête de votre premier message en choisissant l'option "utiliser l'éditeur complet" et y indiquez Résolu pour que ceux qui la recherchent y trouvent une solution.

 

J'ai trouvé " utiliser l'éditeur complet " mais impossible d'éditer le titre... je ne sais pas comment faire

[[Résolu] Infection par « sanker virus » ?]

Oui, vous remercier encore une fois et vous souhaiter une bonne fin de semaine.

[[Résolu] Infection par « sanker virus » ?]

Bonjour pear,

 

je viens d'effectuer la manoeuvre demandée. A la fin de l'analyse, je ne savais pas s'il fallait redémarrer le Pc ou seulement le programme. J'ai opté pour le PC...

 

voici le rapport d'analyse de suppression :

 

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011

Fichier d'export Registre :

Run by Pascal et Valerie at 15/02/2012 11:29:15

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Web site : ZHPFix Fix de rapport

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

 

========== Logiciel(s) ==========

ABSENT Uninstall Process: c:\program files\vshare\uninstall.exe

SUPPRIME Everest Poker.fr (Remove Only)

ABSENT Uninstall Process: c:\program files\pokerstars.fr\pokerstarsuninstall.exe

 

========== Clé(s) du Registre ==========

SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.fr]

ABSENT Key: CLSID BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT CLSID PAPP: {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

SUPPRIME Key: HKCU\Software\Grand Virtual

SUPPRIME Key: HKCU\Software\StartSearch

ABSENT Key: HKCU\Software\vShare

SUPPRIME Key: StartupReg: rundll32

SUPPRIME Key: SearchScopes :{043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT Key: HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome

ABSENT Key: HKLM\Software\Classes\vShare.IMedixProtocol

ABSENT Key: HKLM\Software\Classes\vShare.IMedixProtocol.1

ABSENT Key: HKLM\Software\Classes\vShare.PugiObj

ABSENT Key: HKLM\Software\Classes\vShare.PugiObj.1

ABSENT Key: HKLM\Software\Classes\vShare.ScriptHelpers

ABSENT Key: HKLM\Software\Classes\vShare.ScriptHelpers.1

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT Key: HKLM\Software\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

SUPPRIME Key: HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

SUPPRIME Key: HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

ABSENT Key: HKLM\Software\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

SUPPRIME Key: HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

ABSENT Key: HKLM\Software\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

ABSENT Key: HKLM\Software\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare

SUPPRIME Key: HKLM\Software\Classes\AppID\YontooIEClient.DLL

SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Api

SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Api.1

SUPPRIME Key: HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

ABSENT Key: HKLM\Software\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

SUPPRIME Key: HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

SUPPRIME Key: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}

SUPPRIME Key: HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

SUPPRIME Key: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

SUPPRIME Key: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}

SUPPRIME Key: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}

SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

SUPPRIME Key: HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

SUPPRIME Key: HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

SUPPRIME Key: HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin

 

========== Valeur(s) du Registre ==========

ABSENT Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF}

SUPPRIME {4DD2BAEC-2736-4553-B006-8B9E7A513E27}

SUPPRIME {967F1050-1783-462E-80F1-2F4BC8E5A7E4}

 

========== Préférences navigateur ==========

SUPPRIME Mozilla Pref: user_pref("extensions.facemoods.aflt", "_#ddrnw");

SUPPRIME Mozilla Pref: user_pref("extensions.facemoods.firstRun", false);

SUPPRIME Mozilla Pref: user_pref("extensions.facemoods.lastActv", "1");

SUPPRIME Mozilla Pref: user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);

 

========== Dossier(s) ==========

ABSENT C:\Program Files\vShare

ABSENT C:\Program Files\Everest Poker.fr

SUPPRIME Folder: C:\Program Files\PokerStars.FR

SUPPRIME Folder: C:\ProgramData\regid.1986-12.com.adobe

SUPPRIME Folder: C:\Users\Pascal et Valerie\AppData\Local\PokerStars.FR

SUPPRIME Folder: c:\users\pascal et valerie\appdata\locallow\facemoods.com

SUPPRIME Flash Cookies: 18

SUPPRIME Temporaires Windows: : 82

 

========== Fichier(s) ==========

SUPPRIME File: c:\users\pascal et valerie\appdata\roaming\mozilla\firefox\profiles\6wtaz635.default\searchplugins\mystart search.xml

SUPPRIME File: c:\users\pascal et valerie\appdata\roaming\mozilla\firefox\profiles\6wtaz635.default\searchplugins\web-search.xml

ABSENT File: c:\program files\vshare\vshare_toolbar.dll

SUPPRIME File: c:\users\pascal et valerie\appdata\local\temp\rundll32 .exe

ABSENT File: c:\users\pascal et valerie\appdata\local\temp\rundll32 .exe

ABSENT Folder/File: c:\users\pascal et valerie\appdata\local\temp\rundll32 .exe

ABSENT Folder/File: c:\program files\vshare

ABSENT Folder/File: c:\users\pascal et valerie\appdata\locallow\vshare

ABSENT Folder/File: c:\users\pascal et valerie\appdata\roaming\mozilla\firefox\profiles\6wtaz635.default\searchplugins\mystart search.xml

ABSENT Folder/File: c:\users\pascal et valerie\appdata\roaming\mozilla\firefox\profiles\6wtaz635.default\searchplugins\web-search.xml

SUPPRIME File: c:\users\pascal et valerie\appdata\roaming\microsoft\internet explorer\quick launch\pokerstars.fr.lnk

SUPPRIME File: c:\program files\pokerstars.fr\pokerstarsupdate.exe

SUPPRIME Flash Cookies: 12

SUPPRIME Temporaires Windows: : 129

 

========== Tache planifiée ==========

SUPPRIME Task: {5156BFCA-3790-4D1D-93F8-707E523B0412}

SUPPRIME Task: {559800DD-8B53-42BF-A815-2794EB5E65BC}

SUPPRIME Task: {A29136D5-7FBE-4259-85F0-5E8CB6BA513A}

 

========== Autre ==========

NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)

NON TRAITE PROCESSUS SUPERFLU DU SYSTEME

NON TRAITE TOOLBAR INUTILE (Navigateur internet)

NON TRAITE PROCESSUS INUTILE (Au démarrage du système)

 

 

========== Récapitulatif ==========

48 : Clé(s) du Registre

3 : Valeur(s) du Registre

8 : Dossier(s)

14 : Fichier(s)

3 : Logiciel(s)

4 : Préférences navigateur

3 : Tache planifiée

4 : Autre

 

 

End of clean in 01mn 23s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 15/02/2012 11:29:15 [7396]

 

 

Merci encore

[[Résolu] Infection par « sanker virus » ?]

Bonsoir pear et merci de prendre le temps d'analyser mon problème. Voici le rapport "complet" en suivant votre procédure... Rapport de ZHPDiag

 

Merci d'avance...

[[Résolu] Infection par « sanker virus » ?]

Bonjour, depuis cet après-midi par deux fois mon navigateur Firefox s'est ouvert tout seul avec de la pub "pornographique , et j'ai aussi eu un fichier texte qui s'est ouvert avec du texte peu recommandable.

 

Je pense être infecté mais étant novice... j'ai fait une analyse en ligne automatique HijackThis et j'ai relevé le terme "SANKER VIRUS".

 

Je viens de faire une analyse avec ZHPDiag et voici le rapport (merci d'avance pour votre aide) :

 

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012

Run by Pascal et Valerie at 14/02/2012 16:37:32

Web site : ZHPDiag Outil de diagnostic

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

State : Version à jour.

 

Boot mode: Normal (Normal boot)

Logged in as Administrator

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 10.0.1 v10.0.1 (Defaut)

 

---\\ Processus lancés

[MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.3572]

[MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3744552] [PID.3688]

[MD5.0EC3534EB20917A65C548B2D1994E12B] - (.Driver-Soft Inc. - Driver Genius Task Scheduler.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe [284016] [PID.3744]

[MD5.41D1214B86A06FD29423A797EBDA17E4] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.3752]

[MD5.46945BD383884ACB256F787301798610] - (.IDT, Inc. - IDT PC Audio - SHANGHAI DEVELOPMENT CENTER.) -- C:\Program Files\IDT\WDM\sttray.exe [450660] [PID.3828]

[MD5.30183A68E8EFDE4CB7D65C815081DADA] - (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Messenger Plus!\PlusService.exe [801792] [PID.3904]

[MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3912]

[MD5.5300552AC15F1A877C4B6BB6512AD1FD] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288] [PID.3964]

[MD5.5FA96C9E33183627BB6EA2E0124A65BE] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624] [PID.4060]

[MD5.4D44112928BA1B3F7D5F7C3BF871FCAF] - (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2uvc.exe [675840] [PID.2504]

[MD5.968EA694E2E63A96D6E517CE973E49A9] - (.Pas de propriétaire - FreeMi UPnP Media Server.) -- C:\Program Files\FreeMi UPnP Media Server\FreeMi UPnP Media Server.exe [93184] [PID.2604]

[MD5.CEA0461AAE4B8B6216F164501B1B5A10] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912] [PID.2888]

[MD5.2E6CC5DEAEBFDDAE98D1FCB6BA2BAE61] - (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392] [PID.3364]

[MD5.61F5A23510D46FE7C02931604AFC8407] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE [149784] [PID.1596]

[MD5.316F1706417F82AF97D1E149A19E6D3E] - (.Logitech, Inc. - SetPoint User Interface (UNICODE).) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe [453400] [PID.916]

[MD5.10929F55A6CA805C16F2722F27AE21FE] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4892]

[MD5.681399A40CECE6D86ECFB5C1482E35BC] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.4120]

[MD5.B8F49232247D0825B2B82E08A9E10753] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [981680] [PID.5848]

[MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.4016]

~ Scan Processes Running in 00mn 00s

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Pascal et Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\6wtaz635.default\prefs.js

C:\Users\Pascal et Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\6wtaz635.default\user.js

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Users\Pascal et Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\6wtaz635.default\searchplugins\bing.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Users\Pascal et Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\6wtaz635.default\searchplugins\MyStart Search.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Users\Pascal et Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\6wtaz635.default\searchplugins\web-search.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Pascal et Valerie] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M0 - MFSP: prefs.js [Pascal et Valerie - 6wtaz635.default] [ MétéoFrance ]

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\fr-FR@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique» v3.5 (.Olivier R..)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\ietab@ip.cn] [] IE Tab Plus v1.2.0.13 (.quaful@msn.com.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\illimitux@illimitux.net] [illimitux] Illimitux v1.2.0.13 (.Illimitux.net.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\noia2_option@kk.noia] [] Noia 2.0 eXtreme OPT v3.76 (.Kongkeat Kuatrakull / Gerard Durand.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\personas@christopher.beard] [personas] Personas v1.6.2 (.Chris Beard.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\vshare@toolbar] [] vShare v1.0.0 (.vShare.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{0b457cAA-602d-484a-8fe7-c1d894a011ba}] [] FireShot v0.96 (.Eugene G. Suslikov.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{37E4D8EA-8BDA-4831-8EA1-89053939A250}] [] PDF Download v3.0.0.2 (.Nitro PDF, Inc..)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{77b819fa-95ad-4f2c-ac7c-486b356188a9}] [] IE Tab v1.5.20090525 (.Hong Jen Yee (PCMan).)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}] [] Noia 2.0 (eXtreme) v3.76 (.Kongkeat Kuatrakull.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}] [] OpenBook v3.76 (.chuonthis.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.8 (.Michel Gutierrez.)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}] [] Adobe DLM (powered by getPlus®) v1.6.2.99 (.NOS Microsystems Ltd..)

M2 - MFEP: prefs.js [Pascal et Valerie - 6wtaz635.default\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] [greasemonkey] Greasemonkey v0.9.17 (.Aaron Boodman; http://youngpup.net/.)

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll

P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.3.633.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_29 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60831.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3538.0513] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.Pas de propriétaire - Photodex Presenter Plugin 4,52,0,3053.) -- C:\Program Files\Photodex Presenter\npPxPlay.dll

P2 - FPN: [HKLM] [@SonyCreativeSoftware.com/Media Go,version=1.0] - (.Sony Media Software and Services Inc - 1.4.) -- C:\Program Files\Sony\Media Go\npmediago.dll

P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.19] - (.Veetle Inc - Version 0.9.19, Copyright 2006-2012 Veetle Inc<br><a href="http://www..'>http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll

P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll

P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.11] - (.the VideoLAN Team - Version 1.1.11, copyright 1996-2011 The VideoLAN Team<br><a href="http.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

~ Scan Firefox Browser in 00mn 00s

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - Snagit Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - Snagit Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll

~ Scan Toolbar in 00mn 00s

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKLM\..\Run: [TaskTray] . (.Driver-Soft Inc. - Driver Genius Task Scheduler.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe

O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio - SHANGHAI DEVELOPMENT CENTER.) -- C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Run: [snp2uvc] . (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2uvc.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [FreeMi UPnP Media Server] . (.Pas de propriétaire - FreeMi UPnP Media Server.) -- C:\Program Files\FreeMi UPnP Media Server\FreeMi UPnP Media Server.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

O4 - HKCU\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe

O4 - HKCU\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [rundll32] . (.Pas de propriétaire - Google.) -- C:\Users\Pascal et Valerie\AppData\Local\Temp\rundll32 .exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [FreeMi UPnP Media Server] . (.Pas de propriétaire - FreeMi UPnP Media Server.) -- C:\Program Files\FreeMi UPnP Media Server\FreeMi UPnP Media Server.e

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKUS\S-1-5-21-2668000840-2953918501-2796309616-1004-2668000840-2953918501-2796309616-1001\..\Run: [rundll32] . (.Pas de propriétaire - Google.) -- C:\Users\Pascal et Valerie\AppData\Local\Temp\rundll32 .exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\UpdatusUser\Desktop\DVD Shrink 3.2.lnk . (.DVD Shrink.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\adsl TV.lnk . (.adsl TV / FM.) -- C:\Program Files\adslTV\adsltv.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\Downloads.lnk . (...) -- C:\Users\Pascal et Valerie\Downloads

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\musique pascal - Raccourci.lnk . (...) -- C:\Users\Pascal et Valerie\Music\musique pascal

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\PHOTOS PERSO - Raccourci.lnk . (...) -- C:\Users\Pascal et Valerie\Pictures\PHOTOS PERSO

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\TENNIS - Raccourci.lnk . (...) -- C:\Users\Pascal et Valerie\Documents\TENNIS

O4 - Global Startup: C:\Users\Pascal et Valerie\Desktop\VirtualDJPortable.exe - Raccourci.lnk . (.PortableAppZ.blogspot.com.) -- C:\Users\Pascal et Valerie\Downloads\virtual dj v7 portable\VirtualDJPortable\VirtualDJPortable.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comic Life.lnk . (.plasq.) -- C:\Program Files\plasq\Comic Life\Comic Life.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Messaging.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.fr.lnk . (.PokerStars.) -- C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ProShow Producer.lnk . (.Photodex.) -- C:\Program Files\Photodex\ProShowProducer\proshow.exe

O4 - Global Startup: C:\Users\Pascal et Valerie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk . (.Samsung.) -- C:\Program Files\Samsung\Kies\Kies.exe

O4 - Global Startup: C:\Users\Mcx1-PORTABLEFAMILLE\Desktop\DVD Shrink 3.2.lnk . (.DVD Shrink.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe

~ Scan Global Startup in 00mn 00s

 

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ Scan IE Control Panel in 00mn 00s

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~4\Office12\EXCEL.exe

~ Scan IE Menu Contextuel in 00mn 00s

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)

O9 - Extra button: PokerStars.fr - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

~ Scan Winsock in 00mn 00s

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

~ Scan Objets ActiveX in 00mn 00s

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F47007FA-58E7-49B4-9F94-51C643BDD64A}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{E50515CA-848E-4D5F-800A-0928B48AA8E1}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{F47007FA-58E7-49B4-9F94-51C643BDD64A}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{F47007FA-58E7-49B4-9F94-51C643BDD64A}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS3\Services\Tcpip\..\{F47007FA-58E7-49B4-9F94-51C643BDD64A}: DhcpNameServer = 192.168.1.254

~ Scan Domain in 00mn 00s

 

---\\ Protocole additionnel (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

~ Scan Winlogon in 00mn 00s

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FileOpenManagerSvc (FileOpenManagerSvc) . (.FileOpen Systems Inc. - FileOpen Manager Service (Hooker).) - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe

O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio - SHANGHAI DEVELOPMENT CENTER.) - C:\Program Files\IDT\WDM\stacsv.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

~ Scan Services in 00mn 00s

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

End of the scan (334 lines in 00mn 02s)(0)

 

Merci...

[Suppression par erreur du dossier " outils systéme " (RESOLU]

Bonjour, j'ai réglé mon probléme. J'ai pu accéder à la restauration du systéme par l'intermédiaire de la commande démarrer -- aide et support. Merci quand même pour ta réponse.

[Suppression par erreur du dossier " outils systéme " (RESOLU]

Bonjour,

en allant sur Démarrer -- Tous les programmes -- Accessoires , j'ai par erreur supprimé le dossier " Outils systéme " . Ce dernier ne figure pas dans la corbeille et je ne sais pas comment le récupérer. Je pense bien à une restauration du systéme, mais je n'ai plus accés à cette fonction (qui était dans le dossier en question).

Merci d'avance à celui qui pourra me résoudre ce probléme.

[Probléme firefox....shockwave flash.]

Merci à toi.

[Probléme firefox....shockwave flash.]

Bonjour Malekal_morte et encore une fois merci. Je pense que mon probléme est résolu puisque j'ai pu visionner une vidéo sur youtube sans planter firefox.

J'ai été exposer mon probléme sur le forum Malware-Complaints, mais ne connaissant pas le nom de ce qui m'a infecté ce n'est pas évident....

 

Merci encore et bonne continuation pour les autres....car moi j'espére avoir un peu de tranquilité.....

[Probléme firefox....shockwave flash.]

Bonjour, avant d'attaquer ta procédure, j'ai viré de mon pc tous les fichiers temporaires, et autres fichiers de sauvegarde de configuration de firefox.

 

voici les résultats des divers scans demandés. Je voudrais tout d'abord te préciser que lorsque j'ai été dans le dossier WINDOWS\system32 je n'ai pas vu les fichiers

 

- wvjpdmf.dat

- wvjpdmf\nav.dat

- wvjpdmf\navps.dat

 

Le seul fichier présent que j'ai supprimé était wvjpdmf.exe (aucune trace des autres)

 

Scan Kaspersky :

--------------

 

Friday, August 25, 2006 5:14:46 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 25/08/2006

Kaspersky Anti-Virus database records: 205408

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

C:\

D:\

E:\

G:\

H:\

I:\

J:\

K:\

L:\

Scan Statistics

Total number of scanned objects 125827

Number of viruses found 1

Number of infected objects 2 / 0

Number of suspicious objects 0

Duration of the scan process 02:09:32

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\call256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\chat512.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\index2.dat Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\user1024.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\user4096.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Application Data\Skype\rubipas\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Pascal\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\infected.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\Working\database_9CF4_B882_F4B8_5FE6\dfsr.db Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\Working\database_9CF4_B882_F4B8_5FE6\fsr.log Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Messenger\rubipas@hotmail.com\SharingMetadata\Working\database_9CF4_B882_F4B8_5FE6\tmp.edb Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows Live Contacts\rubipas@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Historique\History.IE5\MSHist012006082520060826\index.dat Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF2921.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF2964.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF4A11.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF4CA5.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF52D9.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF545F.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF5763.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF576E.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF5891.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF5916.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DF598C.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~DFCDA3.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temp\~WRF0000.tmp Object is locked skipped

C:\Documents and Settings\Pascal\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pascal\Mes documents\A.S. SAVIGNY FOOTBALL\SECRETARIAT\SAISON 2006 - 2007\2006-13 concordance et alternance match 2006 2007.doc Object is locked skipped

C:\Documents and Settings\Pascal\ntuser.dat Object is locked skipped

C:\Documents and Settings\Pascal\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-08-25.14-52-59.log Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\infected\OYGX12AA.NQF Infected: P2P-Worm.Win32.Kapucen.b skipped

C:\Program Files\ESET\infected\YECYQIAA.NQF Infected: P2P-Worm.Win32.Kapucen.b skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd7693.sys Object is locked skipped

C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

 

ewido anti-spyware - Scan Report :

--------------------------------

 

+ Created at: 14:50:03 25/08/2006

 

+ Scan result:

 

 

 

:mozilla.14:C:\Program Files\Wanadoo\Config\Pascal RUBIRA\Firefox\cookies.txt -> TrackingCookie.Estat : No action taken.

 

 

::Report end

 

 

 

Rapport Clean :

-------------

 

Script clean par Malekal_morte - http://www.malekal.com

 

Microsoft Windows XP [version 5.1.2600]

Script execute en mode sans echec

 

*** Suppression de fichiers sur C:

 

*** Suppression des fichiers dans C:\WINDOWS\

 

*** Suppression des fichiers dans C:\WINDOWS\system32

 

 

*** Suppression des clefs du registre effectuee..

 

 

Contenu du fichier : C:\egd.txt :

-------------------------------

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"

"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

@=""

"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"Logitech Utility"="Logi_MwX.Exe"

"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"

"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"

"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"

"wvjpdmf"="c:\\windows\\system32\\wvjpdmf.exe wvjpdmf"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

Rapport BlackLight :

------------------

 

08/25/06 17:20:50 [info]: BlackLight Engine 1.0.46 initialized

08/25/06 17:20:50 [info]: OS: 5.1 build 2600 (Service Pack 2)

08/25/06 17:20:51 [Note]: 7019 4

08/25/06 17:20:51 [Note]: 7005 0

08/25/06 17:20:55 [Note]: 7006 0

08/25/06 17:20:55 [Note]: 7011 1756

08/25/06 17:20:55 [Note]: 7026 0

08/25/06 17:20:55 [Note]: 7026 0

08/25/06 17:21:05 [Note]: FSRAW library version 1.7.1019

08/25/06 17:27:31 [Note]: 7007 0

 

 

Rapport HijackThis :

------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 17:28:28, on 25/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\rubi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [wvjpdmf] c:\windows\system32\wvjpdmf.exe wvjpdmf

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: Intégration de Cordial dans Outlook Express.lnk = C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm

O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)

O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)

O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141650159562

O17 - HKLM\System\CS1\Services\Tcpip\..\{2D2D0706-2E52-474C-BDC2-D9E5E52C0624}: NameServer = 212.151.137.166 212.151.136.242

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

 

 

Ca a été un peu long, mais j'y suis arrivé.......

 

En attendant une réponse.....merci encore.

------------------

[Probléme firefox....shockwave flash.]

Bonsoir Malekal_morte et merci pour ta premiére réponse. Je viens de faire le scan avec F-Secure Blacklight et voici le résultat :

 

 

08/24/06 20:48:12 [info]: BlackLight Engine 1.0.46 initialized

08/24/06 20:48:12 [info]: OS: 5.1 build 2600 (Service Pack 2)

08/24/06 20:48:12 [Note]: 7019 4

08/24/06 20:48:12 [Note]: 7005 0

08/24/06 20:48:25 [Note]: 7006 0

08/24/06 20:48:25 [Note]: 7011 1784

08/24/06 20:48:25 [Note]: 7026 0

08/24/06 20:48:25 [Note]: 7026 0

08/24/06 20:48:25 [Note]: 7024 3

08/24/06 20:48:25 [info]: Hidden process: C:\windows\system32\wvjpdmf.exe

08/24/06 20:48:25 [Note]: FSRAW library version 1.7.1019

08/24/06 20:49:32 [Note]: 4013 47374

08/24/06 20:49:32 [Note]: 4020 235 17367040

08/24/06 20:49:32 [Note]: 4018 235 17367040

08/24/06 20:49:32 [Note]: 4013 47374

08/24/06 20:49:32 [Note]: 4020 235 17367040

08/24/06 20:49:32 [Note]: 4018 235 17367040

08/24/06 20:54:11 [info]: Hidden file: c:\WINDOWS\Prefetch\WVJPDMF.EXE-1A5703D7.pf

08/24/06 20:54:11 [Note]: 10002 1

08/24/06 20:54:28 [info]: Hidden file: c:\WINDOWS\system32\wvjpdmf.dat

08/24/06 20:54:28 [Note]: 10002 1

08/24/06 20:54:29 [info]: Hidden file: C:\windows\system32\wvjpdmf.exe

08/24/06 20:54:29 [Note]: 10002 1

08/24/06 20:54:30 [info]: Hidden file: c:\WINDOWS\system32\wvjpdmf_nav.dat

08/24/06 20:54:30 [Note]: 10002 1

08/24/06 20:54:31 [info]: Hidden file: c:\WINDOWS\system32\wvjpdmf_navps.dat

08/24/06 20:54:31 [Note]: 10002 1

08/24/06 20:55:39 [Note]: 7007 0

 

 

Merci de continuer à m'aider.....

[Probléme firefox....shockwave flash.]

Bonjour, sur les conseils de régis56, je viens de terminer la procédure d'analyse de mon pc. Mon probléme est le suivant : depuis quelques jours (et je pense aprés l'installation et la désinstallation du logiciel internetgamebox) mon navigateur firefox ne supporte plus, entre autre, d'aller sur des sites de visionnage de vidéos du style " Youtube". Aprés quelques secondes de visionnage, firefox se plante et le message suivant apparaît :

 

J'ai dans un premier temps essayé ad-aware puis spybot sans succés. Voici donc les résultats des analyses :

 

Analyse Antivir en mode sans échec

 

 

 

AntiVir PersonalEdition Classic

Report file date: jeudi 24 août 2006 13:51

 

Scanning for 486159 virus strains and unwanted programs.

 

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Pascal

Computer name: SN400076190009

 

Version informations:

AVSCAN.EXE : 7.0.0.42 557096 24/08/2006 08:22:54

AVSCAN.DLL : 7.0.0.42 53288 24/08/2006 08:22:54

LUKE.DLL : 7.0.0.42 118824 24/08/2006 08:22:55

LUKERES.DLL : 7.0.0.42 25640 24/08/2006 08:22:55

ANTIVIR0.VDF : 6.35.0.1 7371264 24/08/2006 08:22:53

ANTIVIR1.VDF : 6.35.1.122 1270784 24/08/2006 08:22:53

ANTIVIR2.VDF : 6.35.1.123 2048 24/08/2006 08:22:53

ANTIVIR3.VDF : 6.35.1.136 35840 24/08/2006 08:22:53

AVEWIN32.DLL : 7.1.1.2 1782272 24/08/2006 08:22:54

AVPREF.DLL : 7.0.0.1 49192 24/08/2006 08:22:54

AVREP.DLL : 6.35.1.124 774184 24/08/2006 08:22:54

AVRPBASE.DLL : 7.0.0.0 2162728 24/08/2006 08:22:54

AVPACK32.DLL : 7.1.0.1 335912 24/08/2006 08:22:54

AVREG.DLL : 6.31.0.90 27688 24/08/2006 08:22:54

NETNT.DLL : 6.32.0.0 6696 24/08/2006 08:22:55

NETNW.DLL : 6.32.0.0 9768 24/08/2006 08:22:55

RCIMAGE.DLL : 7.0.0.71 1642536 24/08/2006 08:22:57

RCTEXT.DLL : 7.0.0.75 77864 24/08/2006 08:22:57

 

Configuration settings for the scan:

Jobname: '%s'.................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: C

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,

Macro heuristic...............: 1

File heuristic................: 3

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: jeudi 24 août 2006 13:51

 

 

The scan over running processes will be started

13 Processes was scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 35 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Pascal\ntuser.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Pascal\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\DEFAULT

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SOFTWARE

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SYSTEM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\dtscsi.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd7693.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\vaxscsi.sys

[WARNING] The file could not be opened!

 

 

End of the scan: jeudi 24 août 2006 15:57

Used time: 2:06:08 min

 

The scan has been done completely.

 

10049 Scanning directories

369403 Files were scanned

0 viruses and/or unwanted programs was found

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

8417 Archives were scanned

23 Warnings

2 Notes

 

 

Analyse HijackThis (à la racine)

 

Logfile of HijackThis v1.99.1

Scan saved at 16:09:16, on 24/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HijackThis\rubi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: Intégration de Cordial dans Outlook Express.lnk = C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm

O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)

O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)

O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141650159562

O17 - HKLM\System\CS1\Services\Tcpip\..\{2D2D0706-2E52-474C-BDC2-D9E5E52C0624}: NameServer = 212.151.137.166 212.151.136.242

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

 

Merci d'avance pour votre aide.

[Demande d'aide suite probléme shockwave flash]

Bonjour, depuis quelques temps lorsque je vais sur le site youtube (vidéos) avec mon navigateur firefox,

ce denrier se plante et j'ai le message suivant qui apparait : shockwave flash : Le plugin a effectué une opération illégale.

 

J'ai fais des mises à jour, j'ai passé ad-aware et spybot....rien à faire. Je suis certain d'avoir chopé une cochonnerie mais je n'arrive pas à trouver de solution. Je m'en remet donc à vous pour m'aider. Voici p=mon rapport hijackthis. D'aprés la lecture de certains forums, il se peut que mon probléme vienne du fait que j'ai téléchargé internetgamebox (jeux gratuits).

 

 

En vous remerciant d'avance.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:53:10, on 23/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\msncall.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

C:\Documents and Settings\Pascal\Mes documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: Intégration de Cordial dans Outlook Express.lnk = C:\Program Files\Cordial\DLL_32\Integration de Cordial dans Outlook Express.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm

O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)

O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)

O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141650159562

O17 - HKLM\System\CS1\Services\Tcpip\..\{2D2D0706-2E52-474C-BDC2-D9E5E52C0624}: NameServer = 212.151.137.166 212.151.136.242

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe