baloo777

Voila qui est fait, en revanche je ne sais pas si j'ai bien fait le plug de tout mes supports USB mais e tout cas le rapport est bien là! Merci pour ton diagnostic, j'attends ta réponse! ComboFix 09-01-17.04 - BALOO 2009-01-18 17:07:22.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1014.446 [GMT 1:00] Lancé depuis: c:\documents and settings\BALOO\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1169 [VPS 080610-0] *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\08dgu.com C:\0u.cmd C:\1u0o8bnq.cmd C:\2.exe C:\22xo.exe C:\68.exe C:\9.cmd C:\9yqusig.bat C:\a1.bat C:\abk.bat C:\Autorun.inf C:\b.com C:\b.exe C:\b0j6j16.bat C:\bo1dhu.bat C:\cqdis.cmd c:\documents and settings\BALOO\Application Data\02000000292e1296515C.manifest c:\documents and settings\BALOO\Application Data\02000000292e1296515O.manifest c:\documents and settings\BALOO\Application Data\02000000292e1296515P.manifest c:\documents and settings\BALOO\Application Data\02000000292e1296515S.manifest C:\e.cmd C:\ev60a2.cmd C:\fe.bat C:\i.bat C:\iq.bat C:\iqe68o.bat C:\itsduel.exe C:\j60osk9.cmd C:\kk3.bat C:\lky.exe C:\m.cmd C:\m2nl.bat C:\n6t1h.cmd C:\nfdmg.com C:\otyh.cmd C:\qoes.bat C:\qwultj1.bat C:\vva0hc0p.cmd C:\vxl.exe c:\windows\Downloaded Program Files\setup.inf c:\windows\expiorer.exe c:\windows\GnuHashes.ini c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_dzsrbbqxva.dll c:\windows\system32\amvo.exe c:\windows\system32\amvo0.dll c:\windows\system32\amvo1.dll c:\windows\system32\AutoRun.inf c:\windows\system32\Bitkv0.dll c:\windows\system32\Bitkv1.dll c:\windows\system32\ciuytr0.dll c:\windows\system32\ciuytr2.dll c:\windows\system32\ckvo.exe c:\windows\system32\ckvo0.dll c:\windows\system32\ckvo1.dll c:\windows\system32\ckvo2.dll c:\windows\system32\dzsrbbqxva.dll c:\windows\system32\gasretyw0.dll c:\windows\system32\gasretyw1.dll c:\windows\system32\GroupPolicy000.dat c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\23.music.mp3 c:\windows\system32\GroupPolicyManifest\23.music.mp3.kwd c:\windows\system32\GroupPolicyManifest\24.crack.zip c:\windows\system32\GroupPolicyManifest\24.crack.zip.kwd c:\windows\system32\GroupPolicyManifest\25.video.zip c:\windows\system32\GroupPolicyManifest\25.video.zip.kwd c:\windows\system32\GroupPolicyManifest\26.setup.zip c:\windows\system32\GroupPolicyManifest\26.setup.zip.kwd c:\windows\system32\GroupPolicyManifest\27.unpack.zip c:\windows\system32\GroupPolicyManifest\27.unpack.zip.kwd c:\windows\system32\GroupPolicyManifest\28.keygen.zip c:\windows\system32\GroupPolicyManifest\28.keygen.zip.kwd c:\windows\system32\GroupPolicyManifest\29.serial.zip c:\windows\system32\GroupPolicyManifest\29.serial.zip.kwd c:\windows\system32\GroupPolicyManifest\30.mpgvideo.mpg c:\windows\system32\GroupPolicyManifest\30.mpgvideo.mpg.kwd c:\windows\system32\kamsoft.exe c:\windows\system32\kav320.dll c:\windows\system32\vamsoft.exe C:\wjlfhtfm.cmd C:\x0.cmd C:\x2tpc.cmd C:\xcisvxl.com C:\xih9.cmd C:\xk2n.bat C:\yb12j.cmd C:\yew.bat D:\08dgu.com D:\0u.cmd D:\1u0o8bnq.cmd D:\22xo.exe D:\68.exe D:\9.cmd D:\9yqusig.bat D:\a1.bat D:\abk.bat D:\Autorun.inf D:\b.com D:\b.exe D:\b0j6j16.bat D:\bo1dhu.bat D:\cqdis.cmd D:\e.cmd D:\ev60a2.cmd D:\fe.bat D:\i.bat D:\iq.bat D:\iqe68o.bat D:\itsduel.exe D:\j60osk9.cmd D:\kk3.bat D:\lky.exe D:\m.cmd D:\m2nl.bat D:\n6t1h.cmd D:\nfdmg.com D:\otyh.cmd D:\qoes.bat D:\qwultj1.bat D:\vva0hc0p.cmd D:\vxl.exe D:\wjlfhtfm.cmd D:\x0.cmd D:\x2tpc.cmd D:\xcisvxl.com D:\xih9.cmd D:\xk2n.bat D:\yb12j.cmd D:\yew.bat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-18 au 2009-01-18 )))))))))))))))))))))))))))))))))))) . 2009-01-18 17:16 . 2009-01-18 17:16 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest 2009-01-18 17:16 . 2009-01-18 17:16 373,760 --ahs---- c:\windows\system32\3.tmp 2009-01-18 16:31 . 2009-01-18 16:56 <REP> d-------- C:\ToolBar SD 2009-01-18 14:02 . 2009-01-18 14:01 107,289 -r-hs---- C:\v63enh.exe 2009-01-18 14:01 . 2009-01-18 14:01 107,289 -r-hs---- c:\windows\system32\urretnd.exe 2009-01-18 14:01 . 2009-01-18 14:01 89,600 -r-hs---- c:\windows\system32\optyhww0.dll 2009-01-18 13:59 . 2009-01-18 13:59 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll 2009-01-18 07:18 . 2009-01-18 07:19 373,760 --ahs---- c:\windows\system32\1F9.tmp 2009-01-15 07:06 . 2009-01-15 07:07 373,760 --ahs---- c:\windows\system32\245.tmp 2009-01-14 03:03 . 2009-01-14 03:03 <REP> d-------- c:\windows\system32\GroupPolicyManifest(2) 2009-01-13 16:36 . 2009-01-18 13:58 110,834 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-13 16:36 . 2009-01-18 13:59 95,744 --------- c:\windows\system32\nmdfgds0.dll 2009-01-13 12:32 . 2009-01-13 12:32 107,692 -r-hs---- C:\bd3q0qix.exe 2009-01-13 12:21 . 2009-01-13 12:21 89,600 -r-hs---- c:\windows\system32\cvnmhg3.dll 2009-01-13 12:21 . 2009-01-13 12:21 89,600 --------- c:\windows\system32\cvnmhg2.dll 2009-01-13 02:08 . 2009-01-13 02:08 373,760 --ahs---- c:\windows\system32\1E4.tmp 2009-01-12 16:10 . 2004-08-05 13:00 70,656 --a------ c:\windows\AhnRpta.exe 2009-01-12 01:30 . 2009-01-18 14:00 47,583 --a------ c:\windows\system32\dqilmnwnqwf.exe 2009-01-12 01:28 . 2009-01-12 01:28 135,168 --a------ c:\windows\system32\els32.dll 2009-01-06 18:47 . 2009-01-13 12:20 89,600 --------- c:\windows\system32\cvnmhg1.dll 2009-01-06 18:19 . 2009-01-06 18:19 <REP> d-------- c:\program files\Bonjour 2009-01-06 18:17 . 2009-01-06 18:18 <REP> d-------- c:\program files\iTunes 2009-01-06 18:17 . 2009-01-06 18:17 <REP> d-------- c:\program files\iPod 2009-01-06 18:17 . 2009-01-06 18:18 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-06 18:14 . 2009-01-06 18:15 <REP> d-------- c:\program files\QuickTime 2009-01-05 23:05 . 2009-01-09 19:37 120,617 -r-hs---- C:\wqesvxa.exe 2009-01-05 23:05 . 2009-01-18 13:58 89,600 -r-hs---- c:\windows\system32\cvnmhg0.dll 2009-01-05 18:34 . 2009-01-13 12:20 90,112 -r-hs---- c:\windows\system32\ciuytr1.dll 2009-01-01 03:31 . 2009-01-05 11:58 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll 2008-12-31 21:25 . 2009-01-01 02:17 84,992 -r-hs---- c:\windows\system32\kav321.dll 2008-12-31 14:54 . 2008-12-02 21:01 108,698 -r-hs---- C:\nyh9ok.exe 2008-12-31 14:54 . 2008-12-31 14:54 0 --a------ c:\windows\ViewNX.INI 2008-12-31 14:50 . 2008-12-31 14:51 <REP> d-------- c:\documents and settings\BALOO\Application Data\Nikon 2008-12-31 14:38 . 2009-01-01 02:17 121,609 -r-hs---- C:\e8kj.exe 2008-12-31 14:24 . 2007-02-09 05:30 95,744 -ra------ c:\windows\system32\atl80.dll 2008-12-31 14:22 . 2008-12-31 14:22 <REP> d-------- c:\program files\OLYMPUS 2008-12-31 14:07 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2008-12-31 14:07 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2008-12-31 14:06 . 2008-12-31 14:07 <REP> d-------- c:\windows\system32\Samsung_USB_Drivers 2008-12-31 14:06 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2008-12-31 14:05 . 2008-12-31 14:05 <REP> d-------- c:\program files\Samsung 2008-12-31 13:55 . 2008-12-31 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\ColorSync 2008-12-31 13:55 . 2008-12-31 14:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2008-12-31 13:54 . 2008-12-31 13:56 <REP> d-------- c:\program files\Nikon 2008-12-31 13:54 . 2008-12-31 13:58 <REP> d-------- c:\program files\Fichiers communs\Nikon 2008-12-31 13:54 . 2008-12-31 14:26 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies 2008-12-31 13:54 . 2008-12-31 13:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon 2008-12-31 13:53 . 2008-12-31 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15 2008-12-31 13:53 . 2008-12-31 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp 2008-12-31 13:53 . 2008-12-31 14:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-12-24 20:31 . 2009-01-01 12:49 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-18 12:42 --------- d-----w c:\documents and settings\BALOO\Application Data\LimeWire 2009-01-13 13:20 --------- d-----w c:\documents and settings\BALOO\Application Data\vlc 2009-01-12 17:29 --------- d-----w c:\documents and settings\BALOO\Application Data\BitTorrent 2009-01-12 14:45 --------- d-----w c:\documents and settings\BALOO\Application Data\U3 2009-01-12 00:23 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-06 17:17 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-06 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-31 13:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-31 12:53 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-12-02 20:01 108,698 --sh--r C:\6fnlpetp.exe 2008-11-29 10:23 111,636 --sh--r C:\o1.com 2008-11-22 09:17 --------- d-----w c:\program files\Realtek 2008-11-22 09:16 --------- d-----w c:\program files\Audio 2008-11-10 13:44 108,271 --sh--r C:\whi.com 2008-11-08 12:46 108,973 --sh--r C:\sq.com 2008-10-28 16:54 67,167,528 ----a-w c:\program files\iTunes801Setup.exe 2008-10-20 14:32 106,249 --sh--r C:\2fiji.com 2008-10-15 15:08 20,876,269 ----a-w c:\program files\Realtek Audio Driver 5.10.0.5148.zip 2008-03-05 09:08 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe 2009-01-05 18:55 654,336 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536] "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-28 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-11 185896] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\BALOO\Menu D‚marrer\Programmes\D‚marrage\ Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-12 113664] D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2008-04-15 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-04-15 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2007-06-13 78848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\405f3647515] 2009-01-12 01:28 135168 c:\windows\system32\els32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "VIDC.SP54"= SP5X_32.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-11 75856] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-11 20560] S3 USBCamera;Philips ThumbCam Still Camera;c:\windows\system32\drivers\Bulk50x.sys [2008-06-10 10986] S4 Ca50xav;Philips ThumbCam Video Device;c:\windows\system32\drivers\ca50xav.sys [2008-06-10 515803] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00bdbd88-0f90-11dd-91c3-0013ce7d1a45}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00bdbd89-0f90-11dd-91c3-0013ce7d1a45}] \Shell\AutoRun\command - G:\n6t1h.cmd \Shell\explore\Command - G:\n6t1h.cmd \Shell\open\Command - G:\n6t1h.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abaa484-2c20-11dd-91eb-0013ce7d1a45}] \Shell\AutoRun\command - F:\lky.exe \Shell\explore\Command - F:\lky.exe \Shell\open\Command - F:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d39eba-c152-11dd-927b-0013ce7d1a45}] \Shell\AutoRun\command - F:\e.cmd \Shell\explore\Command - F:\e.cmd \Shell\open\Command - F:\e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1be91dfa-088d-11dd-91b1-0013ce7d1a45}] \Shell\AutoRun\command - G:\iqe68o.bat \Shell\explore\Command - G:\iqe68o.bat \Shell\open\Command - G:\iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24759f60-a9a1-11dd-9244-0013ce7d1a45}] \Shell\AutoRun\command - F:\abk.bat \Shell\explore\Command - F:\abk.bat \Shell\open\Command - F:\abk.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2602a1d6-0953-11dd-91b3-0013ce7d1a45}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f32b1ab-93b8-11dd-921e-0013ce7d1a45}] \Shell\AutoRun\command - G:\rdsfk.com \Shell\explore\Command - G:\rdsfk.com \Shell\open\Command - G:\rdsfk.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6162776c-e0de-11dd-92a4-0013ce7d1a45}] \Shell\AutoRun\command - F:\2.exe \Shell\open\Command - F:\2.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{663a8afc-b4ad-11dd-9254-0013ce7d1a45}] \Shell\AutoRun\command - b.com \Shell\explore\Command - b.com \Shell\open\Command - b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7837b74e-aa7f-11dd-91aa-0013ce7d1a45}] \Shell\AutoRun\command - F:\e.cmd \Shell\explore\Command - F:\e.cmd \Shell\open\Command - F:\e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f1acd2c-07ea-11dd-91af-0013ce7d1a45}] \Shell\AutoRun\command - G:\2w.cmd \Shell\explore\Command - G:\2w.cmd \Shell\open\Command - G:\2w.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8543e45c-bfcf-11dd-9275-0013ce7d1a45}] \Shell\AutoRun\command - e.cmd \Shell\explore\Command - F:\ \Shell\open\Command - F:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a48eaed6-d29a-11dd-928d-0013ce7d1a45}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95f1adf-a4e5-11dd-923a-0013ce7d1a45}] \Shell\AutoRun\command - F:\e.cmd \Shell\explore\Command - F:\e.cmd \Shell\open\Command - F:\e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac740820-80ab-11dd-920f-0013ce7d1a45}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af262184-c03e-11dd-9277-0013ce7d1a45}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b62a143c-d772-11dd-9295-0013ce7d1a45}] \Shell\AutoRun\command - G:\nyh9ok.exe \Shell\explore\Command - G:\nyh9ok.exe \Shell\open\Command - G:\nyh9ok.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9daf174-b7a6-11dd-9255-0013ce7d1a45}] \Shell\AutoRun\command - lky.exe \Shell\explore\Command - lky.exe \Shell\open\Command - lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0f497a-d71a-11dd-9293-0013ce7d1a45}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0f497b-d71a-11dd-9293-0013ce7d1a45}] \Shell\AutoRun\command - G:\x2tpc.cmd \Shell\open\Command - G:\x2tpc.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc89fa7c-b879-11dd-925b-0013ce7d1a45}] \Shell\AutoRun\command - F:\b.com \Shell\explore\Command - F:\b.com \Shell\open\Command - F:\b.com . Contenu du dossier 'Tâches planifiées' 2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe FF - ProfilePath - c:\documents and settings\BALOO\Application Data\Mozilla\Firefox\Profiles\1va5ffx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll ---- PARAMETRES FIREFOX ---- FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 17:15:55 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\GroupPolicy000.dat 0 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(664) c:\windows\System32\els32.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\windows\AhnRpta.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Heure de fin: 2009-01-18 17:21:00 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-18 16:20:41 Avant-CF: 5 098 119 168 octets libres Après-CF: 8,879,935,488 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 463 --- E O F --- 2008-12-24 20:38:51

Voici donc le second rapport comme prévu, je poursuis donc... -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz ) BIOS : Phoenix NoteBIOS 4.0 Release 6.1 USER : BALOO ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1169 [VPS 080610-0] 4.8.1169 (Not Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:44 Go (Free:3 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 18/01/2009|16:46 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\BALOO\Cookies\baloo@dealio[1].txt Supprime! - C:\DOCUME~1\BALOO\APPLIC~1\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\DOCUME~1\BALOO\LOCALS~1\Temp\ICD1.tmp Supprime! - C:\DOCUME~1\BALOO\APPLIC~1\Search Settings Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.google.com"'>http://www.google.com"'>http://www.google.com" "Default_Page_URL"="http://www.google.com" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Start Page Restore"="http://google.fr/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\BALOO\Mes documents\Cours\MArketing Des services Photostation\Cl‚ Nelly\acoustica[1].mp3.audio.mixer.2.471.keygen-rev.rar 1 - "C:\ToolBar SD\TB_1.txt" - 18/01/2009|16:37 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 18/01/2009|16:56 - Option : [2] -----------\\ Fin du rapport a 16:56:44,30 A plus tard encore merci!

Re...voici l'apperçu du premier rapport option 1, merci! -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz ) BIOS : Phoenix NoteBIOS 4.0 Release 6.1 USER : BALOO ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1169 [VPS 080610-0] 4.8.1169 (Not Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:44 Go (Free:3 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 18/01/2009|16:34 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\BALOO\Cookies\baloo@dealio[1].txt C:\DOCUME~1\BALOO\APPLIC~1\Search Settings C:\DOCUME~1\BALOO\APPLIC~1\Search Settings\kb127 C:\DOCUME~1\BALOO\APPLIC~1\Search Settings\kb127\res C:\DOCUME~1\BALOO\APPLIC~1\Search Settings\kb127\temp C:\DOCUME~1\BALOO\APPLIC~1\Search Settings\kb127\temp\ws-14262.log C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\kb127\res C:\Program Files\Search Settings\kb127\SearchSettings.dll C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll C:\Program Files\Search Settings\kb127\temp C:\DOCUME~1\BALOO\LOCALS~1\Temp\ICD1.tmp -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.google.com"'>http://www.google.com"'>http://www.google.com"'>http://www.google.com" "Default_Page_URL"="http://www.google.com" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Start Page Restore"="http://google.fr/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\BALOO\Mes documents\Cours\MArketing Des services Photostation\Cl‚ Nelly\acoustica[1].mp3.audio.mixer.2.471.keygen-rev.rar 1 - "C:\ToolBar SD\TB_1.txt" - 18/01/2009|16:37 - Option : [1] -----------\\ Fin du rapport a 16:37:50,36

désolé mais je suis vraiment une calamité avec l'ordi et à en l'occurence j'a tenté la manip que tu m'as indiqué mais je ne trouve pas les rubriques demandées elles ont disparues! R3 searchsettings... et autre donc je ne peux pas continuer! Que dois-je faire pour remettre la main dessus? Encore merci pour ta patience et ta réponse

Bonjour à toutes et à tous! Je suis nouveau sur le forum et je souhaite trouver de l'aide concernant mon ptit soucis de malwares. En effet depuis plusieurs jours maitenant mo navigateur fatigue car victime de "Ron Milehighads..." bref une horreur, je souhaite savoirsiquelq'un est en mesure de me fournir de l'aide! Merci par avance, ci joint mon rapport hijackthis! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:17, on 18/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\expiorer.exe C:\WINDOWS\AhnRpta.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\regsvr32.exe C:\Documents and Settings\BALOO\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: milehighads browser enhancer - {E579C9C5-1BB7-0127-7826-C3FE71063C26} - C:\WINDOWS\system32\dzsrbbqxva.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [zgqmwlcsetknpn] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\dzsrbbqxva.dll" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\els32.dll O20 - Winlogon Notify: 405f3647515 - C:\WINDOWS\System32\els32.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 11722 bytes