Aller au contenu

ZBM

Membres
  • Compteur de contenus

    27
  • Inscription

  • Dernière visite

Tout ce qui a été posté par ZBM

  1. Je n'arrive pas à desinstaller ICQ 7.5 J'obtiens le message d'erreur suivant: Error Code: -5006 : 0x80070020 Error Information: >Kernel\TextSubstitution.cpp (609) >SetupNew\setup.cpp (615) PAPP:ICQ7.5 PVENDOR:ICQ (http://www.icq.com) PGUID:7578ADEA-D65F-4C89-A249-B1C88B6FFC20 $14.0.0.162 @Windows XP Service Pack 3 (2600) Non IE/Netscape 61608.18 de plus, depuis que j'ai eu le malheur de reinsaller cette daube, les mise à jours windows sont bloqués......... Pouvez vous m'aider à me debarrasser de ce truc? meci
  2. Dreamweaver 8 est bloqué en mode administrateur. Je l'ai installé et utilisé sans probleme pendant plusieurs semaine. Hier quand j'ai ouvert le programme, tout les sites avaient disparut. En les rajoutant, tout à planté. depuis quand je clique sur l'icone le programme commence à s'ouvrir et disparait. SUr l'icone, il y a le petit symbole d'administrateur et j'ai eu beau regarder dans les propriétés du programme, je ne suis pas arrivé à enlever le mode administrateur, qui d'ailleurs n'est pas coché dans les propriétés. C'est le seul programme sur mon bureau qui à le symbole administrateur. Comment faire pour le désactiver? J'ai desinstallé et reinstallé le software sans aucun succés.
  3. depuis que j'ai re installé IE7, dans option, je ne peu plus choisir la page d'acceuil. EN bas de la fenetre "general" il y a un message: " certains parametres sont gérés par votre administrateur systeme." C'est comme ca depuis la reinstallation.
  4. mon lecteur cd room ne reconnait plus les cd gravé. Que ce soit des photos de la musique, des avi ou des programmes. Il lit correctement tous les cd du commerce, dvd, programmes, ect. De plus, je ne peu plus rien graver.... une idée?
  5. je ne sais pas si je suis dans le bon forum. (hardware?) mon lecteur ne reconnait plus les cdroms. ca me l'avais deja fait apres avoir été infecté par zangocash. J'avais resolu le probleme à l'epoque, mais la....... le cdrom est considéré comme vierge. Il marche sur d'autre PC et c'est la meme chose avec tous ls cdroms! dans systeme tout est normal. je vois pas quoi faire. des idées?
  6. ZBM

    IE7 plante

    non, car il marche sous firefox. J'ai eu une alerte virus que antivir à bloqué et depuis IE7 deconne sur pas mal de truc. comme sur les fichier texte en telechargment ou quand je veux editer les entré de robotform (j'obtien l'erreur 5 ?!) je me demande si la solution n'est pas de desinstaller et reinstaller IE7.......
  7. ZBM

    IE7 plante

    J'obtiens l'erreur suivante quand j'essaye de voir la source d'une page html dans IE7 c:\wndws\system32\notepad.exe windows ne parvient pas à acceder aux peripherique, au chemin d'access ou au fichier specifié. Vous ne beneficiez peu-etre pas des autorisations appropriées pour avoir acces à elements...
  8. pas moyen de scanner avec Panda Activescan.... sinon, voici le rapport de blackice 10/18/06 17:33:45 [info]: BlackLight Engine 1.0.47 initialized 10/18/06 17:33:45 [info]: OS: 5.1 build 2600 (Service Pack 2) 10/18/06 17:33:45 [Note]: 7019 4 10/18/06 17:33:45 [Note]: 7005 0 10/18/06 17:33:48 [Note]: 7006 0 10/18/06 17:33:48 [Note]: 7011 3760 10/18/06 17:33:48 [Note]: 7026 0 10/18/06 17:33:48 [Note]: 7026 0 10/18/06 17:33:52 [Note]: FSRAW library version 1.7.1020
  9. voila Logfile of HijackThis v1.99.1 Scan saved at 11:14:45, on 18/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RemoteControlService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\PollingModule.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\UnifiedStats\ustats.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  10. enfin!!! ca marche. le proprio du programme en question m'a envoyé un autre exe. ca marche!!! pour finir, qu'elle configuration me conseilles-tu? j'ai: antivir zone alarm pro regseeker spybot search and destroy est-ce sufisant? enfin j'aimerai faire une sauvegarde de mon pc. celle de nero est elle bonne ou y'a t'il mieux? pour finir merci du coup de main!!!
  11. non , c'est pareil............ je vai ecrire au service technique du programme......... ca commence à etre frustrant!
  12. y'a 69 fichiers..... je les copies tous? le premier clean-14-10-2006-00.23.27.reg dernier clean-14-10-2006-02.40.43.reg
  13. sous n'importe qu'elle restauration systeme mon programme ne marche plus......... la seule ou le programme marchait refuse de s'installer alors que j'avais pu faire cette restauration plusieurs fois. Je ne sais plus quoi faire. J'avais fait un back up avec nero. Je vai essayer ca demain. si sa marche pas formatage. j'en ai marre. seul probleme, mon windows et sur des cd recovery et je sais pas comment faire pour formater C:
  14. Meme limonade, plus de trojan mais mon programme advanced submitter ne marche plus!!!. il ne se lance pas. Y'a le sablier qui apparait puis disparait....... Je vais donc etre obligé de faire une restauration. peu-etre faire juste un scan avec avg en sans echec, car il vire les trojans et pas tout le reste. Je pense tj qu'un formatage s'impose car peu etre des programmes rogues que j'ai utilisé ont supprimé des trucs important dans windows. enfin, c toi qui sais. pour vundo, mystere. Y'a pas de rapport. j'ai bien regardé dans c: y'a que vundofix backup et rien dedans qui ressemble à un rapport.... voila donc les deux rapports: Logfile of HijackThis v1.99.1 Scan saved at 02:50:32, on 14/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe et: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 02:31:43 14/10/2006 + Résultat de l'analyse: C:\Program Files\Fichiers communs\{E8C34C5B-07CA-1036-0729-050606050021}\services.dll -> Adware.Softomate : Ignoré. C:\Program Files\Fichiers communs\{E8C34C5B-07CB-1036-0729-050606050021}\services.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP170\A0043804.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP170\A0043805.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0043815.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0043816.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0043837.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0044588.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0044589.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP180\A0045821.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP180\A0045822.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0045831.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0045832.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0046872.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0047577.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0047578.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP184\A0047813.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP184\A0047814.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP184\A0047857.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0048950.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0048951.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0048952.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP191\A0075428.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP191\A0075429.dll -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP191\A0075430.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP191\A0075433.exe -> Adware.Softomate : Ignoré. C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Ignoré. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000edc$000000d9.AV$ -> Downloader.Zlob.aop : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP188\A0066877.exe -> Downloader.Zlob.aop : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP167\A0041933.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP168\A0042750.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignoré. C:\Documents and Settings\herve senni\Cookies\herve_senni@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP189\A0070303.dll -> Trojan.Agent.vg : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\winmxw32.dll -> Trojan.Agent.vg : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport c'est dommage car le pc marche vraimment bien........ si se programme n'etait pas aussi important pour moi, je le laisserai comme ca, mais la......... ou alors, refaire la derniere manip mais rebooter entre chaque tache et essayé le dit programme et faire un point de restauration à chaque fois que c bon. Je devrai normalement tomber sur le truc qui bogge.... qu'est-ce que t'en pense?
  15. depuis je recois des alertes antivir: system32\winmxw32.dll TR/Agent.VG.8 temp\iddBD.tmp.exe DIAL/Generic temp\iddC9.tmp.exe DIAL/Generic temp\iddC3.tmp.exe DIAL/Generic Je te join une nouvelle analyse HijackThis, meme si elle ne doit pas etre differente de la derniere. Logfile of HijackThis v1.99.1 Scan saved at 17:52:40, on 13/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\PollingModule.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\UnifiedStats\ustats.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\metagenia\kplan_beta\Kplanbeta.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\launch4j-tmp\Qumana.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\ddcdbab.dll (file missing) O2 - BHO: (no name) - {129F3C02-E45E-4416-8209-0AB0466228A1} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lwcjgysm.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcdbab - ddcdbab.dll (file missing) O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  16. je crois aussi que JV 16 a eu la main lourde. niveau infection, c comme avant la derniere manip. J'ai des alertes antivir. Peu-etre refaire la derniere manip sans jv16? J'avais bien regardé, y'avais que des lignes vertes. Logfile of HijackThis v1.99.1 Scan saved at 18:33:54, on 11/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\UnifiedStats\ustats.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\metagenia\kplan_beta\Kplanbeta.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe C:\WINDOWS\TEMP\win29.tmp.exe C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\ddcdbab.dll (file missing) O2 - BHO: (no name) - {129F3C02-E45E-4416-8209-0AB0466228A1} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lwcjgysm.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcdbab - ddcdbab.dll (file missing) O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  17. devant ton absence j'ai fait une restauration systeme a la date d'avant la derniere manip. le programme remarche, le net est beaucoup plus rapide, mais les trojans sont de retour........... je peux tj annuler la derniere restauration quand tu sera de retour. EN attendant je peux travailler. mais sa deconne plein tube. Je peux plus redemarrer en mode sans echec, et plus le^pc est allumé depuis longtemps plus antivir se dechene....
  18. apres avoir été depanné niveau securité par tornado, http://forum.zebulon.fr/index.php?showtopic=105828 j'ai un de mes programmes les plus importants qui refuse de s'ouvrir. (advanced submitter) j'ai essayé de l'ecraser, de le desinstaller et reinstaller........ nib. quelqu'un pourrait-il m'aidé? je me demande si une restauration systeme ne reglerai pas mon probleme... et le retour des trojans!
  19. J'ai un programme tres important pour moi (advanced submitter) qui ne se lance plus depuis c dernieres manips. j'ai essayé de l'ecraser en reinstalent le prog par dessus, rien à faire....... peu-etre le desinstaller/ reinstaller? j'attends ta reponse avant de faire une betise.... edit bon, ni tenant plus, j'ai desinstallé le prg et reinstallé, toujours pareil. je me demande si la derniere manip n'a pas viré trop de truc.... peu-etre une restauration systeme?
  20. voila, je n'ai pas joins le rapport vundo car je n'ai vu aucune option pour sauvegarder le rapport comme dans les autres logiciels ni le moindre rapport. (?) je n'ai pas desinstallé antivir car je ai viré nod 32 depuis au profit de antivir. ( ai-je bien fait?) pendant le scan en mode sans echec y'avais des messages d'erreur en espagnol: iddp.tmp (?) - C:\WINDOWS\system32\ishost.exe = pas la - C:\WINDOWS\system32\winmxw32.dll = impossible a supprimer rapports Logfile of HijackThis v1.99.1 Scan saved at 14:34:33, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RemoteControlService.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Screen Calipers 3.3\Calipers.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 14:11:42 10/10/2006 + Résultat de l'analyse: C:\Program Files\Fichiers communs\{E8C34C5B-07CA-1036-0729-050606050021}\Update.exe -> Adware.Softomate : Ignoré. C:\Program Files\Fichiers communs\{E8C34C5B-07CB-1036-0729-050606050021}\Update.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP170\A0043805.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0043816.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0044589.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP180\A0045822.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0045832.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0047578.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP184\A0047814.exe -> Adware.Softomate : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0048951.exe -> Adware.Softomate : Ignoré. C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Ignoré. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000edc$000000d7.AV$ -> Downloader.Zlob.aop : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0056596.exe -> Downloader.Zlob.aop : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP167\A0041933.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignoré. C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP168\A0042750.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignoré. C:\WINDOWS\system32\winmxw32.dll -> Trojan.Agent.vg : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452becec\AV000008a0$00000005.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452cc29c\AV000008f4$0000001c.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452cc29c\AV00000908$0000000f.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452cc29c\AV00000924$00000022.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452cc29c\AV00000928$00000008.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_452de59c\AV00000368$0000000d.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4531b49b\AV00000300$00000006.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4531b49b\AV0000036c$00000010.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4531b49b\AV000003b0$00000007.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV0000024c$00000044.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV000006ec$00000063.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000ad4$0000005d.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000db4$00000057.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000dbc$0000001a.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000dd8$00000025.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000df4$00000069.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000df8$0000000f.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000dfc$0000002b.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e10$00000026.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e14$0000002d.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e18$0000006f.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e1c$0000002c.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e20$00000033.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00000e34$00000010.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV000014b8$000000b7.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV00001540$000000cc.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_45324838\AV000017f8$000000be.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV000004e8$00000096.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000834$00000056.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000840$00000008.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000848$0000002c.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV0000084c$00000014.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000850$0000003e.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000854$00000022.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV0000087c$0000000e.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000884$00000023.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000894$0000001a.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000898$00000038.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000a54$00000044.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000ba8$0000004a.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000e08$00000050.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000fa0$00000032.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4543b518\AV00000ff0$00000090.AV$ -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0047932.exe -> Worm.VB.ao : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport
  21. j'ai juste une alerte de antivir: C:\WINDOWS\temp\idd3E.tmp.exe et quand je vais dans windows\temp\ bien sur y'a rien...... sinon ca marche super. merci
  22. bon; apres quelques heures supplementaires de crise de nerfs et de reboot en tous genre, voici les rapports en questions: SmitFraudFix v2.105 Rapport fait à 22:43:03,39, 08/10/2006 Executé à partir de C:\Documents and Settings\mon nom\Bureau\virus\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ismini.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdbab] "Asynchronous"=dword:00000001 "DllName"="ddcdbab.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Dllname"="C:\\Program Files\\Intel\\Wireless\\Bin\\LgNotify.dll" "Logon"="IntelUserLogon" "Logoff"="IntelUserLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\system32\\pmnlm.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,fa,8f,88,97,6d,90,63,48,86,dc,1a,ba,48,f0,31,cf,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,9b,87,7d,3f,e3,9c,f7,9b,\ 4d,d1,d3,83,5b,80,f5,2c,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,dd,\ 4d,54,ee,75,70,a0,09,3e,58,72,d4,5b,4a,f0,5d,b0,01,00,00,15,3e,35,5e,c2,27,\ 35,59,e1,aa,88,c2,8c,63,a1,97,7d,85,1c,96,8c,03,8d,ff,f8,39,e7,6c,cb,ed,69,\ 66,f6,d2,fc,95,6b,fe,a5,fc,ce,35,88,bf,6d,f3,d7,d0,43,ee,11,23,6e,8e,91,1b,\ f2,c9,69,21,ae,d2,83,42,a1,56,c1,25,59,ac,11,52,5a,41,3c,58,54,15,16,85,a3,\ 09,67,7c,1e,f6,ba,0e,19,74,34,97,36,10,72,5e,94,40,74,cf,63,69,49,fe,5d,dd,\ 59,80,9e,5b,e1,f1,2c,ba,12,cf,fc,ca,6e,6b,06,9d,92,d6,e0,9e,39,70,1c,f4,67,\ de,5d,71,59,38,4b,00,89,5c,83,90,83,4d,3a,c0,f5,ca,b4,ce,e0,a7,f9,4f,d7,9f,\ 39,e4,c2,26,e5,57,b6,4c,8c,d4,9a,50,87,19,ef,c7,9d,8d,b9,6b,6b,26,0a,81,13,\ 62,ff,ab,5a,22,87,46,ba,4f,7a,5a,43,ce,fe,c4,92,7e,4f,d3,09,bd,ff,ae,71,63,\ c5,df,68,a1,b9,eb,13,52,ea,04,a5,af,cb,18,42,2a,5c,43,59,86,b5,cb,bf,8b,fd,\ 40,cc,f3,5b,be,ea,6d,8a,7b,79,5c,33,9a,7b,6f,94,4b,fd,e0,fa,64,91,2e,75,df,\ d4,c2,1a,ed,4f,34,54,3a,50,29,b5,de,c1,3d,f6,b4,b9,46,20,43,da,9e,ce,74,0b,\ 3f,de,02,fc,8f,28,66,f1,af,d1,c0,6c,7d,d1,bb,89,cf,9f,63,0c,84,8d,f3,77,2f,\ 99,2d,c2,23,74,e2,8b,26,7f,ba,0c,1b,6e,48,13,5c,3f,97,bb,56,b8,b0,41,09,9d,\ 82,82,fa,0c,e3,10,9d,68,ab,a2,e5,91,f9,d4,f9,6e,38,7e,10,12,21,18,9d,44,e3,\ d6,c7,f6,1e,c4,b2,93,d3,85,8b,7d,c8,e5,3e,90,8f,63,87,c8,fc,9e,3f,fc,c2,94,\ e9,a3,f8,c1,4a,55,c8,28,5e,b8,b3,01,15,87,a1,d6,b5,4f,5c,6f,0b,fe,43,72,d2,\ b8,98,34,d7,28,ee,c6,12,e5,85,72,2b,9e,e7,a0,19,61,22,f5,f2,78,ef,d5,18,38,\ 78,14,00,00,00,ca,00,e6,e8,7a,f6,1a,1d,1b,dd,5e,d6,07,4a,04,1e,71,dd,74,21 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmxw32] "Asynchronous"=dword:00000001 "DllName"="winmxw32.dll" "Impersonate"=dword:00000000 "Startup"="EvtStartup" "Shutdown"="EvtShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler" "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler" "{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL" "{06712C80-5BDC-11D4-B8EE-B5DE61CA987B}"="Exte" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="a-squared Context Menu Shell Extension" "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders" "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand" "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task" "{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar" "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete" "{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar" "{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site" "{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band" "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List" "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu" "{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand" "{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy" "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List" "{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}"="Feed Platform Data Source" "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List" "{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container" "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture" "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite" "{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu" "{F0353E1D-FEEC-474e-A984-1E5C6865E380}"="IE Global Folder Settings" "{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links" "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility" "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist" "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}"="Bluetooth" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ xmllite.dll Fri 14 Jul 2006 17:52:22 ..... 121 856 119,00 K hlink.dll Fri 21 Jul 2006 10:27:28 A.... 72 704 71,00 K netapi32.dll Fri 14 Jul 2006 17:41:06 A.... 332 288 324,50 K sirenacm.dll Sat 29 Jul 2006 19:32:50 A.... 48 936 47,79 K icardie.dll Wed 23 Aug 2006 0:10:54 ..... 61 440 60,00 K ieapfltr.dll Tue 22 Aug 2006 23:36:04 ..... 380 928 372,00 K ieframe.dll Wed 23 Aug 2006 0:31:08 ..... 5 906 432 5,63 M iertutil.dll Wed 23 Aug 2006 0:09:46 A.... 262 656 256,50 K ieui.dll Wed 23 Aug 2006 0:31:08 ..... 175 616 171,50 K msfeeds.dll Wed 23 Aug 2006 0:31:08 ..... 457 728 447,00 K admparse.dll Wed 23 Aug 2006 0:13:42 A.... 71 680 70,00 K advpack.dll Wed 23 Aug 2006 0:13:20 A.... 122 880 120,00 K browseui.dll Tue 15 Aug 2006 19:32:24 A.... 1 022 976 999,00 K fltlib.dll Mon 21 Aug 2006 14:26:16 A.... 16 896 16,50 K shell32.dll Thu 13 Jul 2006 15:36:02 A.... 8 509 952 8,11 M inetcomm.dll Thu 27 Jul 2006 15:26:20 A.... 679 424 663,50 K vsdata.dll Wed 23 Aug 2006 23:37:58 A.... 83 960 81,99 K vsutil.dll Wed 23 Aug 2006 23:38:04 A.... 440 312 429,99 K vsmonapi.dll Wed 23 Aug 2006 23:38:00 A.... 104 440 101,99 K vspubapi.dll Wed 23 Aug 2006 23:38:02 A.... 268 280 261,99 K vsinit.dll Wed 23 Aug 2006 23:38:00 A.... 157 688 153,99 K zlcommdb.dll Wed 23 Aug 2006 23:38:06 A.... 71 672 69,99 K shlwapi.dll Tue 15 Aug 2006 19:32:26 A.... 474 112 463,00 K shdocvw.dll Tue 15 Aug 2006 19:32:26 A.... 1 497 088 1,43 M vsxml.dll Wed 23 Aug 2006 23:38:04 A.... 100 344 97,99 K corpol.dll Wed 23 Aug 2006 0:16:02 A.... 16 896 16,50 K extmgr.dll Wed 23 Aug 2006 0:31:08 A.... 130 560 127,50 K vswmi.dll Wed 23 Aug 2006 23:38:04 A.... 59 384 57,99 K zlcomm.dll Wed 23 Aug 2006 23:38:06 A.... 83 960 81,99 K ieakeng.dll Wed 23 Aug 2006 0:13:54 A.... 152 064 148,50 K ieaksie.dll Wed 23 Aug 2006 0:14:02 A.... 229 376 224,00 K ieakui.dll Tue 22 Aug 2006 23:30:58 A.... 161 792 158,00 K iedkcs32.dll Wed 23 Aug 2006 0:14:10 A.... 378 368 369,50 K ieencode.dll Wed 23 Aug 2006 0:18:20 A.... 78 336 76,50 K vsregexp.dll Wed 23 Aug 2006 23:38:02 A.... 71 672 69,99 K iepeers.dll Wed 23 Aug 2006 0:31:08 A.... 189 440 185,00 K iernonce.dll Wed 23 Aug 2006 0:13:30 A.... 43 008 42,00 K iesetup.dll Wed 23 Aug 2006 0:13:40 A.... 55 296 54,00 K inseng.dll Wed 23 Aug 2006 0:13:34 A.... 92 672 90,50 K jscript.dll Wed 23 Aug 2006 0:12:56 A.... 487 424 476,00 K jsproxy.dll Wed 23 Aug 2006 0:31:08 A.... 26 624 26,00 K licmgr10.dll Wed 23 Aug 2006 0:17:26 A.... 40 448 39,50 K mshtml.dll Wed 23 Aug 2006 0:31:08 A.... 3 494 400 3,33 M legitc~1.dll Mon 7 Aug 2006 9:50:22 A.... 1 484 592 1,41 M mshtmled.dll Wed 23 Aug 2006 0:31:08 A.... 472 576 461,50 K mshtmler.dll Tue 22 Aug 2006 23:37:30 A.... 48 128 47,00 K msls31.dll Wed 23 Aug 2006 0:31:08 A.... 152 064 148,50 K msrating.dll Wed 23 Aug 2006 0:17:30 A.... 192 000 187,50 K mstime.dll Wed 23 Aug 2006 0:31:08 A.... 670 720 655,00 K occache.dll Wed 23 Aug 2006 0:17:14 A.... 100 352 98,00 K pngfilt.dll Wed 23 Aug 2006 0:10:40 A.... 44 032 43,00 K urlmon.dll Wed 23 Aug 2006 0:31:08 A.... 1 138 688 1,09 M vbscript.dll Wed 23 Aug 2006 0:31:08 A.... 413 696 404,00 K webcheck.dll Wed 23 Aug 2006 0:31:08 A.... 225 792 220,50 K wininet.dll Wed 23 Aug 2006 0:31:08 A.... 809 472 790,50 K winmxw32.dll Thu 5 Oct 2006 22:53:22 A.... 18 432 18,00 K pmnlm.dll Fri 6 Oct 2006 14:01:08 ..... 684 084 668,05 K avsda.dll Thu 7 Sep 2006 12:56:36 A.... 57 384 56,04 K url.dll Wed 23 Aug 2006 0:17:32 A.... 105 472 103,00 K libeay~1.dll Wed 23 Aug 2006 23:37:52 A.... 796 584 777,91 K vsutil~1.dll Wed 23 Aug 2006 23:39:32 A.... 42 920 41,91 K msfeed~1.dll Wed 23 Aug 2006 0:31:08 ..... 50 688 49,50 K dxtmsft.dll Wed 23 Aug 2006 0:10:44 A.... 346 624 338,50 K dxtrans.dll Wed 23 Aug 2006 0:10:08 A.... 213 504 208,50 K imgutil.dll Wed 23 Aug 2006 0:10:30 A.... 35 328 34,50 K 65 items found: 65 files, 0 directories. Total of file sizes: 35 337 140 bytes 33,70 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Sun 8 Oct 2006 22:00:12 A.... 143 0,14 K mlnmp.tmp Sun 8 Oct 2006 23:03:38 ..SH. 7 820 7,64 K 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 7 963 bytes 7,77 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est E8C3-4C5B R‚pertoire de C:\WINDOWS\System32 08/10/2006 23:23 8ÿ038 mlnmp.ini2 08/10/2006 23:06 7ÿ820 mlnmp.ini 08/10/2006 23:03 7ÿ820 mlnmp.tmp 08/10/2006 22:28 6ÿ520 mlnmp.bak1 08/10/2006 14:29 360ÿ758 mlnmp.bak2 28/10/2005 21:14 <REP> Microsoft 28/10/2005 21:00 <REP> dllcache 19/02/2003 15:06 438ÿ272 cmcs21.ocx 06/11/2001 07:57 233ÿ472 SmartMenuXP.ocx 13/10/2001 23:48 28ÿ672 SmartMenuXP.dll 27/04/2001 14:11 24ÿ576 SmartSubClass.dll 9 fichier(s) 1ÿ115ÿ948 octets 2 R‚p(s) 41ÿ106ÿ374ÿ656 octets libres Logfile of HijackThis v1.99.1 Scan saved at 23:34:25, on 08/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\PROGRA~1\WANADOO\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\hijackthis\ZBM.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL F3 - REG:win.ini: load=???? O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\ddcdbab.dll (file missing) O2 - BHO: (no name) - {129F3C02-E45E-4416-8209-0AB0466228A1} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lwcjgysm.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcdbab - ddcdbab.dll (file missing) O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  23. maintenant j'ai un trojan, TR/Vundo.gen. ANtivir sonne toutes les 10 segondes. Ce qui me donne une envie de regler le probleme à coup de hache. Dommage, je n'en ai pas une. j'ai trouvé Vundofix V6.2.0 sur un autre forum. Il le trouve bien, mais comme antivir, il ne peu pas l'effacer.... j'ai une furieuse envie de tout formater et de recomencer à zero!
  24. C'est pire que jamais! Antivire me signale tout le temps le meme trojan: C: \WINDOWS\system32\ddcdbab.dll trojan TR/vundo.gen j'obtiens aussi le message d'erreur: Le fichier ou le repertoire \wndws\Sytem32\mlnmp.ini2 est endomagé eet illisible. executez l'utilitaire CHKDSK (?) le demarage du pc est de plus en plus laborieux. j'attends votre reponse avec impatiance mais je pense qu'une bonne defrag et une reinstallation s'impose...
  25. bon apres plus de 5 heures de scan en mode sans echec et plusieurs heures de bagarres avec mon pc qui plantait tout le temps, voici les rapports: AntiVir PersonalEdition Classic Report file date: samedi 7 octobre 2006 18:15 Version information: AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:58 AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:34 LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:34 LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:34 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:28 ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 14:23:24 ANTIVIR2.VDF : 6.36.0.90 2048 02/10/2006 14:23:24 ANTIVIR3.VDF : 6.36.0.96 62976 06/10/2006 14:23:24 AVEWIN32.DLL : 7.2.0.25 1860096 07/10/2006 14:23:24 AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:06 AVREP.DLL : 6.36.0.79 843816 07/10/2006 14:23:24 AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:32 AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:30 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50 NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:56 RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:58 RCTEXT.DLL : 7.0.1.4 77864 07/10/2006 14:23:20 Configuration settings for the scan: Jobname.......................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,D,E Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004,1005, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: samedi 7 octobre 2006 18:15 The scan of running processes will be started 5 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 45 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\ddcdbab.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] The file could not be deleted! C:\WINDOWS\system32\opnkijk.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\yaywvtt.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\winmxw32.dll [DETECTION] Is the Trojan horse TR/Agent.VG.8 [WARNING] The file could not be deleted! C:\WINDOWS\system32\xxyywtr.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\qomliig.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\pmnlm.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] The file could not be deleted! C:\WINDOWS\system32\ssqoopp.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\vtuvttq.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\vtutqqp.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\nnnnmno.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SYSTEM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SOFTWARE [WARNING] The file could not be opened! C:\WINDOWS\system32\config\DEFAULT [WARNING] The file could not be opened! C:\WINDOWS\Temp\idd64A.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddAA1.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddB88.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\winC41.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\Temp\winC63.tmp.exe [DETECTION] Contains signature of the dropper DR/Shelled.Gen [iNFO] The file was deleted! C:\WINDOWS\Temp\iddC75.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddF7.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd5DD.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddB1C.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddC47.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddCD7.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd1177.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd70.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd66.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\winB2.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\WINDOWS\Temp\winE7.tmp.exe [DETECTION] Contains signature of the dropper DR/Shelled.Gen [iNFO] The file was deleted! C:\WINDOWS\Temp\iddAA.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\iddA9.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd3C.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\WINDOWS\Temp\idd15B.tmp.exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\herve senni\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\herve senni\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\herve senni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\herve senni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP162\A0041833.exe [DETECTION] Contains signature of the dropper DR/Shelled.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP171\A0043838.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0046866.dll [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0046867.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0046868.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP181\A0046873.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0051154.dll [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052169.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052170.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052171.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052172.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052173.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052174.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052175.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{DD444AA6-4667-4079-B2F5-6E477341C462}\RP185\A0052176.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Jan-2005.tar [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Jul-2005.gz [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Jun-2005.gz [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Mar-2005.gz [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Nov-2004.gz [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.net-Oct-2004.gz [WARNING] The file could not be opened! D:\Dossiers Sites\Dossiers HTML\Stats BigB00bs\bigb00bs.tar [WARNING] The file could not be opened! End of the scan: samedi 7 octobre 2006 23:59 Used time: 5:44:01 min The scan has been canceled! 15253 Scanning directories 321267 Files were scanned 46 viruses and/or unwanted programs were found 43 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 7739 Archives were scanned 29 Warnings 6 Notes Logfile of HijackThis v1.99.1 Scan saved at 00:45:13, on 08/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\FolderShare\FolderShare.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\WANADOO\Toaster.exe C:\PROGRA~1\WANADOO\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\WANADOO\PollingModule.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\PROGRA~1\WANADOO\Watch.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\hijackthis\ZBM.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\ddcdbab.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lwcjgysm.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A65C4AE3-5053-471B-9969-68CB323B1B65} - C:\WINDOWS\system32\pmnlm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{38C34C5B-07CB-1036-0729-050606050021}\MyToolBar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{38C34C5B-07CB-1036-0729-050606050021}\MyToolBar.dll O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140320031296 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0850C316-6217-418F-8A65-19CE24438D24}: NameServer = 86.64.145.140,84.104.237.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddcdbab - C:\WINDOWS\SYSTEM32\ddcdbab.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe Uninstall list Adobe Common File Installer Adobe Download Manager 2.0 (Supprimer uniquement) Adobe Reader 7.0.7 Adobe Stock Photos 1.0 AdvancedSubmitter AI RoboForm (All Users) AI RoboForm Adapter for Firefox/Mozilla/Netscape a-squared Free 1.6.5 Asus ChkMail ASUS Live Update ASUS Probe V2.11 ASUSDVD ATI Display Driver ATK0100 ACPI UTILITY Avira AntiVir PersonalEdition Classic Bluetooth Stack for Windows by Toshiba CoffeeCup Firestarter Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 DivX DivX Player DivX Web Player Easy Thumbnails (Remove only) FolderShare FolderShare FUJIFILM USB Driver Good Keywords v2.0.072205 Google Toolbar for Internet Explorer Gradientex 1.2 HandyTools for Web Designer 1.2 HDAUDIO SoftV92 Data Fax Modem with SmartCP High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 Hotfix for Windows XP (KB915865) ICQ 5.1 Intel® PROSet/Wireless Software Iomega Automatic Backup Pro Iomega Product Registration IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Kplan 1.723 bêta Lecteur Windows Media 10 Link dump Submitter Livebox Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash Player 8 MailWasher Pro mCore mDriver mDrWiFi mEoU.msi mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Windows Media Video 9 VCM Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB900930) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) mIWA mIWCA mLogView mMHouse Mozilla Firefox (1.5.0.7) mPfMgr mPfWiz mProSafe MSN mWlsSafe mXML mZConfig Nero 7 Demo NOD32 Antivirus System OpenOffice.org 2.0 Outil de connexion Wanadoo Package de base Microsoft de service de chiffrement pour cartes à puce Panda ActiveScan PC Inspector File Recovery Power IEv3 Power4 Gear PowerDirector QuickTime Qumana Realtek High Definition Audio Driver Remote Controller Russell Brunson's Forum Fortunes Full Screen Calipers Selteco Bannershop GIF Animator Skype 2.0 SmartFTP Client 2.0 SmartFTP Client 2.0 Setup Files (remove only) SnagIt 7 SpywareBlaster v3.5.1 Synaptics Pointing Device Driver ToolBar888 Uniblue Registry Booster Unified Stats v1.112 Viewpoint Media Player VSToolbar for Internet Explorer Wanadoo Messager Web CEO 6.0 WebLog Expert 3.1 Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 WinFlash WinHTTrack Website Copier 3.23 WinZip Wireless Console Xenu's Link Sleuth X-Fonter 5.5 ZoneAlarm Pro SmitFraudFix v2.105 Rapport fait à 0:50:44,42, 08/10/2006 Executé à partir de C:\Documents and Settings\mon nom\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe PRESENT ! C:\WINDOWS\system32\ismini.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mon nom »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mon nom\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERVES~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin voila!!!! Je suis en train de repasser Antivir et il trouve tous les virus qu'il a effacé en mode sans echec....
×
×
  • Créer...